Re: What's wrong with this config?

2014-06-21 Thread Edgar Pettijohn 

On 06/21/2014 09:58 PM, Hugo Osvaldo Barrera wrote:
 Hi,

 I'm getting a syntax error on this line:

 accept from any for domain barrera.io relay backup mx2.barrera.io
verify

 But, according to the man page, it looks fine. What am I doing wrong? :(

I think you need to barrera.io and possibly also mx2.barrera.io

Re: Is my virtual user configuration correct?

2015-01-19 Thread Edgar Pettijohn 


On 01/19/15 09:57, Jason Barbier wrote:

Read the descriptions in the manual pages it makes it pretty clear.
virtual is a specific type of aliasing.
userbase changes the user database where look ups happen.

The userbase section could be clearer.  I made the same mistake before 
getting things right.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: a few more questions

2015-01-18 Thread Edgar Pettijohn 


On 01/18/15 17:20, Seth wrote:
On Sun, 18 Jan 2015 14:25:20 -0800, Edgar Pettijohn 
ed...@pettijohn-web.com wrote:



I added another host and test user and everything seems to be working.
Reread smtpd.conf(5) and feel good about this setup.  A few questions
remain.  When I connect from my home pc with:

$ mutt -f imap://t...@test.pettijohn-web.com@test.pettijohn-web.com

and send an email to myself the from address is t...@test.my.domain
instead of what it should be.  However, when using thunderbird it works
as expected.


I believe that is a mutt configuration issue.


Just tried on my postfix server and I think you're right I just never 
noticed it before.



Is there a way to make the listen work like the relay and just use the
matching cert?


I don't think so. I think you'd have to configure an additional IP 
address for the 2nd domain, and then create a dedicated listen rule in 
smptd.conf for each IP, one per domain.



Thats what I was planning to try next.

Thanks

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

a few more questions

2015-01-18 Thread Edgar Pettijohn 
I added another host and test user and everything seems to be working.  
Reread smtpd.conf(5) and feel good about this setup.  A few questions 
remain.  When I connect from my home pc with:


$ mutt -f imap://t...@test.pettijohn-web.com@test.pettijohn-web.com

and send an email to myself the from address is t...@test.my.domain 
instead of what it should be.  However, when using thunderbird it works 
as expected.  It also does not present the proper cert for the new 
domain.  From the man page:


#pki listen context
The *hostnames* parameter overrides the server name for specific 
addresses. Table /names/ contains a mapping of IP addresses to hostnames 
and smtpd(8) http://www.openbsd.org/cgi-bin/man.cgi?query=smtpdsec=8 
will use the hostname that matches the address on which the connection 
arrives if it is found in the mapping.


If all virtual domains map to the same ip then this names table won't 
work.


#pki relay context
When relaying, STARTTLS is always attempted if available on remote host 
and OpenSMTPD will try to present a certificate matching the outgoing 
hostname if one is registered in the pki. If pki is specified, the 
certificate registered for pkiname is used instead.


Is there a way to make the listen work like the relay and just use the 
matching cert?


# cat /etc/mail/smtpd.conf
#   $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases db:/etc/mail/aliases.db
table vdomains db:/etc/mail/vdomains.db
table vusers db:/etc/mail/vusers.db

pki test.pettijohn-web.com certificate /etc/ssl/test.pettijohn-web.com.crt
pki test.pettijohn-web.com key /etc/ssl/private/test.pettijohn-web.com.key
pki openbsd.pettijohn-web.com certificate 
/etc/ssl/openbsd.pettijohn-web.com.crt
pki openbsd.pettijohn-web.com key 
/etc/ssl/private/openbsd.pettijohn-web.com.key


listen on egress tls
listen on lo0

queue compression
queue encryption key f61de1a07fba7ccd57af89df8c28fc1f

accept from any for domain vdomains virtual vusers deliver to mda \
/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{rcpt}
accept for local alias aliases deliver to maildir
accept from any for any relay


Thanks,

Edgar

Re: we need a server

2015-02-16 Thread Edgar Pettijohn 


On 02/16/15 06:16, Gilles Chehade wrote:

Hi,

I'd like to rent a dedicated server to run virtualized Linux distros and
BSD systems to help us improve the portable branch of OpenSMTPD.

The cost of this server would be 16 euros / month + 20 setup fee.

If you're interested in portable and feeling generous, it would be great
if you could donate even a small amount so I don't have to cover all the
expenses myself ;-)

paypal: donati...@opensmtpd.org

I'll publish a thank you message with the list of donators + amount, and
the balance so we're fully transparent on this.


Have you checked out vultr.com.  Its $5 a month with no setup fee.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Edgar Pettijohn 


On 01/27/15 18:57, Seth wrote:
I administer an email system which uses a VPS running OpenSMTPD as the 
public facing bit.


The VPS relays email to and from a separate OpenSMTPD mail server 
which is located on premises. We'll call this the 'local' server.


The local server gets powered down every night, however this currently 
causes messages to back up on the VPS or 'public' server. When the 
local server comes back online in the morning, I have to log into the 
public relay server and use smtpctl to manually resume the route to 
the local server. Then a 'smtpctl schedule all' command must be run 
after which the backed up overnight email comes pouring in.


This configuration is suboptimal for two reasons

* It generates bounce and 'sending delayed' postmaster messages when 
the local server is down

smtpd.conf(5)

*bounce-warn* /n/{*s*|*m*|*h*|*d*}[, /.../]
   Specify the delays for which temporary failure reports must be
   generated when messages are stuck in the queue. For example:

   bounce-warn  1h, 6h, 2d

   will generate a failure report when an envelope is in the queue for
   more than one hour, six hours and two days. The default is 4h.



* It requires manual intervention to ensure speedy email delivery to 
the local server when it's powered back on.


I've been thinking about adding another OpenSMTPD relay mail server at 
the local site, which is low power and can stay running all the time 
without issue. But this merely shifts the location of the mail pile-up 
from remote to local.


Any mail gurus out there have a solid method for solving this problem?

Re: opensmtpd: procmail: not found

2015-01-27 Thread Edgar Pettijohn 


On 01/27/15 05:10, openda...@hushmail.com wrote:

On 27. januar 2015 at 8:25 AM, Herbert J. Skuhra herb...@oslo.ath.cx wrote:

On Mon, Jan 26, 2015 at 11:54:09PM +, openda...@hushmail.com

I guess the error does not come from your smtpd.conf, otherwise
the log
would show:

Jan 26 14:05:20 mybox smtpd[23304]: delivery: TempFail for
cf077883a36bcae2: from=od@mybox, to=od@mybox, user=od,
method=mda, delay=1h5m20s, stat=Error (/usr/local/bin/procmail:
not found)

and not:

Jan 26 14:05:20 mybox smtpd[23304]: delivery: TempFail for
cf077883a36bcae2: from=od@mybox, to=od@mybox, user=od,
method=mda, delay=1h5m20s, stat=Error (procmail: not found)

At least that's what's happening on my system (FreeBSD 10.1-
STABLE).

I see, I see. I'm on FreeBSD 10.1-RELEASE.


So obviously something else is calling 'procmail' and
/usr/local/bin missing in $PATH!

Maybe 'smtpd -dv' shows more information?

# smtpd -dv
fatal: control socket already listening

Thanks!

O.D.



Remember to service smtpd stop first, before this test.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: a few more questions

2015-02-01 Thread Edgar Pettijohn 


On 01/30/15 02:28, Gilles Chehade wrote:

Hi,

I had somehow missed this thread...


On Sun, Jan 18, 2015 at 04:25:20PM -0600, Edgar Pettijohn wrote:

I added another host and test user and everything seems to be working.
Reread smtpd.conf(5) and feel good about this setup.  A few questions
remain.  When I connect from my home pc with:

$ mutt -f imap://t...@test.pettijohn-web.com@test.pettijohn-web.com

and send an email to myself the from address is t...@test.my.domain instead
of what it should be.  However, when using thunderbird it works as expected.


That is because you didn't configure your From in mutt which will therefore
not append a domain and let OpenSMTPD do it. In my ~/.muttrc I have:

set realname=Gilles Chehade
set from=gil...@poolp.org

You don't need to do that with Thunderbird, it does it automatically.



It also does not present the proper cert for the new domain.  From the man
page:

#pki listen context
The *hostnames* parameter overrides the server name for specific addresses.
Table /names/ contains a mapping of IP addresses to hostnames and smtpd(8)
http://www.openbsd.org/cgi-bin/man.cgi?query=smtpdsec=8 will use the
hostname that matches the address on which the connection arrives if it is
found in the mapping.




If all virtual domains map to the same ip then this names table won't
work.


Yes, this is right, `hostnames` is a mechanism to map an IP to a hostname
like I mentionned in the ticket you opened.

When you connect, before even you start TLS, OpenSMTPD will great you and
needs to know which hostname it will run under. The mapping can't be that
an IP resolves to several hostnames otherwise it can't know.

SNI happens later in the chain, after it has greated you, you have EHLOed
it has told you it supports STARTTLS and you have started to negotiate.



#pki relay context
When relaying, STARTTLS is always attempted if available on remote host and
OpenSMTPD will try to present a certificate matching the outgoing hostname
if one is registered in the pki. If pki is specified, the certificate
registered for pkiname is used instead.

Is there a way to make the listen work like the relay and just use the
matching cert?


It should work automatically.

If your client supports SNI, during the TLS negotiation, it will ask for
the specific virtual domain and OpenSMTPD will try to find a pki that is
registered for that domain and pick it up.

This has nothing to do with the `hostnames` table.

Are you sure your version of mutt has SNI support ?


Thanks for the reply.  It all makes sense to me now.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Edgar Pettijohn 


On 01/27/15 20:45, Seth wrote:
On Tue, 27 Jan 2015 17:22:43 -0800, Edgar Pettijohn 
ed...@pettijohn-web.com wrote:

*bounce-warn* /n/{*s*|*m*|*h*|*d*}[, /.../]
Specify the delays for which temporary failure reports must be
generated when messages are stuck in the queue. For example:

bounce-warn1h, 6h, 2d

will generate a failure report when an envelope is in the queue for
more than one hour, six hours and two days. The default is 4h.


Thanks, I caught that right after posting, of course. Dialed it back 
to 1d.


Still need to solve the problem of scheduling that big morning dump.

Of email.


cron

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Manual

2015-01-11 Thread Edgar Pettijohn 
just saw the opensmtpd-extras is available as a package from my local 
mirror.  sorry for the noise.

On 01/11/15 19:47, Edgar Pettijohn wrote:

Just did:
cd /usr/src/usr.sbin/smtp  cvs -q up -Pd

then:

make  make install

then:

man table-sqlite

and nothing. then:

ls /usr/share/man/man5 | grep sqlite
and its not there. I went ahead and just copy and pasted from the link 
below to install the man page. Just looked at cvsweb and 
table_sqlite.5 is missing.



On 01/11/15 19:19, Jason Barbier wrote:
it requires that you have opensmtpd-extras 
https://github.com/OpenSMTPD/OpenSMTPD-extras. to compile the source 
on openbsd all you need is the sources.

--
Jason Barbier
jab...@serversave.us
On Sun, Jan 11, 2015, at 04:51 PM, Edgar Pettijohn wrote:
I'm running openbsd current and man table-sqlite shows nothing. Do I 
need to checkout with cvs and compile smtpd?

On 01/11/15 18:04, Jason Barbier wrote:

if you have the extras installed man table-sqlite
--
Jason Barbier
jab...@serversave.us mailto:jab...@serversave.us
On Sun, Jan 11, 2015, at 10:07 AM, edgar wrote:
Just curious when the man pages will be updated with info on 
sqlite backend?

Thanks,
Edgar
Sent from Samsung tablet

Re: Manual

2015-01-11 Thread Edgar Pettijohn 
I'm running openbsd current and man table-sqlite shows nothing.  Do I 
need to checkout with cvs and compile smtpd?


On 01/11/15 18:04, Jason Barbier wrote:

if you have the extras installed man table-sqlite
--
Jason Barbier
jab...@serversave.us
On Sun, Jan 11, 2015, at 10:07 AM, edgar wrote:
Just curious when the man pages will be updated with info on sqlite 
backend?

Thanks,
Edgar
Sent from Samsung tablet

Re: Virtual users with valid email addresses for usernames?

2015-02-13 Thread Edgar Pettijohn 


On 02/13/15 00:09, Seth wrote:

On Thu, 12 Feb 2015 21:48:02 -0800, Josh Kunz joshk...@me.com wrote:

Thanks for your reply. I hadn't thought of using OpenSMTPd as the 
MDA, I kept trying to get the usernames to work of LMTP to dovecot. 
Since I need the sieve support from dovecot, I'll probably modify 
this solution to use the dovecot lda, but it's definitely put me on 
the right track.


I haven't messed with the Dovecot LDA or SMTP myself so sorry can't be 
of more help there.


Under this setup though, users would still have to use a bare 
username, and wouldn't be able to sign-in using something like 
name@domain as their username which isn't ideal. Is there any way 
to make OpenSMTPd match the user against the entire address rather 
than just the user part?


I thought about this issue right after hitting 'send'. You could setup 
a separate OpenSMPTD credentials table file, but from what I 
understand OpenSMTPD strips the @domain.tld portion of the username 
when performing SMTPAUTH. If you have two users, us...@domain1.tld and 
us...@domain2.tld then they would be forced to use the same password 
to send email.


The 'Credentials tables' section of the TABLE(5) man page does not 
explicitly say so, but according to this mailing list post When doing 
a login the username is always stripped from its domain part [1].


Interestingly, there is an open Github issue [2] where the submitter 
appears to be using the full email address as the username in the 
credentials table. There's a line in smptd.conf 'table local_user_list 
passwd:/usr/local/etc/mail/passwd'.


Then he posts contents of /usr/local/etc/mail/passwd as:

us...@example.com:$6$aoiuasdfhalsdfiu$2K1Ck/C/FKHeU5wqftVRuuQralARHm2EhAAxc1N3cOFfR4cggSGunhuWnJ3.SxB28h1B4b8oI6vXBxnPirJgB1:1001:1001::/vmail:/bin/nologin 

use...@example.com:$6$aoiuasdfhalsdfiu$dsAcqmmDZl9CAcn78GrS6vck19iNx7aRE3UNkxrZWy/lDgQg0KDh.MgmJxxpfSTLWgSYpRC1RhGgTqubb8QM/1:1001:1001::/vmail:/bin/nologin 

use...@test.com:$6$aoiuasdfhalsdfiu$wUDPF8uwDCPzw4HpcxlQTOI8JarPNVSFSG.p112Qi8ysBVrxLHYTcrGx1xZSM3ayEp1/8sAY0nX.OhMVubFH31:1001:1001::/vmail:/bin/nologin 



So maybe the full email address can in fact be used as the login name 
for SMTPAUTH and a virtual mail user setup?


Someone more knowledgeable than me is going to have to weigh in on 
this one.


[1] http://www.mail-archive.com/misc%40opensmtpd.org/msg01302.html
[2] https://github.com/OpenSMTPD/OpenSMTPD/issues/530

I think my setup is similar to what you're looking for my userdb/passdb 
for dovecot is as follows:


# cat userdb
edgar:{BLF-CRYPT}password hash:5000:5000::/var/vmail/%d/%n

# cat /etc/mail/creds
ed...@pettijohn-web.com password hash

Just be sure to use doveadm for your dovecot password and smtpctl for 
the smtpd password.  Unfortunantly they were not compatible for me at least.


# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.6 amd64  ffs
auth_mechanisms = plain login
default_client_limit = 400
disable_plaintext_auth = no
first_valid_uid = 1000
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
mail_location = maildir:/var/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = scheme=BLF-CRYPT username_format=%n /var/vmail/%d/etc/userdb
  driver = passwd-file
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster@%d
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = _postfix
mode = 0660
user = _postfix
  }
  unix_listener auth-userdb {
group = _smtpd
mode = 0666
user = _smtpd
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  inet_listener sieve_deprecated {
port = 2000
  }
}
service pop3-login {
  inet_listener pop3 {
port = 110
  }
  inet_listener pop3s {
port = 995
ssl = yes
  }
}
ssl_cert = /etc/ssl/mailserver.pem
ssl_key = /etc/ssl/private/mailserver.pem
userdb {
  args = username_format=%n /var/vmail/%d/etc/userdb
  default_fields = quota_rule=*:storage=1G
  driver = passwd-file
}
protocol lda {
  mail_plugins =
}
protocol imap {
  mail_max_userip_connections = 10
  mail_plugins =
}

# cat

Re: YAB - Yet Another Blog with posts about OpenSMTPD, clamsmtp, spampd, lmtp, etc.on OpenBSD

2015-02-15 Thread Edgar Pettijohn 


On 02/14/15 14:14, Chess Griffin wrote:

On Fri, Feb 13, 2015, at 02:38 PM, Christoph Borsbach wrote:

I found one issue with your config though: It seems the last line of your
config creates an open relay:
accept from any for any relay via smtp://127.0.0.1:10025 # incoming mail

I noticed this while running the setup without spamd, maybe spamd
mitigates
this? When I change the for any for for domain vdomains, the relay is
closed, mail for non local-adresses is refused.

My config is exactly the same as here
http://technoquarter.blogspot.de/2015/02/openbsd-mail-server-part-4-spamassassin.html,
except for the last line as stated above.


Thanks, Christoph - posts have been updated and I noted the change at
the end of the Intro post.  Cheers!

It appears to create an infinite loop when sending to another user on 
your domain.  ie


from: us...@example.tld
to: us...@example.tld




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Virtual domains

2015-03-12 Thread Edgar Pettijohn 


On 03/12/15 18:37, Gonzalo wrote:

Ok, but now I have no email:

debug: mda: all done for user getpwnam:vmail
debug: scheduler: evp:4bb1b8d779458d6b scheduled (mda)
mda: new user 1f4c8dcc1b038c63 for getpwnam:vmail
debug: lka: userinfo getpwnam:vmail
lookup: lookup vmail as USERINFO in table getpwnam:getpwnam - 
vmail:5001:5001:/home/vmail
debug: mda: new session 1f4c8dcdae55d45d for user getpwnam:vmail 
evpid 4bb1b8d779458d6b

debug: mda: no more envelope for getpwnam:vmail
debug: mda: got message fd 4 for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: querying mda fd for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: smtpd: forking mda for session 1f4c8dcdae55d45d: 
/usr/local/libexec/dovecot/dovecot-lda -f tengoandr...@gmail.com 
mailto:tengoandr...@gmail.com -d blo as vmail
debug: mda: got mda fd 5 for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: end-of-file for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: all data sent for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: smtpd: mda process done for session 1f4c8dcdae55d45d: exited 
abnormally
delivery: TempFail for 4bb1b8d779458d6b: from=tengoandr...@gmail.com 
mailto:tengoandr...@gmail.com, to=b...@foobar.com.ar 
mailto:b...@foobar.com.ar, user=vmail, method=mda, delay=1m30s, 
stat=Error (exited abnormally)

debug: mda: session 1f4c8dcdae55d45d done
debug: mda: user vmail becomes runnable
debug: mda: all done for user getpwnam:vmail


usuariosv
@foobar.com.ar http://foobar.com.ar vmail

usuarios
foo:$2b$06$aHet9bLmm.bkoK4A6tueb.eb0j2vivzV1pH7PrZoixwzBROTr0Gd6:5001:5001:/var/www/mail/%n



2015-03-12 19:07 GMT-03:00 Edgar Pettijohn III 
ed...@pettijohn-web.com mailto:ed...@pettijohn-web.com:


one system user will take care of it all. you could do:

@domain.tlduser

and map all to one user.

On Mar 12, 2015, at 5:05 PM, Gonzalo wrote:


I mean, I don't want to create a system user per email account.

El mar 12, 2015 6:55 PM, Edgar Pettijohn III
ed...@pettijohn-web.com mailto:ed...@pettijohn-web.com escribiC3:

smtpd.conf(5)
*for* [*!*] *domain*/domain/*virtual*||/users/
This rule applies to mail destined for the specified
virtual/domain/. This parameter supports the b
wildcard, so that a single rule for all sub-domains can
be used, for example:

accept for domain *.example.com  http://example.com/ \
virtual users deliver to mbox

The table /users/ *holds a key-value mapping of virtual
to **system* users. For an example of how to configure
the /users/ table, seemakemap(8)
http://www.openbsd.org/cgi-bin/man.cgi?query=makemapsec=8.

Also look in makemap(8) for some more details.

For it to work you will have to have a system user to handle
all of the mail.  You would have to do the same with postfix
and probably other mta.






--
Enviado desde mi tostadora de mano...

Did you actually add the vmail user to the system with /usr/sbin/adduser?

Re: Custom bounce messages for messages sent from NSA PRISM program providers

2015-02-28 Thread Edgar Pettijohn 
This doesn't cover the bounce message but it will take care of the 
blocking.


#smtpd.conf
table senders file:/etc/mail/senders

accept sender ! senders from any for domain

I first tried reject sender senders but that didn't work. Is that a 
bug or not applied correctly?


#/etc/mail/senders
@hotmail.com
@gmail.com
@whatever.com

This will send a delivery status notification(failure).  There may be a 
way to change this, but I'm not sure.


Reporting-MTA: dns;BLU004-OMC4S14.hotmail.com
Received-From-MTA: dns;BLU436-SMTP179
Arrival-Date: Sat, 28 Feb 2015 19:20:00 -0800

Final-Recipient:rfc822;ed...@pettijohn-web.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 Invalid recipient




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Catchall sink, write to file for analytics

2015-02-23 Thread Edgar Pettijohn 


On 02/23/15 11:07, Alan Gilson wrote:


Ive dug through the archives, and dont see if this has been answered 
anywhere before:


Were running a honeypot and are hoping to switch over to opensmtpd. 
The concept of this honeypot is that Id like to capture all of the 
email that is sent to it, regardless of the recipient. Id like to 
capture everything for analysis. Currently our very primitive set up is:


Install Mail Server:

- sudo apt-get install opensmtpd

- server name is: inbound.ourdomain.com

- root and postmaster recipient: mailin123  #this is 
an account that exists on the server


- vi /etc/smtpd.conf

o comment out line: listen on localhost

o comment out line: table aliases file...

o comment out line: accept for local...

o comment out line: accept for any...

o add line: listen on eth0 port 25 hostname 
inbound.ourdomain.com


o add line: max-message-size 50M

o add line: accept from any for any virtual { @ = 
mailin123 } deliver to maildir /mail


This config works for single recipient emails.

Question: currently if I send an email with a to: address of 
te...@domain.com, and a CC: addresses of te...@domain.com and 
te...@domain.com, the system currently writes three files that are 
identical with the exception of the Delivered-To: line. Is it possible 
to have all three of those files combined in to one file with 3 
Delivered-To lines?


Ultimately I dont want to run the email through our analytics 3 
times, I only want to process it once.


Thanks,

- Al

The OTC Group, 1-888-438-1682 casl-complia...@otcgc.com
5-4350 Castleton Road, London, ON N6N 0A3
You may unsubscribe at any time by visiting 
http://portal.caslcure.com/unsubscribe/otc.agilson

All unsubscribe requests are handled within 10 days of receipt.

The only thing I can think of is to deliver/relay the mail to/through 
a script that handles that for you.

Re: How to adapt bogus email addresses?

2015-06-24 Thread Edgar Pettijohn 


On 06/24/15 16:19, Vijay Sankar wrote:

# cat vmap
ilom-alert@192.168.100.63:  avantsys...@avant.ca

Looks like there is a colon there -- could that be the problem?


Quoting Adam Thompson athom...@athompso.net:

I'm running smtpd 5.6-RELEASE inside the firewall, acting as an SMTP 
relay.
One host in particular (a Sun ILOM2 card) inists on sending some 
emails addressed to ilom-alert@192.168.100.63.  This is a bug in 
the firmware that they will not fix, so it's up to me to deal with it.


What I'm trying so far is:

#
# cat smtpd.conf
listen on all
table aliases db:/etc/mail/aliases.db
table vmap db:/etc/mail/vmap.db

table suncard { 192.168.100.63 }
table localnets { 192.168.10.0/24, 192.168.100.0/24, 
192.168.157.0/24, 192.168.158.0/24, 192.168.101.0/24 }
accept from local for anyrelay via 
smtp://smtp-relay.gmail.com
accept from source 192.168.100.63 for any virtual vmap deliver to 
lmtp localhost:25
accept from source suncard for any virtual vmap deliver to lmtp 
localhost:25


I think you could also just put curly braces like so

accept from source { 192.168.100.63 } etc..., but I'm not sure.
accept from source localnets for anyrelay via 
smtp://smtp-relay.gmail.com

#
# cat vmap
ilom-alert@192.168.100.63:  avantsys...@avant.ca
#

This isn't working, all I get in the log file is:
Jun 24 15:41:06 mailrelay smtpd[18970]: smtp-in: New session 
3b402a76adf8e592 from host hexen-ilom.asg.local [192.168.100.63]
Jun 24 15:41:06 mailrelay smtpd[18970]: smtp-in: Failed command on 
session 3b402a76adf8e592: RCPT TO:avantsys...@avant.ca = 550 
Invalid recipient
Jun 24 15:41:06 mailrelay smtpd[18970]: smtp-in: Closing session 
3b402a76adf8e592



...which, ironically, means the ILOM card is NOT misbehaving at the 
moment.  (Sometimes it does, sometimes it doesn't.  Like I said, it's 
a bug.)

Why isn't this working?


FYI, the previous log entries for the damaged emails looked like:

Jun 24 15:38:30 mailrelay smtpd[25726]: relay: PermFail for 
df4ac3f4da1dd91b: session=9edd2c7aecf6c1b4, 
from=ilom-alert@192.168.100.63, to=avantsys...@avant.ca, 
rcpt=-, source=192.168.100.96, relay=74.125.142.28 
(ie-in-f28.1e100.net), delay=5s, stat=550 5.7.0 
https://support.google.com/a/answer/6140680#maildenied 
y6sm410732igy.1 - gsmtp
Jun 24 15:38:30 mailrelay smtpd[25726]: smtp-out: Error on session 
9edd2c7aecf6c1b4: Connection closed unexpectedly
Jun 24 15:38:31 mailrelay smtpd[25726]: smtp-in: New session 
9edd2c7b6ae6b2d7 from host localhost [local]
Jun 24 15:38:31 mailrelay smtpd[25726]: smtp-in: Accepted message 
2cdbc169 on session 9edd2c7b6ae6b2d7: from=, 
to=ilom-alert@192.168.100.63, size=982, ndest=1, proto=ESMTP
Jun 24 15:38:31 mailrelay smtpd[25726]: smtp-in: Closing session 
9edd2c7b6ae6b2d7
Jun 24 15:38:34 mailrelay smtpd[25726]: smtp-out: Connecting to 
smtp://74.125.142.28:25 (ie-in-f28.1e100.net) on session 
9edd2c7cf3690436...
Jun 24 15:38:34 mailrelay smtpd[25726]: smtp-out: Connected on 
session 9edd2c7cf3690436
Jun 24 15:38:34 mailrelay smtpd[25726]: relay: PermFail for 
3da7d01d6b54d9ed: session=9edd2c7cf3690436, from=, 
to=ilom-alert@192.168.100.63, rcpt=-, source=192.168.100.96, 
relay=74.125.142.28 (ie-in-f28.1e100.net), delay=8s, stat=550 5.1.1 
https://support.google.com/mail/answer/6596 x14sm419535igx.1 - gsmtp

Jun 24 15:38:34 mailrelay smtpd[9955]: warn: queue: no return path!
Jun 24 15:38:35 mailrelay smtpd[25726]: relay: PermFail for 
2cdbc169e9ab3b96: session=9edd2c7cf3690436, from=, 
to=ilom-alert@192.168.100.63, rcpt=-, source=192.168.100.96, 
relay=74.125.142.28 (ie-in-f28.1e100.net), delay=4s, stat=550 5.1.1 
https://support.google.com/mail/answer/6596 x14sm419535igx.1 - gsmtp

Jun 24 15:38:35 mailrelay smtpd[9955]: warn: queue: no return path!

(Naturally, google should reject such badly-addressed emails. That's 
what I have to fix before handing it off.)


Thanks,
-Adam Thompson
 athom...@athompso.net


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org






--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Opensmtpd-extras on Freebsd 10.1

2015-06-28 Thread Edgar Pettijohn 


On 06/28/15 06:05, Ian Simonsen wrote:

Hi All,


Compiling Opensmtpd-extras for the stable port on Freebsd 10.1, seems not to 
work.  Smtpd will not use table-password where I get the error:
fatal: table_create: backend passwd does not exist.

On the other hand compiling Opensmtpd-extras against the Devel port of 
Opensmtpd seems to accept the table-password, but then I run into another issue 
where I get authentication failure.
Error: Failed command on session 92fb7c1419bdef64: AUTH [...] = 501 5.5.2 
Syntax error: Syntax error.

Can anyone tell me what causes this error and is there a bug fix for it ?

Regards

Ian

What does it tell you when run in debug? ie

# smtpd -dvvv


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: That SSLv3 thing

2015-08-16 Thread Edgar Pettijohn 



On 08/16/15 11:41, Seth wrote:
On Wed, 15 Oct 2014 12:33:50 -0700, Gilles Chehade gil...@poolp.org 
wrote:



Hi,

As you may know, SSLv3 has been pushed into end of life.

While SSL libraries are working this out, I committed a fix to disable
it explicitely in our code just in case someone builds it against some
pre-catastrophe OpenSSL/LibreSSL version.


We're going to be releasing a minor stable in the next few days with a
few bugs fixed in it, the SSLv3 disable WILL be part of it.


I'll also be publishing both master and portable snapshots in a couple
minutes with the SSLv3 disable in them.


If you're running stable and can't wait for the next minor stable, you
can simply apply the following diff:


Index: ssl.c
===
RCS file: /cvs/src/usr.sbin/smtpd/ssl.c,v
retrieving revision 1.71
diff -u -p -r1.71 ssl.c
--- ssl.c2 Oct 2014 18:30:21 -1.71
+++ ssl.c15 Oct 2014 19:14:52 -
@@ -263,7 +263,7 @@ ssl_ctx_create(const char *pkiname, char
 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 SSL_CTX_set_timeout(ctx, SSL_SESSION_TIMEOUT);
 SSL_CTX_set_options(ctx,
-SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET);
+SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
SSL_OP_NO_TICKET);

 SSL_CTX_set_options(ctx,
 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);



I'm trying to disable the TLSv1.0 protocol on the 5.7.1 release using 
a similar approach...


ssl.c:  SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
SSL_OP_NO_TLSv1_0 | SSL_OP_NO_TICKET);


however compile is failing with this error

/usr/local/src/opensmtpd-5.7.1/smtpd/smtpd/../ssl.c: In function 
'ssl_ctx_create':
/usr/local/src/opensmtpd-5.7.1/smtpd/smtpd/../ssl.c:287: error: 
'SSL_OP_NO_TLSv1_0' undeclared (first use in this function)
/usr/local/src/opensmtpd-5.7.1/smtpd/smtpd/../ssl.c:287: error: (Each 
undeclared identifier is reported only once
/usr/local/src/opensmtpd-5.7.1/smtpd/smtpd/../ssl.c:287: error: for 
each function it appears in.)

*** Error 1 in smtpd (sys.mk:87 'ssl.o')
*** Error 1 in /usr/local/src/opensmtpd-5.7.1/smtpd 
(bsd.subdir.mk:48 'all')


Any pointers?

SSL_OP_etc are defined in /usr/include/openssl/ssl.h there is no 
SSL_OP_NO_TLSv1_0 defined there hence the error.  There is an 
SSL_OP_NO_TLSv1_1 defined maybe thats what you're looking for.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: spamd

2015-08-01 Thread Edgar Pettijohn 



All tests performed, 20 relays accepted.--*

spamd is difficult .

Thats ok the relays never got through spamd to your server.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

vmap?

2015-08-03 Thread Edgar Pettijohn 

I am curious how to use the following:
*for any virtual* ||/vmap/
   Make the rule match regardless of the domain it is sent to. The
   /vmap/ table will be used as the virtual domain mapping.

Can someone give an example of what table vmap would contain.

Thanks,

Edgar

Re: vmap?

2015-08-04 Thread Edgar Pettijohn 
I think that may solve my problem.  I always interpreted that part from 
table(5) to be a replacement for an alias table so more of something like.


accept from any for domain example.tld alias myaliases deliver to 
mbox


# myaliases

userotheruser

On 08/04/15 01:36, Gilles Chehade wrote:

On Mon, Aug 03, 2015 at 06:30:21PM -0500, Edgar Pettijohn wrote:

I am curious how to use the following:
*for any virtual* ||/vmap/
Make the rule match regardless of the domain it is sent to. The
/vmap/ table will be used as the virtual domain mapping.

Can someone give an example of what table vmap would contain.


Hi,

This is described in table(5):

  In a virtual domain context, the key is either a user part, a full email
  address or a catch all, following selection rules described in
  smtpd.conf(5), and the value is one or many recipients as described in
  aliases(5):

  user1   otheruser
  us...@example.org   otheruser1,otheruser2
  @example.orgotheru...@example.com
  @   catch...@example.com





--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: is opensmtpd compatible with OpenBSD vacation?

2015-08-13 Thread Edgar Pettijohn 



On 08/13/15 19:25, James Triplett wrote:
  
  We run smtpd 5.4.2 on OpenBSD 5.5
  
  Everything has been working well, but recently I'm seeing a problem with the

  vacation(1) program.
  
  We have a user AJ who has installed a vacation msg, and it works well when delivering

  mail directly to the user:
  
  Aug 13 12:33:35 hermes smtpd[18189]: smtp-in: Accepted message 97e5db7f on session f8edfacf317f1ab1: from=it...@example.com, to=a...@example.com, size=678, ndest=2, proto=ESMTP

  Aug 13 12:33:35 hermes smtpd[18189]: delivery: Ok for 97e5db7f12840158: 
from=it...@example.com, to=a...@example.com, user=aj, method=maildir, 
delay=0s, stat=Delivered
  Aug 13 12:33:35 hermes smtpd[18189]: smtp-in: Closing session f8edfacf317f1ab1
  
  
  However, that user is also part of an group alias BTECH, and an error is encountered when trying to send to that group:
  
  Aug 12 17:17:24 hermes smtpd[18189]: delivery: TempFail for 1804b0e2ac5b3ae4: from=supp...@example.com, to=bt...@example.com, user=aj, method=mda, delay=6h25m20s, stat=Error (mda exited prematurely)
  
  The TempFail eventually times out and sends a MAILER-DAEMON to the original sender, confusing people.
  
  
  We used a very standard forward to implement the vacation message:

   \aj, |/usr/bin/vacation  aj
  
  
  Any ideas how to fix this?
  
  thanks,

  Jim
  


I remember a similar question to the list here is a link that may help.

https://www.mail-archive.com/misc%40opensmtpd.org/msg01666.html

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [Extras] Problems with sqlite tables

2015-07-26 Thread Edgar Pettijohn 



On 07/26/15 02:47, Joerg Jung wrote:



Am 25.07.2015 um 22:18 schrieb James Lott ja...@lottspot.com 
mailto:ja...@lottspot.com:


Interestingly, it looks to me like opensmtpd does actually check the 
/usr/local/libexec/opensmtpd directory for modules. When I remove the 
module from that directory, smtpd does not even start anymore (as 
opposed to starting and instantly giving up).


root@smtp:/usr/local/etc/mail-config # mv 
/usr/local/libexec/opensmtpd/table-sqlite /usr/libexec/smtpd/

root@smtp:/usr/local/etc/mail-config # service smtpd onestart
Performing sanity check on smtpd configuration:
fatal: table_create: backend sqlite does not exist
/usr/local/etc/rc.d/smtpd: WARNING: failed precmd routine for smtpd

If that path is hardcoded in the upstream OpenSMTPD source, then I 
would guess I'm dealing with a patched codebase... I guess I'll have 
to try grabbing the upstream sources directly and see if I run into 
the same issue.


Forget that, the path is not hardcoded and not your problem.
I misread an #ifdef in the portable code.

Sorry for the noise!!



On 07/25/2015 12:08 PM, Joerg Jung wrote:

On Sat, Jul 25, 2015 at 10:52:36AM -0700, James Lott wrote:

Hey folks,

I'm running OpenSMTPD 5.7.1 + table-sqlite from extras. I'm simply trying to
get the sqlite tables to work at all. I haven't even gotten as far as trying
to use them in my rules. I have the following config files:

== smtpd.conf
table aliasesfile:/etc/mail/aliases
table mxdb  sqlite:/usr/local/etc/mail-config/mxdb/smtpd.sqlite.conf
listen on localhost port 2587
accept for local alias aliases deliver to mbox
accept for any relay

==smtpd.sqlite.conf
dbpath   /usr/local/var/mxdb.sqlite
query_domainselect name from domain where domain = ?
query_alias select destination from alias where
alias_user||'@'||alias_domain = ?

OpenSMTPD will pass the config tests and start, but will then immediately
die.

Jul 25 10:36:36 smtp smtpd[61374]: info: OpenSMTPD 5.7.1p1 starting
Jul 25 10:36:36 smtp smtpd[61375]: info: startup [debug mode]
Jul 25 10:36:36 smtp smtpd[61378]: warn: table-proc: pipe closed
Jul 25 10:36:36 smtp smtpd[61378]: fatal: table-proc: exiting
Jul 25 10:36:36 smtp smtpd[61376]: warn: queue - lka: pipe closed
Jul 25 10:36:36 smtp smtpd[61377]: warn: control - lka: pipe closed
Jul 25 10:36:36 smtp smtpd[61375]: warn: parent - lka: pipe closed
Jul 25 10:36:36 smtp smtpd[61380]: warn: pony - lka: pipe closed
Jul 25 10:36:36 smtp smtpd[61379]: warn: scheduler - queue: pipe closed
Jul 25 10:36:36 smtp smtpd[61381]: warn: ca - control: pipe closed

Smtpd will start and run just fine if I comment out the table mxdb line.


Are you starting like so:

# smtpd -d

If so add some v's:

# smtpd -d

Otherwise maybe just make sure smtpd.sqlite.conf and mxdb.sqlite exist 
ie no typos.



I'm not sure, but I have a guess for you:

I think -extras configure.ac has a bug where tables, filters, etc
are installed in $prefix/libexec/opensmtpd

But smtpd explicitly looks in (hardcoded) /usr/libexec/smtpd for them.

Thus, your table-sqlite is not loaded correctly and smtpd dies.

Regards,
Joerg

  
Unrelated to OP problem, but this is an issue for OpenBSD version. It 
installs to /usr/libexec/opensmtpd, but smtpd wants it in 
/usr/libexec/smtpd.  ./configure --libexecdir=/usr/libexec/smtpd makes 
it install to /usr/libexec/smtpd/opensmtpd.

Re: [Extras] Problems with sqlite tables

2015-07-26 Thread Edgar Pettijohn 


On 07/26/15 13:42, Seth wrote:
On Sun, 26 Jul 2015 08:03:45 -0700, Edgar Pettijohn 
ed...@pettijohn-web.com wrote:



# smtpd -d

If so add some v's:

# smtpd -d


Do the extra stmpd 'v' flags produce more verbose output on all 
platforms?


I just tried this on Arch linux and can't tell that smptd -d 
yields any more output than smtpd -dv


I don't think it does.  Its just a habit for me because httpd does 
behave that way.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Announce: OpenSMTPD-extras 5.7.1 released

2015-07-13 Thread Edgar Pettijohn 



On 07/13/15 15:49, Rasmus Liland wrote:

On 2015-07-13 20:25 +0200, Gilles Chehade wrote:

OpenSMTPD-extras 5.7.1 have just been released.

Congratulations!

We might also note that running `sh bootstrap' before the `./configure'
script is no longer required like it was up until version 201506020835.



Excellent work.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Emails not forwarding to external addresses

2015-07-09 Thread Edgar Pettijohn 
I'm not sure if I understand your goals completely, but perhaps this is 
worth a try.  I'm not sure if recipient can be used with a relay, 
but if it doesn't work maybe it will spark another option.


listen on lo0 tag LOCAL
listen on egress etc,etc tag
listen on submission etc,etc

accept from any for domain vdomains recipient bob deliver to maildir
accept tagged LOCAL for any relay
accept from any for domain vdomains recipient tom relay via 
tls+auth://gm...@smtp.gmail.com:587 auth secrets


||

|# echo 'gmail youru...@gmail.com:yourpassword'  /etc/mail/secrets
# chmod 640 /etc/mail/secrets
# chown root:_smtpd /etc/mail/secrets
|


On 07/09/15 17:35, Tom Keene wrote:

I also tried delivering to mbox  exactly the same issue was present...
T

On Thu, Jul 9, 2015 at 11:30 PM, Tom Keene t...@theanthillsocial.co.uk wrote:

Hi,

Replacing:
accept from source { localhost 109.237.26.21/24 } for any relay

With:
accept for any relay

Attempts to deliver to @gmail.com though the email never gets through as its
gets bounced so it does look like the following line is the issue:

accept from source { localhost 109.237.26.21/24 } for any relay

Tom


On Thu, 9 Jul 2015 9:45 pm Herbert J. Skuhra herb...@oslo.ath.cx wrote:

On Thu, Jul 09, 2015 at 01:03:24PM -0700, Seth wrote:

On Thu, 09 Jul 2015 11:58:38 -0700, Herbert J. Skuhra
herb...@oslo.ath.cx
wrote:

CONFIG
pki domain.tld certificate  /etc/smtpd/tls/smtpd.crt
pki domain.tld key/etc/smtpd/tls/smtpd.key
table vdoms /etc/smtpd/vdoms
table vusers /etc/smtpd/vusers
listen on eth0 hostname domain.tld
accept from any for domain vdoms virtual vusers deliver to maildir
/home/tom/mails
accept from source { localhost 109.237.26.21/24 } for any relay

I think the above line is the problem. It should work if you add
216.119.104.83!

Hm. That last line is meant to allow the local system and other email
clients on the specified subnet to be able to send outbound mail through
the
server. It's not intended for other mail servers on the Internet, the
prior
statement should handle that traffic.

So this is a bug? (Not sure if I understand you correctly.)

Changing 'accept from source...' to 'accept for any relay' solves the
received
invalid command: RCPT TO: for me. I am running 5.7.1p1 on FreeBSD.

--
Herbert

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: From: foo - relay via $relayA, From: bar - relay via $relayB

2015-08-28 Thread Edgar Pettijohn 



On 08/28/15 03:53, Donovan Watteau wrote:

2015-08-28 10:13 GMT+02:00 Joerg Jung m...@umaxx.net:

On 27 Aug 2015, at 17:27, Donovan Watteau d.watt...@groupecerise.fr wrote:

Hi,

I'm configuring OpenSMTPD 5.7.1p1 on Debian 7.8.

I'm looking for something like this:

  # Use this when From: f...@foo.foo is set:
  accept for any relay via $myrelay
  # Keep default relay in all other cases:
  accept for any relay

So, having read smtpd.conf(5), I thought sender would be what I'm looking for:

  accept sender f...@foo.foo for any relay via $myrelay
  accept for any relay

sender expects a table(5) not a single address.

Does it?  I thought putting a string instead of a table implicitly
converts it to a table.

I've seen some examples doing that, and smtpd.conf isn't throwing me a
syntax error.

But anyway, I did try using an explicit table as smtpd.conf(5) suggests:

   table mysender { f...@foo.foo }
   accept sender mysender for any relay via $myrelay
   accept for any relay

$ echo Test | mail -s Test -a From: f...@foo.foo exam...@example.org
$ echo Test2 | mail -s Test2 -a From: f...@foo.foo -a Sender:
f...@foo.foo exam...@example.org

But the email doesn't go through $myrelay.  If I remove sender
mysender, it does use $myrelay, but then all the emails coming from
this machine will use $myrelay, and I don't want this.


Unfortunately, my email is never relayed through $myrelay, although
From: f...@foo.foo is set.  Am I misunderstanding what sender is
about?

Then I looked at filter-regex(8) in OpenSMTPD-extras, but I didn't any
documentation telling me how to use filter-regex(8) from
smtpd.conf(5).  parse.y is a bit rough.

filter-regex can only accept or block messages (based on regex).
It can not rewrite or change the relay destination, thus will not help you in 
this case.

Could you perhaps post your entire config.  Perhaps something in it is 
preventing this from working as expected.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

filter-spamassassin

2016-01-03 Thread Edgar Pettijohn 
I finally got around to trying out filter-spamassassin.  It appears to 
work correctly.  However, I was trying to change the default action from 
accept to reject. I've tried everything I can think of but continue to 
get syntax errors.  I assumed something like this would work:


filter spam spamassassin -s reject

listen on egress filter spam

But it didn't.

Any help is appreciated.

Edgar Pettijohn

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [OpenSMTPD] opensmtpd-extra master snapshot opensmtpd-extras-201601061159 available

2016-01-06 Thread Edgar Pettijohn 
Is there a snapshot for openbsd?  Following README directions of 
bootstrap, configure, etc.  I get the following error:


config.status: error: cannot find input file: `Makefile.in'

Thanks,

Edgar

On 01/06/16 05:01, gilles chehade wrote:

A new opensmtpd-extras snapshot is available at:

 http://www.opensmtpd.org/archives/opensmtpd-extras-201601061159.tar.gz

Checksum:

   SHA256 (opensmtpd-extras-201601061159.tar.gz) = 
57bafd909cca8ac33eda62c3b8a59b534d8cdcd0145f5902ce0f4be2eb979ff4

A summary of the content of this snapshot is available below.

Please test and let us know if it breaks something!

If this snapshot doesn't work, please also test with a previous one,
to help us spot where the issue is coming from. You can access all
previous snapshots here:

 http://www.opensmtpd.org/archives/

The OpenSMTPD team ;-)


Summary of changes since last snapshot (opensmtpd-extras-201511230108):
--

 - fix callback return types
 - remove unneeded header
 - move api descprition to smtpd itself
 - do not override CFLAGS with unused defines, fixes build on Debian
 - silence mandoc -Tlint warnings about whitespaces and blank lines
 - add missing include and BSD_SOURCE define to silence compiler warning on 
Debian
 - remove spaces after '!'
 - rename table man pages to match actual program name and unify makefiles
 - relax table_passwd parser and allow extra fields, also relax uid/gid 
checking
 - remove unused functions to silence compiler warning
 - add a switch to specify python version
 - add tool-stats a statistic tool for opensmtpd logs




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [OpenSMTPD] opensmtpd-extra master snapshot opensmtpd-extras-201601061159 available

2016-01-09 Thread Edgar Pettijohn 
ble with a fresh git clone of -extras, and
everything seems to work fine and expected.

Please, show your exact bootstrap commands and all output.
Have you added environment variable AUTOCONF_VERSION to bootstrap?
For example, I do:

AUTOCONF_VERSION=2.69 ./bootstrap



On 07 Jan 2016, at 13:26, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:

5.8 stable

I've always received that error when attempting to build from git sources.

Sent from my iPhone


On Jan 7, 2016, at 5:24 AM, Joerg Jung <m...@umaxx.net> wrote:

Which openbsd version have you running/tested this?


On 07 Jan 2016, at 02:46, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:

Is there a snapshot for openbsd?  Following README directions of bootstrap, 
configure, etc.  I get the following error:

config.status: error: cannot find input file: `Makefile.in'

Thanks,

Edgar


On 01/06/16 05:01, gilles chehade wrote:
A new opensmtpd-extras snapshot is available at:

   http://www.opensmtpd.org/archives/opensmtpd-extras-201601061159.tar.gz

Checksum:

SHA256 (opensmtpd-extras-201601061159.tar.gz) = 
57bafd909cca8ac33eda62c3b8a59b534d8cdcd0145f5902ce0f4be2eb979ff4

A summary of the content of this snapshot is available below.

Please test and let us know if it breaks something!

If this snapshot doesn't work, please also test with a previous one,
to help us spot where the issue is coming from. You can access all
previous snapshots here:

   http://www.opensmtpd.org/archives/

The OpenSMTPD team ;-)


Summary of changes since last snapshot (opensmtpd-extras-201511230108):
--

   - fix callback return types
   - remove unneeded header
   - move api descprition to smtpd itself
   - do not override CFLAGS with unused defines, fixes build on Debian
   - silence mandoc -Tlint warnings about whitespaces and blank lines
   - add missing include and BSD_SOURCE define to silence compiler warning on 
Debian
   - remove spaces after '!'
   - rename table man pages to match actual program name and unify makefiles
   - relax table_passwd parser and allow extra fields, also relax uid/gid 
checking
   - remove unused functions to silence compiler warning
   - add a switch to specify python version
   - add tool-stats a statistic tool for opensmtpd logs


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Tool stats

2016-06-02 Thread Edgar Pettijohn 
I saw this in my daily report.

Running daily.local:
tool-stats: session failed line 10341

The report was still emailed to me and looked correct. Not sure if it's a bug 
or not. 

Thanks,

Edgar

Sent from my iPhone

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: rules for SMTP relay with TLS + Auth

2016-06-02 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jun 2, 2016, at 7:15 AM, PROST pierrick  wrote:
> 
> Hi,
>  
> I hope that my question is quite clear. I try to understand with the MAN … 
> but with no result.
>  
> Have a good day.
>  
> De : PROST pierrick 
> Envoyé : mercredi 1 juin 2016 17:50
> À : misc@opensmtpd.org
> Objet : rules for SMTP relay with TLS + Auth
>  
> Hi everyone,
>  
> Actually i have a rule who do SMTP relay and work nice for one account :
>  
> accept from source { localhost 192.168.120.0/24 192.168.14.0/24 } for any 
> relay via tls+auth://label@mySMTP:587 auth 
>  
>  
> I would relay mail from multiple server and each server will have an account 
> on the secret.db file, is it possible ?
>  
>  
It should work. Just update your source rule to the correct ip. You may need a 
separate secret.db per relay. I don't remember exactly how it works, but I 
don't think that should be too big of a problem.


> Regards

Re: Tool stats

2016-06-02 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jun 2, 2016, at 8:44 AM, Joerg Jung <m...@umaxx.net> wrote:
> 
> 
>> On 02 Jun 2016, at 15:24, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
>> 
>> I saw this in my daily report.
>> 
>> Running daily.local:
>> tool-stats: session failed line 10341
> 
> That means: it found a Session ID in the log which has been "Accepted”  but 
> not 
> created with “New” before. This can happen due to log rotation, e.g. previous 
> file 
> which is not part of current tool-stats run, contains the "New” session.
> 
> Depending on the server throughput this should only happen rarely for very 
> few Sessions.
> 
>> The report was still emailed to me and looked correct. Not sure if it's a 
>> bug or not.
> 
> Not really bug. Can be ignored for now. I’m not sure, maybe this message 
> should be 
> silenced, e.g. log_debug() only with me “-v” switch enabled or something.
> 
> Gilles is re-working the logs currently, tool-stats will be adjusted once 
> this is done.
> Likely that I'll handle this message then as well.
> 

Thanks for the quick response. I will ignore this message in the future.

Edgar

>> Thanks,
>> 
>> Edgar
>> 
>> Sent from my iPhone
>> 
>> --
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Hello World!

2016-06-13 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jun 13, 2016, at 8:08 PM, Christopher Ahrens 
>  wrote:
> 
> Hello all,
> Just finished setting up my shiny new OpenBSD-based IMAP server.
> 
> Long time OpenBSD user, but finally got myself a nice reliable OpenBSD box 
> (Something with a static IP on a network with a proper level of uptime) that 
> I can use for e-mail.
> 
> I followed the instructions in the FAQ to set my server up, everything went 
> flawlessly except two little bits that might be worth adding:
> 
> * dovecot.conf needed mail_location to be set, I ended up using:
> "mail_location = maildir:/mail/%d/%n:LAYOUT=fs"
> (I have a 1 TB disk mounted to /mail, the rest is on a 20 GB SSD)
> 
> * I also had to bump up the number of open files in login.conf, specifically:
> 
> 
>  daemon:\
>  :ignorenologin:\
>  :datasize=infinity:\
>  :maxproc=infinity:\
> --:openfiles-cur=128:
> ++:openfiles-cur=1024:\
>  :stacksize-cur=8M:\
>  :localcipher=blowfish,9:\
>  :tc=default:
> 

Look in /usr/local/share/doc/pkg-readmes I believe or maybe one level up there 
is dovecot info. I'm pretty sure it gives a login.conf example you will want to 
look at.

> 
> Otherwise the documentation was very helpful and simple enough to follow, but 
> not too simple.  I went from a fresh OpenBSD 5.9 box to working, and fully 
> secured, IMAP server in a few hours with TLS everywhere and fully trusted 
> certs and spam / virus protection.  I used to be a corporate email admin and 
> this was the simplest, yet most secure and robust install I've ever done.  
> Plus everything is encrypted except on machines I don't control, it's been 
> too long since I've had that.
> 
> I would suggest adding in a part on using 'encrypt -p -b 8' to produce the 
> passwords for /etc/mail/passwd.  And perhaps a section added to STARTTLS on 
> the certificate format it uses (i.e. take the CA certificate, append the 
> intermediate certificate, then attach the server cert.  All in the same file, 
> all in pem format.)
> 
> 
> 
> 
> 
> -Christopher Ahrens
> 
> 
> 
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: filter-spamassassin fails under heavy load (may 23 extras snapshot)

2016-06-15 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jun 15, 2016, at 12:43 PM, Andrew Ruscica  wrote:
> 
> > On Jun 6, 2016, at 5:37 PM, Gilles Chehade  wrote:
> >...
> >
> > Please do test new -extras snapshot that were just published, rebuild
> > your filters and reinstall them as the fix lies in the api/ layer
> >
> > Your problem should disappear ;-)
> 
> June 6 snapshots for both opensmtpd and extras installed at my high volume
> inbound gateway.
> 
> So far so good.  For the last several weeks I've been collecting 5-minute 
> stats
> and restarting opensmtpd when processes > 400. That has been happening
> consistently every 2-3 hours (even after I moved antivirus from filter-clamav 
> to
> clamsmtp).  
> 
> So I should be able to determine pretty quickly that this issue was resolved.
> 
> Thanks again-
> 

Just curious if you are running filter-regex also. If not try it in front of 
spamassassin. It cuts through a lot of spam so I'm not wasting resources on a 
hungry spamassin.
>

Re: configuration

2016-06-21 Thread Edgar Pettijohn 
On 16-06-21 05:58:03, Swa Frantzen wrote:
> Hi,
> 
> Guess it???s a typical case of me "not seeing the trees due to the forest???.
> 
> I???m trying to get to grips with OpenSMTPD on OpenBSD 5.9
> (Hence it???s version 5.9.1)
> 
> Simple requirement actually:
> 
> send email to the "Internet" from local users with "from" in enveloppe and 
> "From:" headers to be of the form f...@example.com even though the machine 
> itself has as hostname "bar.example.com" so: nowhere is there a 
> "bar.example.com" to be seen, with the exception of Received headers (don't 
> care about those)
> never deliver mail locally (mailboxes will not be read by the few local users 
> that exist)
> process the aliases before sending the email away.
> Additionally: relay from an internal network to the Internet (unmodified) 
> 
> I can???t seem get it to work.
> 
> -> I seem to have to keep /etc/mail/mailname set to example.com in order to 
> keep control over the From: header
> 
> If I don???t do that, I lose control over the From: header for local users 
> (via socket and/or 127.0.0.1).
> 
> As soon as I do that however, a line in the form of 
> 
> accept for local alias  deliver to mbox
> 
> (alias implies deliver, it gives a syntax error when trying relay)
> 
> the aliases of the form
> root: m...@example.com
> deliver locally instead of relaying
> 
> There must be something simpler to do this, but I seem to only find examples 
> where the smtpd is used to deliver to local mailboxes, which is exactly what 
> I don???t want.
> I want all mail to go away, but the mailname file seems to trigger both the 
> headers on locally generated mail as well as define what mail must be locally 
> delivered ??? and that combined makes this impossible unless there???s a 
> trick somewhere I missed out on.
> 
> 
> Essentially what I would like is:
> 
> /etc/mail/mailname:
> example.com
> 
> /etc/mail/smtpd.conf:
> listen on lo0
> listen on internal
> 
> table aliases file:/etc/mail/aliases
> 
> #the line below is a syntax error: "aliases/virtual may not be used with a 
> relay rule"]
> #accept from local alias  relay via smtp://foo.isp.net:25 as 
> ???@example.com"
> accept from local relay via smtp://foo.isp.net:25 as ???@example.com"
> 
> accept for any relay via smtp://foo.isp.net:25
> 
> /etc/mail/aliases:
> #[just showing a few as an example]
> www:root
> _ntp: /dev/null
> root: user
> user: m...@example.com
> 
> I can???t believe I???m the first one to want a server that sends out all 
> relevant email, but never deliver email locally, yet process aliases.
> 
> Help appreciated.
> 
> Swa
It seems this should work:

listen on lo0
table aliases file:/etc/mail/aliases

# I know you the local is default, but I like to make my intentions known.
accept from local for local alias  deliver to mbox
accept from local for any relay via smtp://foo.isp.net:25 as "@example.com"

/etc/mail/mailname
example.com

I haven't used the "as" keyword, but I'm guessing it works as expected. It may 
also be your MUA adding the 
unwanted headers. 
-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: configuration

2016-06-21 Thread Edgar Pettijohn 
On 16-06-21 18:53:26, Edgar Pettijohn wrote:
> On 16-06-21 05:58:03, Swa Frantzen wrote:
> > Hi,
> > 
> > Guess it???s a typical case of me "not seeing the trees due to the 
> > forest???.
> > 
> > I???m trying to get to grips with OpenSMTPD on OpenBSD 5.9
> > (Hence it???s version 5.9.1)
> > 
> > Simple requirement actually:
> > 
> > send email to the "Internet" from local users with "from" in enveloppe and 
> > "From:" headers to be of the form f...@example.com even though the machine 
> > itself has as hostname "bar.example.com" so: nowhere is there a 
> > "bar.example.com" to be seen, with the exception of Received headers (don't 
> > care about those)
> > never deliver mail locally (mailboxes will not be read by the few local 
> > users that exist)
> > process the aliases before sending the email away.
> > Additionally: relay from an internal network to the Internet (unmodified) 
> > 
> > I can???t seem get it to work.
> > 
> > -> I seem to have to keep /etc/mail/mailname set to example.com in order to 
> > keep control over the From: header
> > 
> > If I don???t do that, I lose control over the From: header for local users 
> > (via socket and/or 127.0.0.1).
> > 
> > As soon as I do that however, a line in the form of 
> > 
> > accept for local alias  deliver to mbox
> > 
> > (alias implies deliver, it gives a syntax error when trying relay)
> > 
> > the aliases of the form
> > root: m...@example.com
> > deliver locally instead of relaying
> > 
> > There must be something simpler to do this, but I seem to only find 
> > examples where the smtpd is used to deliver to local mailboxes, which is 
> > exactly what I don???t want.
> > I want all mail to go away, but the mailname file seems to trigger both the 
> > headers on locally generated mail as well as define what mail must be 
> > locally delivered ??? and that combined makes this impossible unless 
> > there???s a trick somewhere I missed out on.
> > 
> > 
> > Essentially what I would like is:
> > 
> > /etc/mail/mailname:
> > example.com
> > 
> > /etc/mail/smtpd.conf:
> > listen on lo0
> > listen on internal
> > 
> > table aliases file:/etc/mail/aliases
> > 
> > #the line below is a syntax error: "aliases/virtual may not be used with a 
> > relay rule"]
> > #accept from local alias  relay via smtp://foo.isp.net:25 as 
> > ???@example.com"
> > accept from local relay via smtp://foo.isp.net:25 as ???@example.com"
> > 
> > accept for any relay via smtp://foo.isp.net:25
> > 
> > /etc/mail/aliases:
> > #[just showing a few as an example]
> > www:root
> > _ntp: /dev/null
> > root: user
> > user: m...@example.com
> > 
> > I can???t believe I???m the first one to want a server that sends out all 
> > relevant email, but never deliver email locally, yet process aliases.

Sorry forgot this requirement.  Easiest solution would be to have the users in 
alias file like so:

user1: us...@otheraddress.com
user2: us...@gmail.com
etc.

And/or you can use "forward-only" I haven't done so. You would need to consult 
smtpd.conf(5) and test it out.

> > 
> > Help appreciated.
> > 
> > Swa
> It seems this should work:
> 
> listen on lo0
> table aliases file:/etc/mail/aliases
> 
> # I know you the local is default, but I like to make my intentions known.
> accept from local for local alias  deliver to mbox
> accept from local for any relay via smtp://foo.isp.net:25 as "@example.com"
> 
> /etc/mail/mailname
> example.com
> 
> I haven't used the "as" keyword, but I'm guessing it works as expected. It 
> may also be your MUA adding the 
> unwanted headers. 
> -- 
> Edgar Pettijohn
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [OpenSMTPD] opensmtpd-extra master snapshot opensmtpd-extras-201601061159 available

2016-01-10 Thread Edgar Pettijohn 



On 01/09/16 14:27, Raf Czlonka wrote:

On Sat, Jan 09, 2016 at 07:42:30PM GMT, Edgar Pettijohn wrote:

# pkg_info | grep libtool
libltdl-2.4.2p1 GNU libtool system independent dlopen wrapper
libtool-2.4.2p0 generic shared library support script

Uninstalled and reinstalled libtool retryed with same outcome as before.

On 01/09/16 13:22, Joerg Jung wrote:

On Sat, Jan 09, 2016 at 09:25:05AM -0600, Edgar Pettijohn wrote:

# AUTOCONF_VERSION=2.69 ./bootstrap
+ test yes = yes
+ libtoolize --copy --force
+ test -n  -a !  = . -a -f ltmain.sh
+ aclocal-1.9 -I m4
+ autoconf
+ test yes = yes
+ autoheader
+ test yes = yes
+ automake-1.9 --foreign --add-missing --copy

^^^
Install a newer version of automake - works fine here with 1.14.

Regards,

Raf


That did it.

Thanks

configure.ac: installing `./install-sh'
configure.ac: installing `./missing'
extras/wip/filters/filter-clamav/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'

This error might be the result of not installed devel/libtool
package.  Please install it with pkg_add libtool and retry.

The Makefile.in error below is the result of this earlier one:
Makefile.in is not generated here from the Makefile.am.


extras/wip/filters/filter-clamav/Makefile.am: installing `./compile'
extras/wip/filters/filter-dkim-signer/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-dnsbl/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-lua/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-monkey/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-pause/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-perl/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-python/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-regex/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-spamassassin/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-stub/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-trace/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/filters/filter-void/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/queues/queue-null/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/queues/queue-python/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/queues/queue-ram/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/queues/queue-stub/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/schedulers/scheduler-python/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/schedulers/scheduler-ram/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/schedulers/scheduler-stub/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-ldap/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-mysql/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-passwd/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-postgres/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-python/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-redis/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-socketmap/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-sqlite/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tables/table-stub/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
extras/wip/tools/tool-stats/Makefile.am: C objects in subdir but
`AM_PROG_CC_C_O' not in `configure.ac'
openbsd-compat/Makefile.am: C objects in subdir but `AM_PROG_CC_C_O' not in
`configure.ac'
configure.ac:28: installing `./config.guess'
configure.ac:28: installing `./config.sub'

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept

rc script not working

2016-02-22 Thread Edgar Pettijohn 

I noticed the following today from /etc/daily:

Services that should run but don't:
smtpd

Upon investigating I found that smtpd won't die from "pkill -xf smtpd".  
I also found that "/etc/rc.d/smtpd check" also fails because "pgrep -xf 
smtpd" doesn't appear to work.  Which I believe is why I receive the 
notice from /etc/daily because of "rcctl ls faulty" calls 
"/etc/rc.d/smtpd check".  For reference this is OpenSMTPD 5.7.3 on 
OpenBSD fairly current.


Thanks,

Edgar

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: rc script not working

2016-02-22 Thread Edgar Pettijohn 

Upgraded to 5.9.1 from cvs source and all is well.

On 02/22/16 19:36, Edgar Pettijohn wrote:

I noticed the following today from /etc/daily:

Services that should run but don't:
smtpd

Upon investigating I found that smtpd won't die from "pkill -xf 
smtpd".  I also found that "/etc/rc.d/smtpd check" also fails because 
"pgrep -xf smtpd" doesn't appear to work.  Which I believe is why I 
receive the notice from /etc/daily because of "rcctl ls faulty" calls 
"/etc/rc.d/smtpd check".  For reference this is OpenSMTPD 5.7.3 on 
OpenBSD fairly current.


Thanks,

Edgar




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

smtpd fatal error

2016-01-21 Thread Edgar Pettijohn 
I've been getting the following in the logs for a couple of weeks now. I 
had intended on upgrading to a current snapshot and testing, but I 
haven't had a chance. Has anyone else seen this?


smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] established
spamd[28577]: spamd: connection from localhost [127.0.0.1]:7943 to port 
783, fd 6
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: received invalid input: 
500 5.0.0: Line too long
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] closed (client sent QUIT)
spamd[28577]: spamd: processing message 
<1399008493.1859859723520628...@mutism.cliftbonze.com> for (unknown):506

smtpd[8217]: warn: pony -> inbound: pipe closed
smtpd[8217]: warn: filter "inbound" closed unexpectedly
smtpd[8217]: fatal: exiting


Thanks,

Edgar

Re: daemon keeps dieing

2016-01-22 Thread Edgar Pettijohn 
I think something is wrong wit the list. Based on the subject this should be my 
original message. This is the first I've seen it. Could someone please forward 
me the complete thread?

Thanks

Edgar

Sent from my iPhone

> On Jan 22, 2016, at 6:46 AM, Gilles Chehade  wrote:
> 
>> On Fri, Jan 22, 2016 at 11:39:47AM +, G B wrote:
>> After unsubscribing I'm still getting email from opensmtpd.org.
> 
> Hi,
> 
> According to mlmmj, you requested unsubscribe Tuesday Jan 19 at 12:22:53
> but did not confirm later on, I'll unsubscribe you manually
> 
> Gilles
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: daemon keeps dieing

2016-01-25 Thread Edgar Pettijohn 
Sorry for the delay.  Here is my config partially obfuscated to protect 
the innocent.

OpenSMTPD 5.7.3
Extras 5.7.1
I had intended on testing a new snapshot to see if that would fix it, 
but I haven't had time as of yet.



table aliases db:/etc/mail/aliases.db
table vusers passwd:/etc/mail/users
table vdomains db:/etc/mail/domains.db
table hnames db:/etc/mail/hostnames.db
table creds file:/etc/mail/creds

filter inbound spamassassin

geo_mail = "x.x.x.x"
pj_mail = "108.61.222.55"

bounce-warn 1h, 6h, 2d
expire 3d

pki mail.pettijohn-web.com certificate "/etc/ssl/mail.pettijohn-web.com.crt"
pki mail.pettijohn-web.com key "/etc/ssl/private/mail.pettijohn-web.com.key"

pki mail.obfuscate.com certificate "/etc/ssl/mail.obfuscate.com.crt"
pki mail.obfuscate.com key "/etc/ssl/private/mail.obfuscate.com.key"

listen on lo0
listen on lo0 port 10029 tag DKIM_OUT

listen on $geo_mail tls pki mail.obfuscate.com hostnames  
auth-optional  \

filter inbound
listen on $geo_mail port submission tls-require pki mail.obfuscate.com 
hostnames  \

auth  tag GOOD_GEO

listen on $pj_mail tls pki mail.pettijohn-web.com hostnames  
auth-optional  \

filter inbound
listen on $pj_mail port submission tls-require pki 
mail.pettijohn-web.com hostnames  \

auth  tag GOOD_PJ


accept tagged DKIM_OUT for domain  userbase  alias 
 deliver to mda \

"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}"
accept tagged DKIM_OUT for any relay
accept tagged GOOD_PJ for any relay via smtp://127.0.0.1:10030
accept tagged GOOD_GEO for any relay hostname mail.obfuscate.com
accept from any for domain  userbase  alias  
deliver to mda \

"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}"


On 01/24/16 14:04, Joerg Jung wrote:

See: https://www.mail-archive.com/misc@opensmtpd.org/maillist.html

especially Gilles reply on 22.1. and my on 20.1.

On Sun, Jan 24, 2016 at 11:32:53AM -0600, Edgar Pettijohn wrote:

Bump

Sent from my iPhone


On Jan 22, 2016, at 1:05 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:

I think something is wrong wit the list. Based on the subject this should be my 
original message. This is the first I've seen it. Could someone please forward 
me the complete thread?

Thanks

Edgar

Sent from my iPhone


On Jan 22, 2016, at 6:46 AM, Gilles Chehade <gil...@poolp.org> wrote:

On Fri, Jan 22, 2016 at 11:39:47AM +, G B wrote:
After unsubscribing I'm still getting email from opensmtpd.org.

Hi,

According to mlmmj, you requested unsubscribe Tuesday Jan 19 at 12:22:53
but did not confirm later on, I'll unsubscribe you manually

Gilles

--
Gilles Chehade

https://www.poolp.org  @poolpOrg

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

filter or pony error?

2016-01-19 Thread Edgar Pettijohn 
I've been getting the following in the logs for a couple of weeks now. I 
had intended on upgrading to a current snapshot and testing, but I 
haven't had a chance.  Has anyone else seen this?


smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] established
spamd[28577]: spamd: connection from localhost [127.0.0.1]:7943 to port 
783, fd 6
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: received invalid input: 
500 5.0.0: Line too long
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] closed (client sent QUIT)
spamd[28577]: spamd: processing message 
<1399008493.1859859723520628...@mutism.cliftbonze.com> for (unknown):506

smtpd[8217]: warn: pony -> inbound: pipe closed
smtpd[8217]: warn: filter "inbound" closed unexpectedly
smtpd[8217]: fatal: exiting


Thanks,

Edgar

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

daemon keeps dieing

2016-01-20 Thread Edgar Pettijohn 
I've been getting the following in the logs for a couple of weeks now. I 
had intended on upgrading to a current snapshot and testing, but I 
haven't had a chance.  Has anyone else seen this?


smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] established
spamd[28577]: spamd: connection from localhost [127.0.0.1]:7943 to port 
783, fd 6
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: received invalid input: 
500 5.0.0: Line too long
smtpd[8217]: smtp-in: session 25c5ca54fc7bce0c: connection from host 
server.majorhosting.ru [205.234.232.6] closed (client sent QUIT)
spamd[28577]: spamd: processing message 
<1399008493.1859859723520628...@mutism.cliftbonze.com> for (unknown):506

smtpd[8217]: warn: pony -> inbound: pipe closed
smtpd[8217]: warn: filter "inbound" closed unexpectedly
smtpd[8217]: fatal: exiting


Thanks,

Edgar

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: daemon keeps dieing

2016-01-24 Thread Edgar Pettijohn 
Bump

Sent from my iPhone

> On Jan 22, 2016, at 1:05 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> 
> I think something is wrong wit the list. Based on the subject this should be 
> my original message. This is the first I've seen it. Could someone please 
> forward me the complete thread?
> 
> Thanks
> 
> Edgar
> 
> Sent from my iPhone
> 
>>> On Jan 22, 2016, at 6:46 AM, Gilles Chehade <gil...@poolp.org> wrote:
>>> 
>>> On Fri, Jan 22, 2016 at 11:39:47AM +, G B wrote:
>>> After unsubscribing I'm still getting email from opensmtpd.org.
>> 
>> Hi,
>> 
>> According to mlmmj, you requested unsubscribe Tuesday Jan 19 at 12:22:53
>> but did not confirm later on, I'll unsubscribe you manually
>> 
>> Gilles
>> 
>> -- 
>> Gilles Chehade
>> 
>> https://www.poolp.org  @poolpOrg
>> 
>> -- 
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Need help with configuration using DNS aliases

2016-02-12 Thread Edgar Pettijohn 
Yes it can. However, 

By default, when connecting to a remote server, smtpd(8) advertises its default 
server name. A hostname parameter may be specified to advertise the alternate 
hostname name. If the source parameter is used, the hostnames parameter may be 
specified to advertise a hostname based on the source address. Table names 
contains a mapping of IP addresses to hostnames and smtpd(8) will automatically 
select the name that matches its source address when connected to the remote 
server. The hostname and hostnames parameters are mutually exclusive.

You need separate ip's for hostname selection in relay context.

Sent from my iPhone

> On Feb 12, 2016, at 5:08 PM, Michael Burk  wrote:
> 
> After some experimentation I think I can compress this problem down to one 
> question:
> 
> Is it possible for an OpenSMTPD host to process email addressed to two 
> different host names, both of which resolve to the same address?
> 
> When I set "mailname," any mail sent to that name works fine. Mail addressed 
> to the alternate host name loops.
> 
> I thought the "virtual" keyword would be for this purpose, but I've had no 
> luck with it.
> 
> Thanks,
> 
>> On Tue, Feb 9, 2016 at 10:44 AM, Michael Burk  wrote:
>> Thanks Craig for the reply.
>> 
>> I changed the CNAME to an A record as you suggested. Sadly, it still loops 
>> when I send the email to the "alternate" name. It seems that OpenSMTPD 
>> doesn't realize that the two names are the same server.
>> 
>> I should mention that the whole reason we have an alias is that I have two 
>> servers setup as mail servers, and the alias gives us an easy way to switch 
>> hosts if one goes down (all mail is addressed to the alias). Also, I have no 
>> MX records. I don't know if I should, but Sendmail has always worked without 
>> it.
>> 
>>> On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner  
>>> wrote:
>>> Hi Michael,
>>> 
>>> On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote:
>>> >
>>> > If I send a message to the server's CNAME, it goes into a loop which is
>>> > eventually detected and shut down:
>>> >
>>> 
>>> Try switching from DNS CNAMES to DNS A records:
>>> 
>>> RFC2181 has:
>>> 
>>> "10.3. MX and NS records
>>> 
>>> The domain name used as the value of a NS resource record, or part of
>>> the value of a MX resource record must not be an alias.  Not only is the
>>> specification clear on this point, but using an alias in either of these
>>> positions neither works as well as might be hoped, nor well fulfills the
>>> ambition that may have led to this approach.  This domain name must have
>>> as its value one or more address records.  Currently those will be A
>>> records, however in the future other record types giving addressing
>>> information may be acceptable.  It can also have other RRs,
>>> but never a CNAME RR. "
>>> 
>>> http://tools.ietf.org/html/rfc2181#section-10.3
>>> 
>>> --
>>> You received this mail because you are subscribed to misc@opensmtpd.org
>>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

Re: How to get OpenSMTPD working on OpenBSD 5.9

2016-04-10 Thread Edgar Pettijohn 



On 04/10/16 19:37, 98 [Rod whitworth] wrote:

The title pretty well says it all.

The Wiki page doesn't have any use now that following the instructions 
require 5.6


I need to build a new mail server.

So should I wait for the clue sheet or build Postfix?

I would be unhappy if I used Postfix and then the new OpenSMTPD clue 
stick came along in a just a few weeks or less. 8-))


Rod/



The link previously provided https://opensmtpd.org/faq/example1.html is 
about as official as its going to get.  Perhaps if you shared what you 
need smtpd to do someone could provide guidance to that end.

Re: Authentication using certificates

2016-04-06 Thread Edgar Pettijohn 


Sent from my iPhone

> On Apr 6, 2016, at 4:01 AM, Kai Wirt  wrote:
> 
> 
> 
> Hi,
> 
> when i used sendmail i allowed my clients to relay mail if they authenticated 
> via SMTPAUTH or if they could present a valid certificate with STARTTLS.
> I'm trying to do the same with OpenSMTPD. I understand, that I can have two 
> different listeners. One which accepts SMTPAUTH. And one which has 
> tls-require verify. But from what I could tell from the man pages there is no 
> way to have tls-require and auth as alternatives on one listener.
> 
> My use case is that I have clients

By client to you mean a person logging in with a mail client. Or another server 
using you as a relay?

> which don't have certificates and should be allowed to relay with SMTPAUTH. 
> And I have other mailservers which use OpenSMTPD as smarthost and which have 
> certificates. For the latter I don't like to configure credentials.
> 

This sounds possible. You may have to get clever with tagging. 

> 
> 
> Kai
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: recipient question

2016-03-23 Thread Edgar Pettijohn 

I've used it in the past.  The following should work.

table tablename file:/etc/mail/something

accept from any for domain  recipient  deliver to mbox

/etc/mail/something
u...@something.com

On 03/23/16 17:31, Ian Darwin wrote:

At this time, the list is very low volume, feel free to introduce yourself
;-)

Hola! This is Ian Darwin, sometime OpenBSD committer (ports, mostly, but I also 
wrote
the old file(1) command "a while ago"), Java geek, tech instructor/author, and 
photographer.

I've been running smtpd on my OpenBSD laptop for I think a couple of years
and in production on a low-volume server for maybe a year (it's been up for
220 days so maybe 3/4 of a year, I dunno).

I'm asking if anybody has a working example with "recipient"?

What I planned to do was divert one person's (myself, #1 guinea pig) incoming
mail to a different MDA for testing a new MDA. I tried taking this existing 
line:

accept from any for domain  alias  deliver to mbox

and cloning it, the first version to add "recipient { "per...@dom.ain" }"
and the second as above. I tried putting the recipient after the domain, e.g.,

accept from any for domain  recipient  alias  
deliver to mbox

Why after?  Because the man page says "Further filtering may be achieved on
specific recipients if desired" and "further" implies after - the man page
has no example of this (whether you write the table as a table rule or
inline should not matter, but I did try both before sending this post).

Also tried putting it in a variety of other places, replacing some phrases, etc.

I could not come up with anything that didn't give the dreaded :-) "smtpd.conf:24: 
syntax error"

Is this the right tool for this job, and, if so, how does it actually work?

Thanks if anyone can steer me right on this.

Ian




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Configuration erros

2016-03-06 Thread Edgar Pettijohn 



On 03/06/16 13:39, Dickie Bennett wrote:

Edgar, thank you for the answer.

I don't think that I can use virtual  because there are some 
aliases to external servers and according to the documentation (man 
smtpd.conf) "virtual" must match system users.


Is is possible to make a single rule that matches both, users and domains?

man 5 table

You could try something like this:
accept from any for domain "example.com" recipient  relay 
via etc...


/etc/mail/recipients
u...@example.com
us...@example.com
etc

I don't think this is the best way, but it may reduce some of the 
problems you're having.




Thanks.

On Fri, Mar 4, 2016 at 8:41 PM, Edgar Pettijohn 
<ed...@pettijohn-web.com <mailto:ed...@pettijohn-web.com>> wrote:




Sent from my iPhone

On Mar 4, 2016, at 10:50 AM, Dickie Bennett <shstr...@gmail.com
<mailto:shstr...@gmail.com>> wrote:


Hi,

I'm running OpenSMTPD + Dovecot + Amavis on FreeBSD and I made
some mistakes configuring that I am not sure how to fix. This is
my configuration:

pki example.com <http://example.com> certificate
"/etc/ssl/certs/example.pem"
pki example.com <http://example.com> key
"/etc/ssl/private/example.pem"

limit mta inet4
bounce-warn 15m
expire 2d

listen on re0 port 25 tls pki example.com <http://example.com>
hostname example.com <http://example.com> auth-optional
listen on re0 port 587 tls-require pki example.com
<http://example.com> hostname example.com <http://example.com>
auth mask-source

# Amavisd filters
listen on lo0 port 10025 tag Filtered

table aliases file:/etc/aliases

accept tagged Filtered for local alias  deliver to lmtp
"/var/run/dovecot/lmtp"
accept from any for domain “example.com <http://example.com>"
relay via "smtp://localhost:10024"
accept from local for any relay


accept from any for domain "example.com <http://example.com>"
virtual  relay via ...

There are a few options but basically just accept for users some
kind of way before you pass to amavis and it will probably help. 
I might have misinterpreted your problems but i think this will

help.  Also you may try the extras package and use the spam
assassin filter instead.


So the problems are:  1. this configuration allows to send
e-mails from someu...@example.com <mailto:someu...@example.com>
to any user of the example.com <http://example.com> domain
through port 25 without authentication. So. basically,  OpenSMTPd
allows to received e-mails from spoofed accounts (but not sent to
external addresses, of course). This happens because of the rule
that relays to Amavisd. How may I fix that?

2. The other issue is that the mail queue is getting full of spam
because the Amavisd rule allows to receive emails to 
non-existent users but the Filtered rule won't receive it and

tries to bounce the e-mail but of course, the spammers e-mail
address doesn't exist, so it stays for 2 days in the queue. How
can I specify to the Amavisd rule to accept for aliases given
that OpenSMTPd won't allow to use aliases in a relay rule?

Thanks for any suggestion.

Re: received invalid command: "RCPT TO:<r...@myhost.com>"

2016-04-04 Thread Edgar Pettijohn 



On 04/04/16 15:55, Ultramedia Libertad wrote:

Hello,

I have a problem in my server debian 8 and OpenSMTPD

# smtpd -dv -Tlookup

debug: smtp: new client on listener: 0xd34880
smtp-in: session dd3d7c11f63059ad: connection from host
mail-oi0-f47.google.com [209.85.218.47] established
debug: smtp: SIZE in MAIL FROM command
smtp-in: session dd3d7c11f63059ad: received invalid command: "RCPT
TO:"
smtp-in: session dd3d7c11f63059ad: connection from host
mail-oi0-f47.google.com [209.85.218.47] closed (client sent QUIT)
debug: smtp: 0xdce130: deleting session: done

my smtpd.conf is :

myhostname = "mail.myhost.com"
ext = "eth0"
int = "127.0.0.1"

pki $myhostname certificate "/etc/mail/cert/mail.myhost.com.crt"
pki $myhostname key "/etc/mail/cert/mail.myhost.com.key"
pki $myhostname dhparams "/etc/nginx/ssl/defaultip/dhparam.pem"

table vrecipients file:/etc/mail/vrecipients


is r...@myhost.com in vrecipients?

table vdomains mysql:/etc/mail/vdomains.conf
table valiases mysql:/etc/mail/valiases.conf
table credentials mysql:/etc/mail/credenciales.conf

listen on lo
listen on $ext port 25
listen on $ext port 587 tls-require pki $myhostname hostname
$myhostname auth 

listen on lo port 10028 tag CLAM_IN # incoming mail
listen on lo port 10030 tag CLAM_OUT # outgoing mail
listen on lo port 10026 tag SPAM_IN # incoming mail

accept tagged SPAM_IN for domain  recipient 
relay via lmtp://127.0.0.1:2525

should this be smtp://127.0.0.1:2525?


accept tagged CLAM_IN for domain  recipient 
relay via smtp://127.0.0.1:10025
accept tagged CLAM_IN for domain  virtual 

accept tagged CLAM_OUT for domain  recipient 
relay via lmtp://127.0.0.1:2525


see above.

accept tagged CLAM_OUT for domain  virtual 
accept tagged CLAM_OUT for any relay

please i need help for review error.

thanks



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpd: connect: Connection refused

2016-04-28 Thread Edgar Pettijohn 


Sent from my iPhone

> On Apr 28, 2016, at 11:49 AM, Óscar Rubén Cuéllar Valcárcel 
> <ocuel...@ocuellar.com.mx> wrote:
> 
> It's just the same that example1.html
> 
> -
> #   $OpenBSD: smtpd.conf,v 1.8 2015/12/21 16:25:44 sunil Exp $
> 
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
> 
> # To accept external mail, replace with: listen on all
> #
> 
> # filters and filter chains setup
> filter filter-pause pause
> filter filter-regex regex
> filter filter-dnsbl-sorbs dnsbl
> filter filter-dnsbl-spamcop dnsbl "-h bl.spamcop.net"
> filter filter-dnsbl-spamhaus dnsbl "-h sbl-xbl.spamhaus.org"
> filter filter-spamassassin spamassassin "-s reject"
> filter filter-clamav clamav
> filter all chain filter-pause filter-regex filter-dnsbl-sorbs
> filter-dnsbl-spamcop filter-dnsbl-spamhaus filter-spamassassin filter
> -clamav
> filter sub chain filter-pause filter-spamassassin filter-clamav
> 
> # pki setup
> pki mail.anonimas.mx certificate "/etc/ssl/mail.anonimas.mx.crt"
> pki mail.anonimas.mx key "/etc/ssl/private/mail.anonimas.mx.key"
> 
> # tables setup
> table aliases file:/etc/mail/aliases
> table domains file:/etc/mail/domains
> table virtuals file:/etc/mail/virtuals
> table credentials file:/etc/mail/passwd
> 
> # listen ports setup
> listen on lo0 filter sub
> listen on egress port 25 filter all tls pki mail.anonimas.mx
> listen on egress port 587 filter sub tls-require pki mail.anonimas.mx
> auth 
> 
> # special case for gmail to avoid ipv6 here
> #limit mta for domain gmail.com inet4
> # allow local messages
> accept from local for local alias  deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
> # allow virtual domains
> accept from any for domain  virtual  deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to

Is dovecot set up correctly?
Try deliver to maildir and provide the path to where you want dovecot 
delivering to. Such as:
/var/vmail/domain/user

If it goes through its probably dovecot issue.

> # allow outgoing mails
> accept from local for any relay
> ---
> 
> thanks
> 
>> El jue, 28-04-2016 a las 11:43 -0500, Edgar Pettijohn escribió:
>> Your smtpd.conf would help. 
>> 
>> Sent from my iPhone
>> 
>>> On Apr 28, 2016, at 11:28 AM, Óscar Rubén Cuéllar Valcárcel 
>>> <ocuel...@ocuellar.com.mx> wrote:
>>> 
>>> Hello
>>> 
>>> I have a problem, and I don't know how solve it, I followed 
>>> 
>>> https://www.opensmtpd.org/faq/example1.html
>>> 
>>> But when I tried to probe, it did not work. These is my maillog:
>>> -
>>> smtp-in: New session d41cecb04e598e3e from host 10.8.0.18 [10.8.0.18]
>>> smtp-in: Started TLS on session d41cecb04e598e3e: version=TLSv1.2,
>>> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
>>> smtp-in: Accepted authentication for user ocuel...@anonimas.mx on
>>> session d41cecb04e598e3e
>>> spamd: connection from localhost [127.0.0.1]:14385 to port 783, fd 6
>>> spamd: processing message <1461784274.1767.2.camel@ocuellar> for
>>> (unknown):506
>>> filter-spamassassin[18317]: info: result: Spam: False ; 1.8 / 5.0
>>> spamd: clean message (1.8/5.0) for (unknown):506 in 0.8 seconds, 610
>>> bytes.
>>> spamd: result: . 1 - ALL_TRUSTED,TVD_SPACE_RATIO,TVD_SPACE_RATIO_MINFP
>>> scantime=0.8,size=610,user=(unknown),uid=506,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=14385,mid=<1461784274.1767.2.camel@ocuellar>,autolearn=no
>>>  autolearn_force=no
>>> filter-clamav[6871]: info: result: stream: OK
>>> smtp-in: Accepted message f3f5bfb1 on session d41cecb04e598e3e:
>>> from=<ocuel...@anonimas.mx>, to=<kera...@anonimas.mx>, size=610,
>>> ndest=1, proto=ESMTP
>>> 
>>> delivery: TempFail for f3f5bfb1c2904dba: from=<ocuel...@anonimas.mx>,
>>> to=<kera...@anonimas.mx>, user=vmail, method=lmtp, delay=0s, stat=Error
>>> ("smtpd: connect: Connection refused")
>>> 
>>> 
>>> smtp-in: Closing session d41cecb04e598e3e
>>> --
>>> 
>>> All looks fine until delivery.
>>> 
>>> I appreciate if someone can help me. Thanks in advance
>>> 
>>> -- 
>>> Óscar Rubén Cuéllar Valcárcel
>>> Ama et fac quod vis
>>> 
>>> 
>>> -- 
>>> You received this mail because you are subscribed to misc@opensmtpd.org
>>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> -- 
> Óscar Rubén Cuéllar Valcárcel
> Ama et fac quod vis
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Crashing once a day and not auto-starting back

2016-05-05 Thread Edgar Pettijohn 


Sent from my iPhone

> On May 5, 2016, at 8:17 AM, Mariano Baragiola  
> wrote:
> 
> Hello misc@, sending again from different account.
> Sorry if duplicate.
> 
> I rented an OpenBSD 5.9-release amd64 VPS and updated it
> to 5.9-stable with https://stable.mtier.org/openup.
> 
> Before submitting a ticket to the VPS provider, I wanted
> to see if I'm doing something wrong.
> 
> Regularly, the smtpd service stops running and it
> won't autostart back, although it is activated to
> do so.

How is it activated to do so?

> 
> # smtpctl show status
> smtpctl: smtpd doesn't seem to be running
> 
> # rcctl ls on
> check_quotas
> cron
> ntpd
> smtpd
> sshd
> syslogd
> 
> # rcctl ls started
> cron
> ntpd
> sshd
> syslogd
> 
> # rcctl start smtpd
> smtpd(ok)
> 
> Below it is my smtpd.conf, edited to not show personal
> details, it is a quite simple forwarding setup:
> 
> pki mydomain.com certificate "/etc/mail/tls/mycert.crt"
> pki mydomain.com key "/etc/mail/tls/mykey.key"
> 
> table authtable file:/etc/mail/authtable
> table vusers file:/etc/mail/vusers
> table vdoms file:/etc/mail/vdoms
> 
> listen on all port 25 tls-require pki mydomain.com auth-optional
>  \
> hostname mydomain.com
> 
> accept from any for domain  virtual  deliver to mbox
> accept from local for any relay
> 
> ---
> 
> I ran chmod -R 0400 /etc/mail/tls/, if it helps to know that.
> 
> Both sending and receiving works fine when smtpd is running,
> but it is the second time I woke up in the morning having
> smtpd stopped with no apparent reason, and not autostarting
> back. When I reboot the VPS, smtpd autostarts with no problems.
> 
> I don't know if I'm looking in the wrong place, but
> /var/log/maillog isn't showing anything relevant.

Turn up the verbosity.
smtpd_flags="-v"

> 
> Any help is appreciated, and thanks in advance for reading.
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Crashing once a day and not auto-starting back

2016-05-05 Thread Edgar Pettijohn 
You could have a cron job check that it's running and if not restart it. Plus 
the email cron sends would give you a time frame to look for in the logs.

Sent from my iPhone

> On May 5, 2016, at 9:58 AM, Mariano Baragiola  
> wrote:
> 
>> On 05/05/16 11:51, Gilles Chehade wrote:
>> 
>> No it shouldn't autostart when it crashes.
>> It shouldn't crash either.
>> 
>> Can you provide more details ?
>> logs before the crash ?
> 
> Noted. Is it a way to autostart it again
> if it crashes?
> 
> I just added the verbosity flag to smtpd,
> so I guess I'll have more log details if
> and as soon as it crashes again.
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Fwd: Re: denial of service?

2016-05-10 Thread Edgar Pettijohn 



On 05/10/16 10:29, Gilles Chehade wrote:

On Tue, May 10, 2016 at 10:11:48AM -0500, Edgar Pettijohn wrote:

Sharing with the list at Gilles request.

To me it seems like at some point the daemon was treating my outgoing mail
as incoming mail and refusing it because they weren't legal recipients.

Enjoy,


Actually I'm unsure I see a problem really...

Your initial mail says that you were unable to send outgoing messages
but the log shows that all deliveries took place in few seconds after
messages were committed to the queue.

Can you better explain what it is that you mean when you say:

 "I found I was unable to send outgoing messages earlier"





At line 17750 is the first occurence, this was an outgoing message.

May  9 16:58:36 pettiiijohn smtpd[18733]: smtp-in: Failed command on 
session 6d638ee0ae34bacc: "RCPT TO:<u...@gmail.com>" => 550 Invalid 
recipient


I don't send a lot of mail so its hard to say if it would have happened 
more earlier or not.  A few hours later I was able to ssh in and first 
looked at the queue which was empty. Not sure what I was looking for but 
its a habit. Then looked through the logs. Saw I was flooded with 
attempts from the same ip. First just tried a simple /etc/rc.d/smtpd 
restart which didn't resolve the issue (line 18135).  Then I decided to 
block the offender with pf and restarted smtpd again.  Problem solved.  
The two may not have anything to do with eachother, but at least they 
aren't filling up my logs anymore.


Thanks,

Edgar

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: denial of service?

2016-05-10 Thread Edgar Pettijohn 


Sent from my iPhone

> On May 10, 2016, at 11:10 AM, Gilles Chehade <gil...@poolp.org> wrote:
> 
>> On Tue, May 10, 2016 at 10:56:10AM -0500, Edgar Pettijohn wrote:
>> 
>> 
>>> On 05/10/16 10:29, Gilles Chehade wrote:
>>>> On Tue, May 10, 2016 at 10:11:48AM -0500, Edgar Pettijohn wrote:
>>>> Sharing with the list at Gilles request.
>>>> 
>>>> To me it seems like at some point the daemon was treating my outgoing mail
>>>> as incoming mail and refusing it because they weren't legal recipients.
>>>> 
>>>> Enjoy,
>>> Actually I'm unsure I see a problem really...
>>> 
>>> Your initial mail says that you were unable to send outgoing messages
>>> but the log shows that all deliveries took place in few seconds after
>>> messages were committed to the queue.
>>> 
>>> Can you better explain what it is that you mean when you say:
>>> 
>>>"I found I was unable to send outgoing messages earlier"
>> At line 17750 is the first occurence, this was an outgoing message.
>> 
>> May  9 16:58:36 pettiiijohn smtpd[18733]: smtp-in: Failed command on session
>> 6d638ee0ae34bacc: "RCPT TO:<u...@gmail.com>" => 550 Invalid recipient
>> 
>> I don't send a lot of mail so its hard to say if it would have happened more
>> earlier or not.  A few hours later I was able to ssh in and first looked at
>> the queue which was empty. Not sure what I was looking for but its a habit.
>> Then looked through the logs. Saw I was flooded with attempts from the same
>> ip. First just tried a simple /etc/rc.d/smtpd restart which didn't resolve
>> the issue (line 18135).  Then I decided to block the offender with pf and
>> restarted smtpd again.  Problem solved.  The two may not have anything to do
>> with eachother, but at least they aren't filling up my logs anymore.
>> 
>> Thanks,
> 
> My theory is that these are two separate issues.
> 
> I suspect the problem is that your client somehow attempted port 25, not
> submission, which would cause _exactly_ what we observe on your log.
> 
> If you can reproduce easily (ie: by unblocking pf) you can prove this
> theory by adding verbose debugging which will let us know which listener
> accepted the connection.
> 
> 
Should have mentioned I tried with iPhone Mail as well as thunderbird from 
laptop. I have removed the pf. Will restart with -v when I get a chance.


> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

denial of service?

2016-05-09 Thread Edgar Pettijohn 
I found I was unable to send outgoing messages earlier.  Looking through 
the logs I had over 3000 connections from 112.236.76.92 in less than 24 
hours.  I blocked them with pf and now I can send outgoing again.  Just 
thought I'd share for those interested in this sort of thing.


Thanks,

Edgar


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

filter dkim signer

2016-04-17 Thread Edgar Pettijohn 

Is anyone using this filter?

I tried to implement it in place of dkimproxy_out but it doesn't seem to 
be working.  Maybe its looking for a different certificate?


# openssl genrsa -out /etc/mail/private.key 1024
# openssl rsa -in private.key -pubout -out public.key

smtpd.conf

filter filter-dkim-signer dkim-signer "-D mydomain -p 
/etc/mail/private.key -s selector1"


txt record
k=rsa; t=s;
p=lotsoflettersandnumbersfrompublic.key

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: filter dkim signer

2016-04-17 Thread Edgar Pettijohn 



On 04/17/16 10:20, Ryan Kavanagh wrote:

Edgar Pettijohn <ed...@pettijohn-web.com> wrote:

Is anyone using this filter?

Yes, I got it running yesterday using OpenBSD 5.9's opensmtpd-extras package.


smtpd.conf

filter filter-dkim-signer dkim-signer "-D mydomain -p
/etc/mail/private.key -s selector1"

Part of the problem is the spaces here. At least, when I tried with a space
before the argument for "-p", I got a file not found error. I also ended up
having to wrap each individual argument in quotes, though I'm not sure if this
was necessary. Here's what I have in my smtpd.conf:

 filter filter-dkim-signer dkim-signer "-Dryanak.ca" 
"-p/var/db/dkim/_may2014.ryanak.ca.key" "-smay2014"
 filter all chain filter-dkim-signer

 ...

 listen on lo0 filter all
 listen on vio0 filter all secure pki ryanak.ca
 listen on vio0 port submission filter all tls-require pki ryanak.ca auth 


 ...

 accept from local for any relay

In retrospect, I probably shouldn't have the filter applied on the second
"listen on" line, because I this causes incoming mail to also be DKIM signed.

Hope this helps,
Ryan

Have you verified that it is signing your outgoing mail properly?  I 
have a patch to fix your quoting problem, but I wasn't going to submit 
till I had it working 100%.  I think my problem may be my dns record.  
Trying to get it fixed now, but domain.com is unusually slow to act today.


this is a fuller description of my smtpd.conf which may be wrong too, 
but I think its right.


filter filter-dkim-signer dkim-signer "etc, etc,"

listen on lo0 port 2525 filter filter-dkim-signer tag DKIM_OUT

accept tagged DKIM_OUT for any relay
accept tagged AUTH_GOOD for any relay via smtp://127.0.0.1:2525

this patch seems to work for me, but like I said I haven't been able to 
confirm until my dns updates.


diff --git a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c 
b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
index 8e6a9a1..e2751ab 100644
--- a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
+++ b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
@@ -268,7 +268,10 @@ int
 main(int argc, char **argv)
 {
int  ch, d = 0, v = 0;
+   const char  *D = NULL;
const char  *p = NULL;
+   const char  *pkey = NULL;
+   const char  *s = NULL;
FILE*fp;
static char  hostname[SMTPD_MAXHOSTNAMELEN];
 
@@ -277,7 +280,7 @@ main(int argc, char **argv)

while ((ch = getopt(argc, argv, "D:dp:s:v")) != -1) {
switch (ch) {
case 'D':
-   domain = optarg;
+   D = optarg;
break;
case 'd':
d = 1;
@@ -286,7 +289,7 @@ main(int argc, char **argv)
p = optarg;
break;
case 's':
-   selector = optarg;
+   s = optarg;
break;
case 'v':
v |= TRACE_DEBUG;
@@ -301,17 +304,31 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
 
-	if (domain == NULL) {

+   if (D) {
+   domain = D;
+   }
+
+   else {
if (gethostname(hostname, sizeof(hostname)) == -1)
fatal("main: gethostname");
domain = hostname;
}
 
-	if (selector == NULL)

+   if (s) {
+   selector = s;
+   }
+
+   else {
selector = DEF_SELECTOR;
+   }
+
+   if (p) {
+   pkey = p;
+   }
 
-	if (p == NULL)

-   p = PRIVATE_KEY;
+   else {
+   pkey = PRIVATE_KEY;
+   }
 
 	log_init(d);

log_verbose(v);
@@ -322,7 +339,7 @@ main(int argc, char **argv)
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
 
-	if ((fp = fopen(p, "r")) == NULL)

+   if ((fp = fopen(pkey, "r")) == NULL)
fatal("main: fopen %s", p);
 
 	rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);





--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: filter dkim signer

2016-04-17 Thread Edgar Pettijohn 



On 04/17/16 13:31, Joerg Jung wrote:

On Sun, Apr 17, 2016 at 10:57:56AM -0500, Edgar Pettijohn wrote:


On 04/17/16 10:20, Ryan Kavanagh wrote:

Edgar Pettijohn <ed...@pettijohn-web.com> wrote:

Is anyone using this filter?

Yes, I got it running yesterday using OpenBSD 5.9's opensmtpd-extras package.


smtpd.conf

filter filter-dkim-signer dkim-signer "-D mydomain -p
/etc/mail/private.key -s selector1"

Part of the problem is the spaces here. At least, when I tried with a space
before the argument for "-p", I got a file not found error. I also ended up
having to wrap each individual argument in quotes, though I'm not sure if this
was necessary. Here's what I have in my smtpd.conf:

 filter filter-dkim-signer dkim-signer "-Dryanak.ca" 
"-p/var/db/dkim/_may2014.ryanak.ca.key" "-smay2014"
 filter all chain filter-dkim-signer

 ...

 listen on lo0 filter all
 listen on vio0 filter all secure pki ryanak.ca
 listen on vio0 port submission filter all tls-require pki ryanak.ca auth 


 ...

 accept from local for any relay

In retrospect, I probably shouldn't have the filter applied on the second
"listen on" line, because I this causes incoming mail to also be DKIM signed.

Hope this helps,
Ryan


Have you verified that it is signing your outgoing mail properly?  I have a
patch to fix your quoting problem,

oh... wrote a patch, then saw your mail with the very similar diff
attached... note to myself: read whole thread first :(


but I wasn't going to submit till I had
it working 100%.  I think my problem may be my dns record.  Trying to get it
fixed now, but domain.com is unusually slow to act today.

this is a fuller description of my smtpd.conf which may be wrong too, but I
think its right.

filter filter-dkim-signer dkim-signer "etc, etc,"

listen on lo0 port 2525 filter filter-dkim-signer tag DKIM_OUT

accept tagged DKIM_OUT for any relay
accept tagged AUTH_GOOD for any relay via smtp://127.0.0.1:2525

this patch seems to work for me, but like I said I haven't been able to
confirm until my dns updates.

diff --git a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c 
b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
index 8e6a9a1..e2751ab 100644
--- a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
+++ b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c
@@ -268,7 +268,10 @@ int
  main(int argc, char **argv)
  {
int  ch, d = 0, v = 0;
+   const char  *D = NULL;
const char  *p = NULL;
+   const char  *pkey = NULL;
+   const char  *s = NULL;
FILE*fp;
static char  hostname[SMTPD_MAXHOSTNAMELEN];
@@ -277,7 +280,7 @@ main(int argc, char **argv)
while ((ch = getopt(argc, argv, "D:dp:s:v")) != -1) {
switch (ch) {
case 'D':
-   domain = optarg;
+   D = optarg;
break;
case 'd':
d = 1;
@@ -286,7 +289,7 @@ main(int argc, char **argv)
p = optarg;
break;
case 's':
-   selector = optarg;
+   s = optarg;
break;
case 'v':
v |= TRACE_DEBUG;
@@ -301,17 +304,31 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
-   if (domain == NULL) {
+   if (D) {
+   domain = D;
+   }
+
+   else {
if (gethostname(hostname, sizeof(hostname)) == -1)
fatal("main: gethostname");
domain = hostname;
}
-   if (selector == NULL)
+   if (s) {
+   selector = s;
+   }
+
+   else {
selector = DEF_SELECTOR;
+   }
+
+   if (p) {
+   pkey = p;
+   }
-   if (p == NULL)
-   p = PRIVATE_KEY;
+   else {
+   pkey = PRIVATE_KEY;
+   }
log_init(d);
log_verbose(v);
@@ -322,7 +339,7 @@ main(int argc, char **argv)
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
-   if ((fp = fopen(p, "r")) == NULL)
+   if ((fp = fopen(pkey, "r")) == NULL)
fatal("main: fopen %s", p);
rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org




I was on the right track. If my dns ever updates I'll test mine and yours.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay recipient verification - migrating from Postfix

2016-05-07 Thread Edgar Pettijohn 


Sent from my iPhone

> On May 7, 2016, at 11:04 AM, Marcus MERIGHI  wrote:
> 
> av...@protonmail.com (Andrew Ruscica), 2016.05.07 (Sat) 05:16 (CEST):
>> First, hello to the list and the opensmtpd devs- thank you very much
>> for this great mta. I've been building postfix gateways on openbsd for
>> maybe close to 10 years and have been following opensmtpd with great
>> interest.
>> 
>> I'm migrating a set of postfix gateways to opensmtpd.  The role of the
>> gateway is only to filter and relay email to internal (Domino, in this
>> case) mail servers.
>> 
>> The goal of my question here is to reject invalid recipients at the
>> gateway.
>> 
>> In the past I have used a canned perl script to generate a postfix
>> table by performing an LDAP query from the mail server's directory
>> (postfix: relay_recipient_maps). I'm not a perl hacker and this has
>> stopped working at recent OpenBSD releases.
>> 
>> But it can be replaced by the more elegant reject_unverified_recipient
>> - which is a pre-check of the recipient address at the relay
>> destination and rejects the email if the recipient doesn't exist.
>> 
>> So far my searches of the openbsd and opensmtpd misc archives as well
>> as the opensmtpd.conf man page haven't revealed a similar way to
>> achieve this.
>> 
>> I'm tempted to not bother - for invalid recipients the gateway will
>> accept the email then immediately generate and send a NDR - I can't be
>> the first to use opensmtpd as a gateway like this. But in that case
>> I'm curious what have others done about the potential for the gateway
>> to be a source of backscatter spam?
> 
> If I get you right you are looking for "recipient" in smtpd.conf(5),
> second hit. 
> 
> accept from any for domain  recipient  \
>  relay via ...
> 
> Back at your ldap export problem. 
> 
I haven't tried it but isn't there a table-ldap in extras? Maybe that can do 
what you need.


> I do not know of a way to do what reject_unverified_recipient does
> according to your description, assuming the pre-check happens via SMTP. 
> 
> Bye, Marcus
> 
>> !DSPAM:572d5ddd551039943851!
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: something similar to always_bcc in postfix?

2016-07-25 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jul 25, 2016, at 2:18 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> 
> 
> 
> Sent from my iPhone
> 
> On Jul 25, 2016, at 11:33 AM, Denis Fondras <open...@ledeuns.net> wrote:
> 
>>> I'd like to bcc all incoming mail to a specified address, but could not 
>>> figure out how. Anyone has any pointers?
>>> My current setup is opensmtpd + dovecot with virtual domains.
>> 
>> I don't know if it is possible with OpenSMTPd.
>> Alternatively and probably not as efficient but if you use pigeonhole you can
>> add a global sieve script to copy email to another recipient.
>> 
>> Denis
>> 
>> -- 
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> I know it's possible with postfix, so I'm sure opensmtpd can do it too. Not 
> sure how unfortunately. 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
This is an excerpt from table(5)

In a virtual domain context, the key is either a user part, a full email 
address or a catch all, following selection rules described in smtpd.conf(5), 
and the value is one or many recipients as described in aliases(5):

@example.com catch...@example.com

Re: something similar to always_bcc in postfix?

2016-07-25 Thread Edgar Pettijohn 


Sent from my iPhone

On Jul 25, 2016, at 11:33 AM, Denis Fondras  wrote:

>> I'd like to bcc all incoming mail to a specified address, but could not 
>> figure out how. Anyone has any pointers?
>> My current setup is opensmtpd + dovecot with virtual domains.
> 
> I don't know if it is possible with OpenSMTPd.
> Alternatively and probably not as efficient but if you use pigeonhole you can
> add a global sieve script to copy email to another recipient.
> 
> Denis
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

I know it's possible with postfix, so I'm sure opensmtpd can do it too. Not 
sure how unfortunately. 

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: something similar to always_bcc in postfix?

2016-07-27 Thread Edgar Pettijohn 
Excellent. 

Sent from my iPhone

> On Jul 27, 2016, at 12:04 AM, Alan Cheng <ach...@gobsd.org> wrote:
> 
> seems the alias table can do the work, whereas a 'catchall' won't (as it's 
> not intended to).
> 
> The key part to get it working here is to map each (virtual) user to two 
> addresses: a system account (vmail, in my case)
> to receive emails, andan  additional address that you want all incoming mails 
> be BCC'ed to.
> 
> I need to manually create the alias map for each user, but the number of 
> accounts is less than 10 so the manual operation
> is not an issue for now.
> 
> Thanks all again for responding and inspriing.
> 
> Here is my config files, in case anyone want to take a reference to:
> 
> #=== my smtpd.conf ==
> pki mail.example.com certificate "/etc/opensmtpd/mail.example.com.crt"
> pki mail.example.com key "/etc/opensmtpd/mail.example.com.key"
> table aliases file:/etc/opensmtpd/aliases
> table vdomains file:/etc/opensmtpd/vdomains
> table passwd file:/etc/opensmtpd/passwd
> table virtual_users file:/etc/opensmtpd/virtual_userss
> listen on lo
> listen on eth1 port 25 tls pki mail.example.com
> listen on eth1 port 587 tls-require pki mail.example.com auth 
> accept from local for local alias  deliver to lmtp 
> "/var/run/dovecot/lmtp" rcpt-to
> 
> accept from any for domain  virtual  deliver to lmtp 
> "/var/run/dovecot/lmtp" rcpt-to
> 
> accept from local for any relay
> 
> #  my virtual_users table  ===
> # vmail is a system account that all virtual users map to
> # as in https://www.opensmtpd.org/faq/example1.html
> # admin account here is the address I'd like all incoming mail be BCC'ed to, 
> in addition to 
> # their intended recipient
> 
> ad...@example.com   vmail
> 
> sen...@example.com vmail,ad...@example.com
> sc...@example.com vmail,ad...@example.com
> 
> Regards,
> Aan
> --
> From:Alan Cheng <ach...@gobsd.org>
> Time:2016 Jul 26 (Tue) 22:37
> To:misc <misc@opensmtpd.org>
> Subject:Re: something similar to always_bcc in postfix?
> 
> 
> Thanks all for responding.
> I'll go through table.5 (as mentioned by Edgar) another time and see if I can 
> get anything new. 
> if not, I'll try the approaches mentioned by Denis and Tom.
> 
> Regards,
> Alan
> 
> --
> From:Tom Smyth <tom.sm...@wirelessconnect.eu>
> Time:2016 Jul 26 (Tue) 06:46
> To:Edgar Pettijohn <ed...@pettijohn-web.com>
> Cc:Denis Fondras <open...@ledeuns.net>; misc <misc@opensmtpd.org>
> Subject:Re: something similar to always_bcc in postfix?
> 
> in postifx you can do it in the virtualmaps file ...  I had tried doing this 
> in OpenSMTPD 
> about 1.5 years ago and ended up using OpenSMTPD as the service that listened 
> to the outside world and then relay the information to Postfix  which would 
> copy and 
> forward mail listening on the loopback address, using the virtualmaps in 
> Postfix
> 
> 
> edit /etc/postfix/virtual   file 
> emailaddress_to_be_copi...@domain.com
> emailaddress_to_be_copi...@domain.com,otheraddress_@_otherdomain.com
> 
> anohter_emailaddress_to_becopi...@domain.com 
> anohter_emailaddress_to_becopi...@domain.com,root@localhost
> @domain.com@domain.com
> 
> repeat each line for each user of the domain  
> 
> after editing the the virtual maps file run the command
> 
> postmap /etc/postfix/virtual
> 
> 
> using the virtualmaps in Postfix
> 
> It worked reliably the only gotcha was trying to copy mails for unknown 
> addresses,
>  I was not able to pull this off,  as a safety measure wildcard setting at 
> the bottom 
> of the file for un-known users and this would forward the mail without 
> copying 
> (not to interrupt production mailflow)
> 
> @domain.com   @domain.com
> 
> I hope this helps
> 
> 
> On Mon, Jul 25, 2016 at 11:30 PM, Edgar Pettijohn <ed...@pettijohn-web.com> 
> wrote:
> 
> 
> Sent from my iPhone
> 
> On Jul 25, 2016, at 2:18 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> 
> 
> 
> Sent from my iPhone
> 
> On Jul 25, 2016, at 11:33 AM, Denis Fondras <open...@ledeuns.net> wrote:
> 
> I'd like to bcc all incoming mail to a specified address, but could not 
> figure out how. Anyone has any pointers?
> My current setup is opensmtpd + dovecot with virtual domains.
> 
> I don't know if it is possible with OpenSMTPd.
> Alternatively and probably not as efficient but if you use pigeonho

Re: No Error When Failing To Deliver To Maildir

2016-07-14 Thread Edgar Pettijohn 


Sent from my iPhone

> On Jul 14, 2016, at 12:59 PM, pete wright  wrote:
> 
> Hello,
> I am migrating a currently running Postfix+Dovecot-IMAP system to
> OpenSMTPd+Dovecot-IMAP system and am running into an odd issue.
> 
> I am unable to deliver messages to the Maildir that I have copied over
> from my Postfix box.  Yet, I am able to deliver messages to freshly
> created accounts on this system - so I believe most of the plumbing
> with smtpd is working.  What is confusing me is that I am not getting
> an error message when I attempt to deliver a message as show here:
> 
> 
> debug: lka: userinfo :pete
> debug: mda: new session 5006d99cf314b917 for user ":pete"
> evpid 56810c49185eba8b
> debug: mda: no more envelope for ":pete"
> debug: mda: got message fd 4 for session 5006d99cf314b917 evpid 
> 56810c49185eba8b
> debug: mda: querying mda fd for session 5006d99cf314b917 evpid 
> 56810c49185eba8b
> debug: smtpd: forking mda for session 5006d99cf314b917:
> "/home/pete/Maildir/" as pete
> debug: mda: got mda fd 5 for session 5006d99cf314b917 evpid 56810c49185eba8b
> debug: mda: end-of-file for session 5006d99cf314b917 evpid 56810c49185eba8b
> debug: mda: all data sent for session 5006d99cf314b917 evpid 56810c49185eba8b
> debug: smtpd: mda process done for session 5006d99cf314b917: exited abnormally
> delivery: TempFail for 56810c49185eba8b: from=,
> to=, user=pete, method=file, delay=19h8m11s,
> stat=Error ("")
> debug: mda: session 5006d99cf314b917 done
> debug: mda: user "pete" becomes runnable
> debug: mda: all done for user ":pete"
> 
> 
> Specifically I am stumped by the "stat=Error("")" piece.  I have
> verified permissions of this users Maildir are correct, and match a
> known working account on this server.  I have also moved the old
> Maildir out of the way and created a empty one.  Yet in all cases I
> get the same error.  I also have removed this local account and
> re-added it with no success.  Here is my configuration for reference:
> 
> 
> % uname -ar
> FreeBSD vps-mail.nomadlogic.org 10.3-RELEASE-p4 FreeBSD
> 10.3-RELEASE-p4 #0: Sat May 28 12:23:44 UTC 2016
> r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> % pkg info opensmtpd | grep -e Name -e Version
> Name   : opensmtpd
> Version: 5.9.2p1_1,1
> 
> 
> % cat /usr/local/etc/mail/smtpd.conf
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
> 
> # Macros
> pub_int = "vtnet0"
> 
> # PKI config
> pki mail.nomadlogic.org certificate
> "/usr/local/etc/mail/ssl/mail.nomadlogic.org.crt"
> pki mail.nomadlogic.org key "/usr/local/etc/mail/ssl/mail.nomadlogic.org.key"
> 
> # Listen Rules, loopback no auth but encrypt/auth on public
> listen on lo0
> listen on $pub_int tls pki mail.nomadlogic.org
> 
> # If you edit the file, you have to run "smtpctl update table aliases"
> table aliases file:/etc/mail/aliases
> 
> # accept local messages and deliver to users maildir
> accept from any for domain "nomadlogic.org" deliver to maildir
> accept from any for domain "nomadlogic.org" alias  deliver to maildir
> 
> # allow outgoing emails
> accept for any relay
> 
> 
> Thanks for any troubleshooting tips in advance!
> -pete
> 
> 
> 
> -- 
> pete wright
> www.nycbug.org
> @nomadlogicLA
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

Have you checked the file permissions? Compare new to old.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table ownership/permissions issues

2016-08-16 Thread Edgar Pettijohn 
On 16-08-16 12:18:31, Jeremy Volkening wrote:
> Hello,
> 
> I'm setting up OpenSMTPD 5.7.3p2 on a Linux box (Debian 8).  So far
> everything is great except for one annoyance. I have a credentials table in
> 'passwd' format that I want to share between opensmtpd and dovecot. I have
> created a separate group and added the 'opensmtpd' and 'dovecot' users and
> given ownership of the table file to that group along with read permissions.
> However, under this setup smtpd fails to start, with this truncated output:
> 
> ...
> mproc: queue -> lka: enabled
> mproc: queue -> scheduler: enabled
> mproc: queue -> pony: enabled
> warn: table-passwd: error parsing config file
> warn: table-proc: imsg_read: Connection reset by peer
> fatal: table-proc: exiting
> ...
> 
> If I simply change the group ownership of the file from the shared
> "mail_auth" group to the "opensmtpd" group, everything works fine. The
> "opensmtpd" user is a member of both groups, and this is after a reboot so
> all group memberships have fully propagated. I have also confirmed that the
> "opensmtpd" user can read the file (e.g. with "cat") when owned by the
> "mail_auth" group.
> 
> I know this is an older version of the software. Is this a known issue that
> has since been resolved, or does anyone have any insight? I couldn't find
> anything at all relevant in the various lists and sources I searched.
> 
> Thanks,
> Jeremy
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
Your /etc/mail/smtpd.conf may be useful.  However, here is an excert from 
table(5) that I think applies.

 In a listener context, the credentials are a mapping of username and
 encrypted passwords:

   user1   $2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe
   user2   $2a$06$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK

But, I'm not sure if you are talking about in a listen context or not. I'm
currently sharing my users table in a passwd file with dovecot with no problems.
I do have a seperate creds table in the above format for my listen context.

/etc/mail/users passwd file
-rw-r--r--  1 root  wheel 214 Aug  3  2015 users

relevant doveconf -n
passdb {
  args = scheme=BLF-CRYPT username_format=%n /etc/mail/users
  driver = passwd-file
}

userdb {
  args = username_format=%n /etc/mail/users
  default_fields = quota_rule=*:storage=1G
  driver = passwd-file
}

I hope this helps.
-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table ownership/permissions issues

2016-08-16 Thread Edgar Pettijohn 
On 16-08-16 16:38:36, Edgar Pettijohn wrote:
> On 16-08-16 12:18:31, Jeremy Volkening wrote:
> > Hello,
> > 
> > I'm setting up OpenSMTPD 5.7.3p2 on a Linux box (Debian 8).  So far
> > everything is great except for one annoyance. I have a credentials table in
> > 'passwd' format that I want to share between opensmtpd and dovecot. I have
> > created a separate group and added the 'opensmtpd' and 'dovecot' users and
> > given ownership of the table file to that group along with read permissions.
> > However, under this setup smtpd fails to start, with this truncated output:
> > 
> > ...
> > mproc: queue -> lka: enabled
> > mproc: queue -> scheduler: enabled
> > mproc: queue -> pony: enabled
> > warn: table-passwd: error parsing config file
> > warn: table-proc: imsg_read: Connection reset by peer
> > fatal: table-proc: exiting
> > ...
> > 
> > If I simply change the group ownership of the file from the shared
> > "mail_auth" group to the "opensmtpd" group, everything works fine. The
> > "opensmtpd" user is a member of both groups, and this is after a reboot so
> > all group memberships have fully propagated. I have also confirmed that the
> > "opensmtpd" user can read the file (e.g. with "cat") when owned by the
> > "mail_auth" group.
> > 
> > I know this is an older version of the software. Is this a known issue that
> > has since been resolved, or does anyone have any insight? I couldn't find
> > anything at all relevant in the various lists and sources I searched.
> > 
> > Thanks,
> > Jeremy
> > 
> > -- 
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > 
> Your /etc/mail/smtpd.conf may be useful.  However, here is an excert from 
> table(5) that I think applies.
> 
>  In a listener context, the credentials are a mapping of username and
>  encrypted passwords:
> 
>user1   
> $2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe
>user2   
> $2a$06$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK
> 
> But, I'm not sure if you are talking about in a listen context or not. I'm
> currently sharing my users table in a passwd file with dovecot with no 
> problems.
> I do have a seperate creds table in the above format for my listen context.
> 
> /etc/mail/users passwd file
> -rw-r--r--  1 root  wheel 214 Aug  3  2015 users

I never noticed this was world readable which doesn't seem like a good thing.
Now I see what your problem is, because I tried the same thing and it causes 
problems for dovecot and smtpd. 

> 
> relevant doveconf -n
> passdb {
>   args = scheme=BLF-CRYPT username_format=%n /etc/mail/users
>   driver = passwd-file
> }
> 
> userdb {
>   args = username_format=%n /etc/mail/users
>   default_fields = quota_rule=*:storage=1G
>   driver = passwd-file
> }
> 
> I hope this helps.
> -- 
> Edgar Pettijohn
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: What is the correct syntax in opensmtpd

2016-08-17 Thread Edgar Pettijohn 


Sent from my iPhone

> On Aug 17, 2016, at 2:41 PM, Mik J  wrote:
> 
> Hello,
> 
> I have two rules like these
> accept from local for domain  relay via smtp://127.0.0.1:10023
> accept from source  for domain  relay via 
> smtp://127.0.0.1:10023
> 

Seems like you could add your local ip's to the myips table.

> Is there a way to make only one rule ?
> 
> If a mail is local OR coming from some ips I trust then relay the mails
> 
> Regards

Re: mlmmj with opensmtpd

2016-08-17 Thread Edgar Pettijohn 


Sent from my iPhone

> On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI  wrote:
> 
> I think:
> 
> 1) smtpd accepts message 
>   (accept from any recipient ! for domain  relay via
>"smtp://127.0.0.1:10024")
> 2) smtpd forwards to amavisd
> 3) avavisd returns the message scanned to smtpd
> 4) smtpd does not accept the message (invalid rcpt)
>   (accept tagged Scanned from local for domain  virtual 
>deliver to maildir "~/maildir")
> 
> I suspect your  does not contain the line
> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/".
> 
That's my thoughts also.

Edgar

> Marcus
> 
> siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST):
>> Hello, 
>> 
>> i try to run mlmmj with opensmtpd. 
>> 
>> My config:
>> 
>> # generate db using makemap
>> table aliases  file:/etc/smtpd/tables/aliases
>> table vdomsfile:/etc/smtpd/tables/domains.conf
>> table vusers   file:/etc/smtpd/tables/users.conf
>> table blacklistfile:/etc/smtpd/tables/blacklist.conf
>> 
>> # Filter
>> filter dnsbl-sorbsdnsbl   "-h dnsbl.sorbs.net"
>> filter dnsbl-spamcop  dnsbl   "-h bl.spamcop.net"
>> filter dnsbl-spamhaus dnsbl   "-h zen.spamhaus.org"
>> filter dnsbl-all  chain   dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus
>> 
>> # See smtpd.conf(5) for more information.
>> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
>> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
>> 
>> # Inbound mail smtp, smtps, deliver
>> listen on localhost
>> listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com
>> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
>> 
>> # Receive scanned mails from amavisd-new
>> listen on localhost port 10025 tag Scanned
>> 
>> # Deliver locally messages coming back in from scanner
>> accept from local for local alias  deliver to maildir "~/maildir"
>> accept tagged Scanned from local for domain  virtual  deliver 
>> to maildir "~/maildir"
>> reject tagged Scanned
>> 
>> # Forward all mail received for local domains to amavis
>> accept from any recipient ! for domain  relay via 
>> "smtp://127.0.0.1:10024"
>> 
>> # Relay anything that came in from authenticated users
>> accept from local for any relay
>> 
>> 
>> I set the virtual domains for lists and in alias i wrote:
>> 
>> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/"
>> 
>> 
>> But opensmtpd like not my mails. Where is my mistake? 
>> 
>> log
>> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47]
>> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on 
>> session 3ff7f8362c39862f: version=TLSv1.2, 
>> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
>> 48d916eb on session 3ff7f8362c39862f: from=, 
>> to=, size=2772, ndest=1, proto=ESMTP
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to 
>> smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b...
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on 
>> session 3ff7f8406ef2764b
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session 
>> 3ff7f8362c39862f
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f84124a80a05 from host localhost [127.0.0.1]
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on 
>> session 3ff7f84124a80a05: "RCPT TO:" 
>> => 550 Invalid recipient
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid 
>> recipients, skip data transfer
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp 
>> FWD from  -> 
>> , BODY=7BIT 550 5.1.0 from 
>> MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked 
>> MTA-BLOCKED {RejectedInbound}, [127.0.0.1] 
>> [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8]  -> 
>> , Message-ID: 
>> <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: pK4TzHnXfKAp, 
>> Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for 
>> 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from=, 
>> to=, rcpt=<->, source=127.0.0.1, 
>> relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected 
>> by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid 
>> recipient
>> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f846f96b5f37 from host

Re: table ownership/permissions issues

2016-08-16 Thread Edgar Pettijohn 


Sent from my iPhone

> On Aug 16, 2016, at 9:07 PM, Jeremy Volkening  wrote:
> 
>> On Tue, Aug 16, 2016 at 02:49:04PM -0500, Jeremy Volkening wrote:
>> Olivier,
>> 
>> Thanks for the reply.
>> 
>>> Seems you had issue with your passwd file.
>> 
>> I'm faily sure the format of the file is not the issue. To clarify, with:
>> 
>> -rw-r- 1 root opensmtpd  314 Aug 15 16:58 passwd
>> 
>> the server is working perfectly. With
>> 
>> -rw-r- 1 root mail_auth  314 Aug 15 16:58 passwd
>> 
>> the smtpd daemon fails to start with the previously described error. The 
>> only difference is the group owner of the file. The opensmtpd user is a 
>> member of both groups.
> 
> As an update to this - it works if I set "mail_auth" as the  group 
> of the opensmtpd user (rather than a secondary group). Not sure if this is a 
> feature or a bug but I'll file something over on the github project page. In 
> any case I consider this an acceptable fix to allow opensmtpd and dovecot to 
> share the file.
> 
Was dovecot able to use the file without g=r for you? It doesn't for me?

Edgar

> Jeremy
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Can't map an address to another one

2016-08-20 Thread Edgar Pettijohn 
I think you're entire smtpd.conf would be useful as well as logs.

Sent from my iPhone

> On Aug 20, 2016, at 5:57 PM, Mik J  wrote:
> 
> Hello,
> 
> I want to use some kind of alias addresses like mails sent to 
> i...@mydomain.org would arrive in u...@mydomain.org. Both are on my mail 
> server.
> 
> # cat /etc/mail/users
> i...@mydomain.org u...@mydomain.org
> u...@mydomain.org vmail
> 
> In my smtpd.conf
> table users file:/etc/mail/users
> accept tagged CLAM_IN for domain  virtual  deliver to maildir 
> "/var/mail/vmail/%{rcpt.domain}/%{rcpt.user}/Maildir"
> NB: This is the first rule
> 
> When I send a mail to i...@mydomain.org it doesn't arrive in 
> u...@mydomain.org it arrives in its own mailbox.
> 
> I don't really understand why
> 
> Does this configuration seem correct or did I miss something ?

Re: Can't map an address to another one

2016-08-21 Thread Edgar Pettijohn 
d2dd91a7 on 
> session efae740f284c98fc: from=<personal...@gmail.com>, 
> to=<i...@mydomain.org>, size=3169, ndest=1, proto=ESMTP
> Aug 21 09:38:10 mysmtp clamsmtpd: 100018: from=personal...@gmail.com, 
> to=i...@mydomain.org, status=CLEAN
> Aug 21 09:38:10 mysmtp smtpd[1986]: relay: Ok for afeec3df2f83edba: 
> session=efae740ed271d955, from=<personal...@gmail.com>, 
> to=<i...@mydomain.org>, rcpt=<->, source=127.0.0.1, relay=127.0.0.1 
> (localhost), delay=5s, stat=250 2.0.0: d2dd91a7 Message accepted for delivery
> Aug 21 09:38:10 mysmtp smtpd[1986]: delivery: Ok for d2dd91a7a2457a23: 
> from=<personal...@gmail.com>, to=<u...@mydomain.org>, 
> rcpt=<i...@mydomain.org>, user=vmail, method=maildir, delay=0s, stat=Delivered
> Aug 21 09:38:16 mysmtp smtpd[1986]: smtp-in: Closing session efae74061f50e98f
> Aug 21 09:38:16 mysmtp smtpd[1986]: smtp-out: Closing session 
> efae7405008428c6: 1 message sent.
> Aug 21 09:38:20 mysmtp smtpd[1986]: smtp-in: Closing session efae740f284c98fc
> Aug 21 09:38:20 mysmtp smtpd[1986]: smtp-out: Closing session 
> efae740ed271d955: 1 message sent.
> 
> In these logs I seeAug 21 09:38:10 mysmtp smtpd[1986]: delivery: Ok for 
> d2dd91a7a2457a23: from=<personal...@gmail.com>, to=<u...@mydomain.org>, 
> rcpt=<i...@mydomain.org>, user=vmail, method=maildir, delay=0s, stat=Delivered
> But then the mail is received in its own mailbox
> # cat 
> /var/mail/vmail/mydomain.org/info/Maildir/new/1471765090.2083.smtp.mydomain.org
> Return-Path: personaladd@gmail.comDelivered-To: i...@mydomain.org...
> Received: by mail-x-x.google.com with SMTP id l203so114910462oib.1
> ?? for <i...@mydomain.org>; Sun, 21 Aug 2016 00:38:05 -0700 (PDT)
> Regards
> 
>  
> 
> Le Dimanche 21 ao??t 2016 1h14, Edgar Pettijohn <ed...@pettijohn-web.com> 
> a ??crit :
>  
>  
> 
>  I think you're entire smtpd.conf would be useful as well as logs.
> 
> Sent from my iPhone
> On Aug 20, 2016, at 5:57 PM, Mik J <mikyde...@yahoo.fr> wrote:
> 
> 
> Hello,
> I want to use some kind of alias addresses like mails sent to 
> i...@mydomain.org would arrive in u...@mydomain.org. Both are on my mail 
> server.
> # cat /etc/mail/usersi...@mydomain.org user@mydomain.orgu...@mydomain.org 
> vmail
> In my smtpd.conftable users file:/etc/mail/usersaccept tagged CLAM_IN for 
> domain  virtual  deliver to maildir 
> "/var/mail/vmail/%{rcpt.domain}/%{rcpt.user}/Maildir"
> NB: This is the first rule
> When I send a mail to i...@mydomain.org it doesn't arrive in 
> u...@mydomain.org it arrives in its own mailbox.
> I don't really understand why
> Does this configuration seem correct or did I miss something ?
> 
> 
> 
>  
>   

-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: My aliases don't work

2016-09-06 Thread Edgar Pettijohn 
On 16-09-06 21:53:14, Mik J wrote:
> Hello,
> This is a very simple question but yet didn't find the answer.I have a 
> machine m1 which is a webserver. On openbsd there are daily reports and I 
> want them to be sent to an external address.
> # grep ^root /etc/mail/aliasesroot: myexternaladdress@mydomain.orgAfter 
> modifying the aliases files I run the command newaliases
> My opensmtpd configuration is very simplelisten on lo0table aliases 
> file:/etc/mail/aliasesaccept from local for any relay via smtp://192.168.1.1
> As I'm writing this message I realise that the line table aliases 
> file:/etc/mail/aliases is useless, but fair enough
> My problem is when I do: # mail -s "Resolv" root < /etc/resolv.conf it writes 
> to r...@m1.mydomain.org instead of myexternaladdress@mydomain.orgSo it looks 
> like the aliases file is ignored. Do you know why ?
> What's the right way to do it ?My web server should use my local mail server 
> as a relay which is going to sign emails etc.
> Thank you
Your message is all globbed up.  Please resend with full smtpd.conf.  

Thanks,
-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Filter withdrawals

2016-09-06 Thread Edgar Pettijohn 
I'm thinking of starting a support group for others suffering from filter 
withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd and 
sieve. Is there any other options besides amavis?  I really miss filter-regex. 
Haven't had any luck finding a replacement just curious if anyone out there has 
any suggestions.

Thanks,

Edgar

Sent from my iPhone

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpd.conf patch

2016-09-11 Thread Edgar Pettijohn 
Heres a couple more patches for filter removal.
-- 
Edgar Pettijohn
Index: smtpd.8
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.8,v
retrieving revision 1.30
diff -u -p -u -r1.30 smtpd.8
--- smtpd.8 18 Apr 2016 21:06:42 -  1.30
+++ smtpd.8 11 Sep 2016 14:37:21 -
@@ -102,8 +102,6 @@ io
 .It
 smtp (incoming sessions)
 .It
-filters
-.It
 transfer (outgoing sessions)
 .It
 bounce
Index: smtpctl.8
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpctl.8,v
retrieving revision 1.58
diff -u -p -u -r1.58 smtpctl.8
--- smtpctl.8   4 Sep 2016 09:33:49 -   1.58
+++ smtpctl.8   11 Sep 2016 14:37:37 -
@@ -258,8 +258,6 @@ io
 .It
 smtp (incoming sessions)
 .It
-filters
-.It
 mta (outgoing sessions)
 .It
 bounce

Re: Greylisting

2016-09-14 Thread Edgar Pettijohn 
What is in your blacklist. A  table may be what you're looking for.

Sent from my iPhone

> On Sep 14, 2016, at 6:56 AM, Silvio Siefke  wrote:
> 
> On Wed, 14 Sep 2016 11:32:51 +0200
> Gilles Chehade  wrote:
> 
>> shouldn't this be:
>> 
>>reject from any recipient  for any
> 
> I try with same result. Blacklist goes on. 
> 
> 
> Thank you & Nice day 
> Silvio
> 
> Sep 14 13:53:45 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp 
> event=connected address=98.138.91.123 host=nm30-vm6.bullet.mail.ne1.yahoo.com
> Sep 14 13:53:46 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp 
> event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, 
> bits=128"
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp 
> event=message msgid=16116e62 from= 
> to= size=2400 ndest=1 proto=ESMTP
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta 
> event=connecting address=smtp://127.0.0.1:10024 host=localhost
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta 
> event=connected
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp 
> event=closed reason=quit
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp 
> event=connected address=127.0.0.1 host=localhost
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp 
> event=message msgid=ba4f51c6 from= 
> to= size=3355 ndest=1 proto=ESMTP
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]:  mda 
> event=delivery evpid=ba4f51c6c3f4a2d7 from= 
> to= user=siefke method=maildir delay=0s result=Ok 
> stat=Delivered
> Sep 14 13:53:47 vps296466.ovh.net amavis[20722]: (20722-11) Passed SPAMMY 
> {RelayedTaggedInbound}, [127.0.0.1] [98.138.89.252]  
> -> , Message-ID: 
> <1184748261.935278.1473854025...@mail.yahoo.com>, mail_id: aUBo0X4GAEWV, 
> Hits: 1.652, size: 2434, queued_as: 250 2.0.0: ba4f51c6 Message accepted for 
> delivery, dkim_sd=s2048:yahoo.com, 614 ms
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta 
> event=delivery evpid=16116e624d9f8d9c from= 
> to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 
> (localhost) delay=1s result=Ok stat=250 2.0.0 from 
> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: ba4f51c6 Message accepted for delivery
> Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta 
> event=closed reason=quit messages=1
> Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp 
> event=closed reason=quit
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Greylisting

2016-09-13 Thread Edgar Pettijohn 


Sent from my iPhone

> On Sep 13, 2016, at 11:55 AM, Silvio Siefke <siefke_lis...@web.de> wrote:
> 
> On Mon, 12 Sep 2016 14:07:29 -0500
> Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> 
>> For anyone to answer that you would need to provide your smtpd.conf
>> possibly logs, etc...
> 
> 
> # generate db using makemap
> table aliases file:/etc/smtpd/tables/aliases
> table vdoms file:/etc/smtpd/tables/domains.conf
> table vusers file:/etc/smtpd/tables/users.conf
> table blacklist file:/etc/smtpd/tables/blacklist.conf
> 
> # See smtpd.conf(5) for more information.
> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
> 
> # Inbound mail smtp, smtps, deliver
> listen on localhost
> listen on eth0 port 25 tls pki fr-sb.silviosiefke.com
> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
> 
> # Receive scanned mails from amavisd-new
> listen on localhost port 10025 tag Scanned
> 
> # Deliver locally messages coming back in from scanner
> accept tagged Scanned from local for domain  virtual  deliver 
> to maildir "~/maildir"
> accept from local for local alias  deliver to maildir "~/maildir"
> reject tagged Scanned
> 

*
> # Forward all mail received for local domains to amavis
> accept from any recipient ! for domain  relay via 
> "smtp://127.0.0.1:10024"
> 
> # Relay anything that came in from authenticated users
> accept from local for any relay
> 
> 
> [root@vps296466 smtpd]# cat tables/users.conf 
> postmas...@silviosiefke.comwebmas...@silviosiefke.com
> ab...@silviosiefke.comwebmas...@silviosiefke.com
> webmas...@silviosiefke.comsiefke
> 
> 
> The log, you see listen@ is not in user file but smtpd take it and work
> with it. Normal should here come User Unknown and a reject.   
> 
I think the rule above marked with '*' is to blame. You are accepting 
everything for your domain and sending it to amavis.  Look at adding a 
recipients table from smtpd.conf(5).

> 
> Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp 
> event=message msgid=2f9f47a5 from=<i...@frontine.biz.ua> 
> to=<lis...@silviosiefke.de> size=77294 ndest=1 proto=ESMTP
> Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM 
> {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] 
> <i...@frontine.biz.ua> -> <lis...@silviosiefke.de>, quarantine: 
> spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>, 
> mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms
> Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta 
> event=delivery evpid=2f9f47a52033a7ab from=<i...@frontine.biz.ua> 
> to=<lis...@silviosiefke.de> rcpt=<-> source=127.0.0.1 relay=127.0.0.1 
> (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 - 
> spam
> Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp 
> event=message msgid=48c3c980 from=<i...@frontine.biz.ua> 
> to=<lis...@silviosiefke.de> size=278549 ndest=1 proto=ESMTP
> Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM 
> {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] 
> <i...@frontine.biz.ua> -> <lis...@silviosiefke.de>, quarantine: 
> spam-rvduM1a2D4oI.gz, Message-ID: <eeb301d20d0c$12f265d0$d106cf88@info>, 
> mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms
> Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta 
> event=delivery evpid=48c3c980cea50a79 from=<i...@frontine.biz.ua> 
> to=<lis...@silviosiefke.de> rcpt=<-> source=127.0.0.1 relay=127.0.0.1 
> (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 - 
> spam
> 
> Thank you for help,
> Silvio
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Modifying mails in queue

2016-09-12 Thread Edgar Pettijohn 


Sent from my iPhone

> On Sep 12, 2016, at 10:40 AM, Wilhelm Schuster  wrote:
> 
> Hi,
> 
> I’ve set up opensmtpd to first relay every messages to spampd (running on 
> localhost, port 10025) via:
> 
>accept from any for domain "wilhelm.re" relay via smtp://127.0.0.1:10025
> 
> Unfortunately, I had a configuration error where I had opensmtpd relay the 
> messages to lmtp://127.0.0.1:10025, which didn’t work and delivery failed 
> with "Network error on destination MXs”.
> 
> I’ve since corrected the config and mails get delivered again… Except for the 
> ones that arrived in the time window where I had the faulty config, which 
> opensmtpd tries to deliver to lmtp://127.0.0.1:10025 again and again.
> 
> Is there a way I can modify these mails in the queue to get relayed to 
> smtp://127.0.0.1:10025?
> 
> Cheers, Wilhelm Schuster.
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

I know I've seen this asked before. Found this one:

https://marc.info/?l=opensmtpd-misc=143639072009982=2

There are probably others with different solutions.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: util.c patch or res_comp.c patch

2016-09-26 Thread Edgar Pettijohn 
On 16-09-26 09:26:04, Gilles Chehade wrote:
> On Sun, Sep 25, 2016 at 11:20:39AM -0500, Edgar Pettijohn wrote:
> > In my testing it did not, but I could be wrong.
> > 
> > On 16-09-25 17:56:42, Eric Faurot wrote:
> > > On Sat, Sep 24, 2016 at 08:42:25PM -0500, Edgar Pettijohn wrote:
> > > > Enforce stricter rfc helo compliance.
> > > > -- 
> > > > Edgar Pettijohn
> > > 
> > > I am pretty sure res_hnok already does that check.
> > > 
> > > Eric.
> > > 
> 
> turns out res_hnok() doesn't, but should this be fixed in it or in smtpd ?

Apologize in advance if this message is duplicated.  Trying different configs 
and 
the first try didn't go through.

The following res_comp.c patch may be better.  It is simpler and catches the 
following:

.my.domain
my..domain
my.domain.

I haven't tested to see if it messes up anything else though.

> 
> 
> > > > Index: util.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/smtpd/util.c,v
> > > > retrieving revision 1.128
> > > > diff -u -p -u -r1.128 util.c
> > > > --- util.c  31 Aug 2016 10:18:08 -  1.128
> > > > +++ util.c  25 Sep 2016 01:41:34 -
> > > > @@ -495,6 +495,9 @@ valid_domainpart(const char *s)
> > > > struct in6_addr  ina6;
> > > > char*c, domain[SMTPD_MAXDOMAINPARTSIZE];
> > > > const char  *p;
> > > > +   size_t  len;
> > > > +
> > > > +   len = strlen(s);
> > > >  
> > > > if (*s == '[') {
> > > > if (strncasecmp("[IPv6:", s, 6) == 0)
> > > > @@ -519,8 +522,9 @@ valid_domainpart(const char *s)
> > > > return 0;
> > > > }
> > > >  
> > > > -   if (*s == '\0')
> > > > +   if (*s == '\0' || s[0] == '.' || s[len - 1] == '.') {
> > > > return 0;
> > > > +   }
> > > >  
> > > > return res_hnok(s);
> > > >  }
> > > 
> > > 
> > > -- 
> > > You received this mail because you are subscribed to misc@opensmtpd.org
> > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > 
> > -- 
> > Edgar Pettijohn
> > 
> > -- 
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > 
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

-- 
Edgar Pettijohn
Index: res_comp.c
===
RCS file: /cvs/src/lib/libc/net/res_comp.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 res_comp.c
--- res_comp.c  1 May 2016 15:17:29 -   1.20
+++ res_comp.c  26 Sep 2016 18:51:59 -
@@ -347,21 +347,16 @@ dn_find(u_char *exp_dn, u_char *msg, u_c
 int
 __res_hnok(const char *dn)
 {
-   int pch = PERIOD, ch = *dn++;
+   int pch = PERIOD, ch = *dn;
+
+   if (ch == '.')
+   return (0);
 
while (ch != '\0') {
int nch = *dn++;
 
if (periodchar(ch)) {
-   ;
-   } else if (periodchar(pch)) {
-   if (!borderchar(ch))
-   return (0);
-   } else if (periodchar(nch) || nch == '\0') {
-   if (!borderchar(ch))
-   return (0);
-   } else {
-   if (!middlechar(ch))
+   if (!borderchar(pch) || !borderchar(nch))
return (0);
}
pch = ch, ch = nch;

Re: util.c patch res_comp.c patch

2016-09-26 Thread Edgar Pettijohn 
On 16-09-26 09:26:04, Gilles Chehade wrote:
> On Sun, Sep 25, 2016 at 11:20:39AM -0500, Edgar Pettijohn wrote:
> > In my testing it did not, but I could be wrong.
> > 
> > On 16-09-25 17:56:42, Eric Faurot wrote:
> > > On Sat, Sep 24, 2016 at 08:42:25PM -0500, Edgar Pettijohn wrote:
> > > > Enforce stricter rfc helo compliance.
> > > > -- 
> > > > Edgar Pettijohn
> > > 
> > > I am pretty sure res_hnok already does that check.
> > > 
> > > Eric.
> > > 
> 
> turns out res_hnok() doesn't, but should this be fixed in it or in smtpd ?

The following catches: 
.my.domain
my..domain
my.domain.

I haven't tested to see if it breaks anything else though.
> 
> 
> > > > Index: util.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/smtpd/util.c,v
> > > > retrieving revision 1.128
> > > > diff -u -p -u -r1.128 util.c
> > > > --- util.c  31 Aug 2016 10:18:08 -  1.128
> > > > +++ util.c  25 Sep 2016 01:41:34 -
> > > > @@ -495,6 +495,9 @@ valid_domainpart(const char *s)
> > > > struct in6_addr  ina6;
> > > > char*c, domain[SMTPD_MAXDOMAINPARTSIZE];
> > > > const char  *p;
> > > > +   size_t  len;
> > > > +
> > > > +   len = strlen(s);
> > > >  
> > > > if (*s == '[') {
> > > > if (strncasecmp("[IPv6:", s, 6) == 0)
> > > > @@ -519,8 +522,9 @@ valid_domainpart(const char *s)
> > > > return 0;
> > > > }
> > > >  
> > > > -   if (*s == '\0')
> > > > +   if (*s == '\0' || s[0] == '.' || s[len - 1] == '.') {
> > > > return 0;
> > > > +   }
> > > >  
> > > > return res_hnok(s);
> > > >  }
> > > 
> > > 
> > > -- 
> > > You received this mail because you are subscribed to misc@opensmtpd.org
> > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > 
> > -- 
> > Edgar Pettijohn
> > 
> > -- 
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > 
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

-- 
Edgar Pettijohn
Index: res_comp.c
===
RCS file: /cvs/src/lib/libc/net/res_comp.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 res_comp.c
--- res_comp.c  1 May 2016 15:17:29 -   1.20
+++ res_comp.c  26 Sep 2016 18:51:59 -
@@ -347,21 +347,16 @@ dn_find(u_char *exp_dn, u_char *msg, u_c
 int
 __res_hnok(const char *dn)
 {
-   int pch = PERIOD, ch = *dn++;
+   int pch = PERIOD, ch = *dn;
+
+   if (ch == '.')
+   return (0);
 
while (ch != '\0') {
int nch = *dn++;
 
if (periodchar(ch)) {
-   ;
-   } else if (periodchar(pch)) {
-   if (!borderchar(ch))
-   return (0);
-   } else if (periodchar(nch) || nch == '\0') {
-   if (!borderchar(ch))
-   return (0);
-   } else {
-   if (!middlechar(ch))
+   if (!borderchar(pch) || !borderchar(nch))
return (0);
}
pch = ch, ch = nch;

Re: util.c patch

2016-09-25 Thread Edgar Pettijohn 
In my testing it did not, but I could be wrong.

On 16-09-25 17:56:42, Eric Faurot wrote:
> On Sat, Sep 24, 2016 at 08:42:25PM -0500, Edgar Pettijohn wrote:
> > Enforce stricter rfc helo compliance.
> > -- 
> > Edgar Pettijohn
> 
> I am pretty sure res_hnok already does that check.
> 
> Eric.
> 
> > Index: util.c
> > ===
> > RCS file: /cvs/src/usr.sbin/smtpd/util.c,v
> > retrieving revision 1.128
> > diff -u -p -u -r1.128 util.c
> > --- util.c  31 Aug 2016 10:18:08 -  1.128
> > +++ util.c  25 Sep 2016 01:41:34 -
> > @@ -495,6 +495,9 @@ valid_domainpart(const char *s)
> > struct in6_addr  ina6;
> > char*c, domain[SMTPD_MAXDOMAINPARTSIZE];
> > const char  *p;
> > +   size_t  len;
> > +
> > +   len = strlen(s);
> >  
> > if (*s == '[') {
> > if (strncasecmp("[IPv6:", s, 6) == 0)
> > @@ -519,8 +522,9 @@ valid_domainpart(const char *s)
> > return 0;
> > }
> >  
> > -   if (*s == '\0')
> > +   if (*s == '\0' || s[0] == '.' || s[len - 1] == '.') {
> > return 0;
> > +   }
> >  
> > return res_hnok(s);
> >  }
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

-- 
Edgar Pettijohn

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpd recipient rule not matched

2017-04-06 Thread Edgar Pettijohn 


On 04/06/17 09:01, Frank Timmers wrote:

Hi,

I’ve got a  rule based on recipients, however for some reason it’s not 
matched and therefor the mail bounced. Can anyone tell me if I’m doing 
something wrong?


Thanks and kind regards,
/Frank.

—
smtpd.conf rule:
table recipient_whitelist file:/etc/opensmtpd/recipient_whitelist
accept recipient  relay via smtp://127.0.0.1:10027


I think you have to do like this:

accept for domain example.com recipient  relay via 


—

—
/etc/opensmtpd/recipient_whitelist:
# accept all mails to these recipients
mon...@example.com 
ban...@example.com 
—

—
Output from “smtpd -dv -T lookup -T rules”:
debug: smtp: new client on listener: 0xe253a0
13e045ff1aa2603d smtp event=connected address=192.168.0.10 
host=client.example.com 

debug: smtp: SIZE in MAIL FROM command
lookup: check “192.168.0.10" as NETADDR in table static: -> 0
no rule matched
13e045ff1aa2603d smtp event=failed-command command="RCPT 
TO:> 
ORCPT=rfc822;mon...@example.com " 
result="550 Invalid recipient"

13e045ff1aa2603d smtp event=closed reason=quit
debug: smtp: 0xe1d3f0: deleting session: done
—

Re: ssl+auth

2017-04-26 Thread Edgar Pettijohn 

try tls+auth


On 04/26/17 11:49, Nike wrote:

Hello,

Why this doesn't work:
ssl+auth://n...@smtp.yandex.ru:465



FreeBSD 11, opensmtpd-5.9.2p1_3,1






--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay for authenticated users

2017-05-03 Thread Edgar Pettijohn 



On 05/03/17 16:27, Frank Timmers wrote:

Hi Edgar,


Op 3 mei 2017, om 23:04 heeft Edgar Pettijohn <ed...@pettijohn-web.com> het 
volgende geschreven:



On 05/03/17 08:05, Frank Timmers wrote:

Hi,

I’m trying to allow relay for authenticated users, however “smtpd -n” gives a 
syntax error on the last line (with the authenticated) keyword. As far as I 
understand the documentation [1], this should be the correct syntax. I’ve 
included my config below. Any hints on why this isn’t working? I’m using 
OpenSMTPD version 6.0.2p1.

In the config below, i differentiate between hosts which can only mail to internal domains 
and hosts which can relay to any domain. It would be great to be able to do the same for 
authenticated users. For example with “accept from any user 
 for domain ”. I don’t see how I 
would be able to do that with the current options.

Thanks and Kind regards,
Frank.



1: http://man.openbsd.org/smtpd.conf

—
# PKI
pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
pki mail.example.com key "/etc/opensmtpd/ssl.key"

# If you edit the file, you have to run "smtpctl update table "
table internal_domains file:/etc/opensmtpd/tables/internal_domains
table sender_domains file:/etc/opensmtpd/tables/sender_domains
table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally
table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally
table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist
table smtp_users file:/etc/opensmtpd/tables/smtp_users

# Interface to listen on any address (needed for failover)
listen on 0.0.0.0 secure auth-optional  pki mail.example.com

# Listen on localhost for DKIM signed mail
listen on 127.0.0.1 port 10028 tag DKIM

# Relay all DKIM signed mails
accept tagged DKIM for any relay

# accept all mail for whitelisted recipients and relay to dkimproxy
accept from any for any recipient  relay via 
smtp://127.0.0.1:10027

# Hosts in table  are allowed to relay to any from 
approved sender domains
accept from source  sender  for any relay 
via smtp://127.0.0.1:10027

# Hosts in table  are allowed to relay to any from 
approved sender domains
accept from source  sender  for domain 
 relay via smtp://127.0.0.1:10027

# Authenticated users are allowed to relay
accept authenticated from any relay
—



try:
accept authenticated for any relay

Thanks for the response. This also produces a syntax error message.

Regards,
Frank


I was thinking you may also need to switch from auth-optional to auth. I 
believe they are treated differently.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: /var/spool/smtpd/purge not cleaned up

2017-05-11 Thread Edgar Pettijohn 



On 05/11/17 10:04, Philippe Meunier wrote:

Hello,

I'm running a default OpenSMTPD on OpenBSD 6.1 (and several previous
versions of it before).  I've noticed that OpenSMTPD creates two
directories in /var/spool/smtpd/purge every time it is started but never
deletes these directories when shutting down.  This might be fine on an
email server that's always up and running but this is on a laptop computer
that's turned on and off several times a day...  The result is that I have
now hundreds of these empty directories in /var/sppol/smtpd/purge and just
doing an "ls" in that directory is very noticeably slow as a result.  I
obviously can easily delete all these directories but it's kind of annoying
to have to do that by hand every few months, so:
- is there any special reason why OpenSMTPD doesn't clean up after itself
when it shuts down?
- out of curiosity, what are these folders for anyway?  I've look at all
the man pages related to OpenSMTPD and there's no explanation I could find
for the purge directory anywhere...

Thanks,

Philippe



I think its because the directory is owned by _smtpq and it looks like 
the intent was to clean up these files in purge_task(). However, it is 
running as _smtpd and can't rmtree() because of this. Of course that is 
if I have interpreted this correctly.
Index: smtpd.c
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
retrieving revision 1.288
diff -u -p -u -r1.288 smtpd.c
--- smtpd.c	9 Jan 2017 09:53:23 -	1.288
+++ smtpd.c	12 May 2017 01:53:14 -
@@ -1194,8 +1194,8 @@ purge_task(void)
 			log_warn("warn: purge_task: fork");
 			break;
 		case 0:
-			if ((pw = getpwnam(SMTPD_USER)) == NULL)
-fatalx("unknown user " SMTPD_USER);
+			if ((pw = getpwnam(SMTPD_QUEUE_USER)) == NULL)
+fatalx("unknown user " SMTPD_QUEUE_USER);
 			if (chroot(PATH_SPOOL PATH_PURGE) == -1)
 fatal("smtpd: chroot");
 			if (chdir("/") == -1)

Re: Opensmtpd with multiple certificates

2017-05-14 Thread Edgar Pettijohn 



On 05/14/17 07:20, Bruno Pagani wrote:


Le 14/05/2017 à 09:59, Mik J a écrit :


Thank you Edgar,
You wrote multiple IP adresses. Does it mean that 1 IP address = 1 
certificate ?

Can't be do 1 IP address = x certificates ?


No, you can do 1 IP = x certs, thanks to SNI. I do that, my conf:

pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt"
pki domain1.com key "/etc/smtpd/tls/domain1.com.key"
pki domain2.com certificate "/etc/smtpd/tls/domain2.com.crt"
pki domain2.com key "/etc/smtpd/tls/domain2.com.key"

listen on  hostname  port 25 tls

The hostname part is only necessary if you want to advertise a 
specific hostname when contacted without SNI. The important thing is 
to not specify a pki.


Regards,
Bruno
I think I used two because the  table is a mapping from an ip 
to a name.  I'll have to give this a try.

Re: Opensmtpd with multiple certificates

2017-05-13 Thread Edgar Pettijohn 



On 05/13/17 17:55, Mik J wrote:

Hello,

I would like to know if it's possible to use multiple 
certificates/keys with opensmtpd


domain.com has MX mx.domain.com
acme.com has MX mx.acme.com

When a clients (remote mta such as gmail) connects to my server, my 
opensmtpd should send the according certificate.

Something like virtual hosts with httpd

Otherwise, what should I do when my opensmtpd server hosts multiple 
domaines with multiple mx records.


Thank you


domain1 = "192.168.1.1"
domain2 = "192.168.1.2"

pki domain1.com certificate "/etc/ssl/domain1.com.crt"
pki domain1.com key "/etc/ssl/private/domain1.com.key"

pki domain2.com certificate "/etc/ssl/domain2.com.crt"
pki domain2.com key "/etc/ssl/private/domain2.com.key"

listen on $domain1 tls pki domain1.com etc, etc...
listen on $domain2 tls pki domain2.com etc, etc...

Hope this helps.

Re: Enabling route every 2 seconds in a loop

2017-05-23 Thread Edgar Pettijohn 



On 05/23/17 13:03, mabi wrote:

Hello,

My OpenSMTPd 6.0.2p1 mail gateway is somehow looping indefinitely with 
the following log output every 2 seconds:


May 23 20:00:44 mgw smtpd[28997]: smtp-out: Enabling route [] <-> 
163.114.21.130 (mtagated.edf.fr)
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta 
event=connecting address=smtp+tls://163.114.21.130:25 host=mtagated.edf.fr

May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connected
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=error 
reason=IO Error: Connection reset by peer
May 23 20:00:44 mgw smtpd[28997]: smtp-out: Disabling route [] <-> 
163.114.21.130 (mtagated.edf.fr) for 15s




There are no mails in the queue and I don't see why it is trying to 
connect to that server every 2 seconds.


Any idea what is going wrong here?

Regards,
M.

Do you have some sort of webapp trying to "sendmail"?

Re: OpenSMTPD sometimes forgets to say Bye

2017-06-06 Thread Edgar Pettijohn 
I couldn't.

⁣Sent from BlueMail ​

On Jun 6, 2017, 10:33 AM, at 10:33 AM, Bruce Walzer  wrote:
>On Wed, May 24, 2017 at 06:41:02PM -0500, Bruce Walzer wrote:
>> This is whatever version of OpenSMTPD is in OpenBSD 6.1 -release. The
>> problem has been seen on two systems, both amd64. Roundcube and
>> mailman have both shown problems related to this (in the case of
>> mailman it completely stops mail delivery until the offending message
>> is removed from the outgoing queue).
>
>[...]
>
>>
>> I am hoping this is easy to reproduce.
>
>Well was it? :) I want to know if there is some more work I should
>do...
>
>Did anyone have trouble reproducing this?
>
>
>Bruce
>
>--
>You received this mail because you are subscribed to misc@opensmtpd.org
>To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay for authenticated users

2017-05-04 Thread Edgar Pettijohn 
I believe they are treated as local users. I've never used the "authenticated" 
keyword, so I'm not sure how to implement it correctly. I think my current 
setup I tag the incoming messages on submission port and use the tag in my 
relay rule.

⁣Sent from BlueMail ​

On May 4, 2017, 3:02 AM, at 3:02 AM, Joerg Jung  wrote:
>
>> On 3. May 2017, at 15:05, Frank Timmers 
>wrote:
>>
>> Hi,
>>
>> I’m trying to allow relay for authenticated users, however “smtpd -n”
>gives a syntax error on the last line (with the authenticated) keyword.
>As far as I understand the documentation [1], this should be the
>correct syntax. I’ve included my config below. Any hints on why this
>isn’t working? I’m using OpenSMTPD version 6.0.2p1.
>>
>> In the config below, i differentiate between hosts which can only
>mail to internal domains and hosts which can relay to any domain. It
>would be great to be able to do the same for authenticated users. For
>example with “accept from any user  for
>domain ”. I don’t see how I would be able to do that
>with the current options.
>> 
>> Thanks and Kind regards,
>> Frank.
>>
>>
>>
>> 1: http://man.openbsd.org/smtpd.conf
>>
>> —
>> # PKI
>> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
>> pki mail.example.com key "/etc/opensmtpd/ssl.key"
>>
>> # If you edit the file, you have to run "smtpctl update table
>"
>> table internal_domains file:/etc/opensmtpd/tables/internal_domains
>> table sender_domains file:/etc/opensmtpd/tables/sender_domains
>> table can_relay_internally
>file:/etc/opensmtpd/tables/can_relay_internally
>> table can_relay_externally
>file:/etc/opensmtpd/tables/can_relay_externally
>> table recipient_whitelist
>file:/etc/opensmtpd/tables/recipient_whitelist
>> table smtp_users file:/etc/opensmtpd/tables/smtp_users
>>
>> # Interface to listen on any address (needed for failover)
>> listen on 0.0.0.0 secure auth-optional  pki
>mail.example.com
>>
>> # Listen on localhost for DKIM signed mail
>> listen on 127.0.0.1 port 10028 tag DKIM
>>
>> # Relay all DKIM signed mails
>> accept tagged DKIM for any relay
>>
>> # accept all mail for whitelisted recipients and relay to dkimproxy
>> accept from any for any recipient  relay via
>smtp://127.0.0.1:10027
>>
>> # Hosts in table  are allowed to relay to any
>from approved sender domains
>> accept from source  sender  for
>any relay via smtp://127.0.0.1:10027
>>
>> # Hosts in table  are allowed to relay to any
>from approved sender domains
>> accept from source  sender  for
>domain  relay via smtp://127.0.0.1:10027
>>
>> # Authenticated users are allowed to relay
>> accept authenticated from any relay
>> —
>
>If I remember correctly, authenticated users are treated like “local”
>users, so
>   accept rom local for any relay
>might work.
>
>--
>You received this mail because you are subscribed to misc@opensmtpd.org
>To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relaying based on recipient's domain?

2017-05-04 Thread Edgar Pettijohn 
I don't have my laptop with me to test anything out first, but look at 
recipient tables and tag that rule. Then for the relay use that tag to send it 
out on the correct relay. Hopefully that makes sense.

⁣Sent from BlueMail ​

On May 4, 2017, 11:24 AM, at 11:24 AM, Don Harper  wrote:
>Hello, all!
>Sorry if this has been asked before, but my googling did not turn
>anything up.
>
>Is it possible to setup which host to relay through based on the
>recipient's domain?  Say, if user is f...@dom1.org, go to relay1.net,
>and
>if it is b...@dom2.org, go to relay2.org?
>
>Thanks!
>
>d
>
>
>--
>Don Harper, RHCEemail:
>d...@duckland.org
>Just a systems kinda guy...
>http://www.duckland.org
>
>--
>You received this mail because you are subscribed to misc@opensmtpd.org
>To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: cannot send mail

2017-10-08 Thread Edgar Pettijohn 
On Sun, Oct 08, 2017 at 05:16:11PM -0400, Timothy Marion wrote:
> Hi All,
> 
> I am able to receive mail but I cannot send mail. Could anyone point me in
> the right direction?
> 
> Thanks,
> 
> Tim
> 
> # $OpenBSD: smtpd.conf,v 1.9 2016/05/03 18:43:45 jung Exp $
> 
> 
> pki jupiter.timothymarion.com certificate "/etc/letsencrypt/live/
> www.timothymarion.com/fullchain.pem"
> pki jupiter.timothymarion.com key "/etc/letsencrypt/live/
> www.timothymarion.com/privkey.pem"
> 
> table aliases file:/etc/mail/aliases
table credentials file:/etc/mail/creds

look at table(5) for details, but basically creds would look like
user1   password (using smtpctl to create the encrypted password)
> 
> listen on all
I prefer listing individually
listen on em0 port 25 tls pki jupiter.whatever
listen on em0 port 587 tls pki jupiter.something auth 
> 
> accept from any for domain "timothymarion.com" alias deliver to mbox
accept from any for domain "timothymarion.com" alias  deliver to mbox
> accept for local alias deliver to mbox
accept for local alias  deliver to mbox
> accept from local for any relay
> 
> 
> /var/log/mailog
> 
> Oct 8 23:04:50 jupiter smtpd[21640]: 0cd1353692397daf smtp event=connected
> address=14.177.236.10 host=static.vnpt.vn
> Oct 8 23:04:51 jupiter smtpd[21640]: 0cd1353692397daf smtp
> event=failed-command address=14.177.236.10 host=static.vnpt.vn
> command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not
> supported"
> Oct 8 23:04:51 jupiter smtpd[21640]: 0cd1353692397daf smtp event=closed
> address=14.177.236.10 host=static.vnpt.vn reason=quit>br>

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: list of features

2017-08-28 Thread Edgar Pettijohn 
On Mon, Aug 28, 2017 at 08:55:44AM -0300, Felipe N. Oliva wrote:
> Hello!
> 
> I'm looking for the list of features that opensmtpd has implemented.
> 
> Can someone help me?
> 
> I'm very interested in quitting qmail.
> 

I think this depends on your definition of feature. What features are you 
looking for?
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: list of features

2017-08-28 Thread Edgar Pettijohn 
On Mon, Aug 28, 2017 at 02:22:14PM -0300, Felipe N. Oliva wrote:
> 
> 
> Em 8/28/17 13:43, Edgar Pettijohn escreveu:
> > On Mon, Aug 28, 2017 at 08:55:44AM -0300, Felipe N. Oliva wrote:
> >> Hello!
> >>
> >> I'm looking for the list of features that opensmtpd has implemented.
> >>
> >> Can someone help me?
> >>
> >> I'm very interested in quitting qmail.
> >>
> > I think this depends on your definition of feature. What features are you
> > looking for?
> Like SPF or RBL checking.

Currently no. Unless your distro still packages the circa 5.9.2 release with
the accompanying opensmtpd-extras which has filters for rbl checking, not sure
about spf checks. Not sure that spf checks are all that accurate. Of course 
that is up for debate.

> >>
> >> -- 
> >> You received this mail because you are subscribed to misc@opensmtpd.org
> >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >>
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Mail relay

2017-11-28 Thread Edgar Pettijohn 
On Tue, Nov 28, 2017 at 05:55:14PM +0100, R??my Silber wrote:
> Hello. Hello,
> I'm just a geek who whish don't use google smtp and so, I have email
> problems;)
> Thanks
> 
> I have a virtual machine (VM1) that is configured normally. I manage to
> send messages, (maybe errors in reception, but this is not the problem yet).
> 
> VM1# cat /etc/smtpd/smtpd.conf
> # tables setup
> table aliases file:/etc/smtpd/aliases
> table domains file:/etc/smtpd/domains
> 
> # pki setup
> pki mail.esprit-bourse.com key "/etc/ssl/private/mail.esprit-
> bourse.com.pem"
> pki mail.esprit-bourse.com certificate "/etc/ssl/certs/mail.esprit-
> bourse.com.pem"
> 
> # Deliver
> listen on lo
> listen on lo port 10028 tag DKIM
> listen on eth0 port 25 tls pki mail.esprit-bourse.com
> #listen on eth0 port 587 tls-require pki mail.esprit-bourse.com #auth
> listen on eth0 port 587 tls pki mail.esprit-bourse.com auth
> 
> # dkim tagged can be sent
> accept tagged DKIM for any relay
> 
> accept from any for domain  alias  deliver to maildir
> "~/Maildir"
> accept from local for local alias  deliver to maildir
> "~/Maildir"
> #accept from local for local alias  deliver to maildir
> "~/Maildir"
> #accept from any for domain  deliver to maildir "~/Maildir"
> 
> # Relay
> # if not dkim tagged, send it to dkimproxy
> accept from local for any relay via smtp://127.0.0.1:10027
> 
> 
> A machine (VM2) that sends messages via VM1 relay.
> I can send emails with smtp. gmail.com, but not with my own server as I
> wish.
> 
> VM2# cat /etc/smtpd/smtpd.conf
> table secrets file:/etc/smtpd/secrets
> table aliases file:/etc/smtpd/aliases
> 
> listen on lo
> 
> accept from any for any relay via secure+auth://label@mail.
> esprit-bourse.com:587 auth 
> 
> 
> Here are the logs
> 
> VM1
> nothing about smtpd
> 
> VM2
> 
> Logs
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=connected address=local host=esprit-bourse
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=message msgid=05022889 from= to=
> size=387 ndest=1 proto=ESMTP
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=closed reason=quit
> 
> 
> VM2:~# smtpctl show queue
> 050228898c9f6a97|local|mta|auth|r...@mydomaine.com|d...@gmail.com|
> d...@gmail.com|1511886844|1512232444|1511886844|0|inflight|28|
> bc98f40538f28829|local|mta|auth|r...@ydomaine.com|d...@gmail.com|
> d...@gmail.com|1511877321|151921|1511877321|0|inflight|9551|
> 
> 
> VM2:~# sendmail -vt < mail
> <<< 220 esprit-bourse ESMTP OpenSMTPD
> >>> EHLO localhost
> <<< 250-esprit-bourse Hello localhost [local], pleased to meet you
> <<< 250-8BITMIME
> <<< 250-ENHANCEDSTATUSCODES
> <<< 250-SIZE 36700160
> <<< 250 HELP
> >>> MAIL FROM:
> <<< 250 2.0.0: Ok
> >>> RCPT TO:
> <<< 250 2.1.5 Destination address valid: Recipient ok
> >>> DATA
> <<< 354 Enter mail, end with "." on a line by itself
> >>> .
> <<< 250 2.0.0: 05022889 Message accepted for delivery
> >>> QUIT
> <<< 221 2.0.0: Bye

Are you sure your ports are open.  I just tried:

$ telnet mail.esprit-bourse.com 587
Trying 88.185.16.8...
^C

Had to kill it as it was just sitting there.
> 
> -- 
> Cordialement
> R??my Silber

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Mail relay

2017-11-29 Thread Edgar Pettijohn 
On Tue, Nov 28, 2017 at 05:55:14PM +0100, R??my Silber wrote:
> Hello. Hello,
> I'm just a geek who whish don't use google smtp and so, I have email
> problems;)
> Thanks
> 
> I have a virtual machine (VM1) that is configured normally. I manage to
> send messages, (maybe errors in reception, but this is not the problem yet).
> 
> VM1# cat /etc/smtpd/smtpd.conf
> # tables setup
> table aliases file:/etc/smtpd/aliases
> table domains file:/etc/smtpd/domains
> 
> # pki setup
> pki mail.esprit-bourse.com key "/etc/ssl/private/mail.esprit-
> bourse.com.pem"
> pki mail.esprit-bourse.com certificate "/etc/ssl/certs/mail.esprit-
> bourse.com.pem"
> 
> # Deliver
> listen on lo
> listen on lo port 10028 tag DKIM
> listen on eth0 port 25 tls pki mail.esprit-bourse.com
> #listen on eth0 port 587 tls-require pki mail.esprit-bourse.com #auth
> listen on eth0 port 587 tls pki mail.esprit-bourse.com auth
> 
> # dkim tagged can be sent
> accept tagged DKIM for any relay
> 
> accept from any for domain  alias  deliver to maildir
> "~/Maildir"
> accept from local for local alias  deliver to maildir

Your incoming mail on port 587 will match this rule.

> "~/Maildir"
> #accept from local for local alias  deliver to maildir
> "~/Maildir"
> #accept from any for domain  deliver to maildir "~/Maildir"
> 
> # Relay
> # if not dkim tagged, send it to dkimproxy
> accept from local for any relay via smtp://127.0.0.1:10027
> 
> 
> A machine (VM2) that sends messages via VM1 relay.
> I can send emails with smtp. gmail.com, but not with my own server as I
> wish.
> 
> VM2# cat /etc/smtpd/smtpd.conf
> table secrets file:/etc/smtpd/secrets

Are you sure your secrets file is correct and is your label actually
label if not you need to adjust the accept line below.

> table aliases file:/etc/smtpd/aliases
> 
> listen on lo
> 
> accept from any for any relay via secure+auth://label@mail.
^^
I think there was talk of
tls+auth being better. Not sure
though.
> esprit-bourse.com:587 auth 

Are you sure you want to accept anything from anyone and relay it?

> 
> 
> Here are the logs
> 
> VM1
> nothing about smtpd

is it running?

> 
> VM2
> 
> Logs
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=connected address=local host=esprit-bourse
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=message msgid=05022889 from= to=
> size=387 ndest=1 proto=ESMTP
> Nov 28 16:34:04 esprit-bourse mail.info smtpd[3652]: 368dfe322a55edb3 smtp
> event=closed reason=quit
> 
> 
> VM2:~# smtpctl show queue
> 050228898c9f6a97|local|mta|auth|r...@mydomaine.com|d...@gmail.com|
> d...@gmail.com|1511886844|1512232444|1511886844|0|inflight|28|
> bc98f40538f28829|local|mta|auth|r...@ydomaine.com|d...@gmail.com|
> d...@gmail.com|1511877321|151921|1511877321|0|inflight|9551|
> 
> 
> VM2:~# sendmail -vt < mail
> <<< 220 esprit-bourse ESMTP OpenSMTPD
> >>> EHLO localhost
> <<< 250-esprit-bourse Hello localhost [local], pleased to meet you
> <<< 250-8BITMIME
> <<< 250-ENHANCEDSTATUSCODES
> <<< 250-SIZE 36700160
> <<< 250 HELP
> >>> MAIL FROM:
> <<< 250 2.0.0: Ok
> >>> RCPT TO:
> <<< 250 2.1.5 Destination address valid: Recipient ok
> >>> DATA
> <<< 354 Enter mail, end with "." on a line by itself
> >>> .
> <<< 250 2.0.0: 05022889 Message accepted for delivery
> >>> QUIT
> <<< 221 2.0.0: Bye
> 
> -- 
> Cordialement
> R??my Silber

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: lka.c patch

2017-12-16 Thread Edgar Pettijohn 
Sorry forgot to make cpass an int

Index: lka.c
===
RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
retrieving revision 1.199
diff -u -p -u -r1.199 lka.c
--- lka.c   17 May 2017 14:00:06 -  1.199
+++ lka.c   16 Dec 2017 15:07:16 -
@@ -453,7 +453,7 @@ static int
 lka_authenticate(const char *tablename, const char *user, const char *password)
 {
struct table*table;
-   char*cpass;
+   int cpass;
union lookup lk;

log_debug("debug: lka: authenticating for %s:%s", tablename, user);
@@ -472,10 +472,10 @@ lka_authenticate(const char *tablename,
case 0:
return (LKA_PERMFAIL);
default:
-   cpass = crypt(password, lk.creds.password);
-   if (cpass == NULL)
+   cpass = crypt_checkpass(password, lk.creds.password);
+   if (cpass < 0)
return (LKA_PERMFAIL);
-   if (!strcmp(lk.creds.password, cpass))
+   else
return (LKA_OK);
return (LKA_PERMFAIL);
}


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

lka.c patch

2017-12-16 Thread Edgar Pettijohn 
I was playing with some perl cgi for a webapp to automate user (sql) tables,
etc updating / allow users to change their passwords.  I had never
noticed that `smtpctl encrypt ${string}' provided a different hash each
time.  Which is obviously the more better way to do passwords. However,
looking into the code to see what I could do to solve this problem for
myself I saw lka.c was using crypt(3). Whose manual recommends switching
to crypt_checkpass(3). Here is a minor patch to do so.

Index: lka.c
===
RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
retrieving revision 1.199
diff -u -p -u -r1.199 lka.c
--- lka.c   17 May 2017 14:00:06 -  1.199
+++ lka.c   16 Dec 2017 13:50:07 -
@@ -472,10 +472,10 @@ lka_authenticate(const char *tablename,
case 0:
return (LKA_PERMFAIL);
default:
-   cpass = crypt(password, lk.creds.password);
-   if (cpass == NULL)
+   cpass = crypt_checkpass(password, lk.creds.password);
+   if (cpass < 0)
return (LKA_PERMFAIL);
-   if (!strcmp(lk.creds.password, cpass))
+   else
return (LKA_OK);
return (LKA_PERMFAIL);
}

Thanks,

Edgar

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

  1   2   3   >