Heho,
On Sun, 2023-08-06 at 22:58 +0400, Archange wrote:
> isis.lip6.fr
This host has an IPv4 and IPv6 address. If you use the v4 addr.
verbatim, the connection fails. If you use the FQDN, you use the v6
addr, the connection works.
Works:
openssl s_client -connect \[2001:660:3302:283c::2\]:25
.
smtpd.conf is fully default (it is internal mail-sending for monitoring
purposes, so the remote is rather 'friendly').
Other hosts with a similar configuration (but no v4 except lo) do not
show the same behavior.
Any ideas what i might have missed?
With best regards,
Tobias
--
Dr.-Ing. Tobias Fiebig
M
wrote:
> Hello Tobias,
>
> I assume it's `getent passwd`, because it needs a database.
> This is my output:
> vmail:*:2000:2000:Virtual Mail Account:/var/vmail:/sbin/nologin
>
> On 09.04.23 23:17, Tobias Fiebig wrote:
> > Heho,
> >
> > can you do a `getent|grep
Heho,
`getent passwd | grep vmail` of course. ;-)
With best regards,
Tobias
On Sun, 2023-04-09 at 23:17 +0200, Tobias Fiebig wrote:
> Heho,
>
> can you do a `getent|grep vmail` on your system? That sounds like you
> haven't fully configured the virtual setup?
>
> With best
ect "550 no
> > FCrDNS"
> > #filter check_rdns phase connect match !rdns disconnect "550 no
> > rDNS"
> > filter rspamd proc-exec "/usr/local/libexec/smtpd/filter-rspamd"
> > filter filters chain { dkim_sign, rspamd }
> >
> > lis
t; }
> > }
> >
> > ssl_cert = > ssl_key = >
> > userdb {
> > args = username_format=%u /etc/mail/credentials.dovecot
> > driver = passwd-file
> > name =
> > }
> >
> > protocol imap {
> > mail_plugins = " imap_sieve"
> > }
>
>
> On 09.04.23 22:00, Michael Breuer wrote:
> > Hello Benjamin,
> >
> > what mda do you use? I use dovecot and a sieve script to process
> > incoming mail.
> >
> > Instead of saving mail directly to maildir, I transfer it to the
> > mda via lmtp. The required changes on the smtpd site would look
> > like this:
> >
> > > On 9. Apr 2023, at 16:04, Benjamin Stürz
> > > wrote:
> > >
> > > I think this line has to be changed:
> > > action "domain_mail" maildir
> > > "/var/vmail/%{dest.domain:lowercase}/%{dest.user:lowercase|strip}
> > > /Inbox" virtual
> >
> > action "domain_mail" lmtp "/var/dovecot/lmtp" virtual
> >
> > In dovecot, you need to activate the sieve plugin and a
> > script for your user account.
> >
> >
>
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M tob...@fiebig.nl
Heho,
> - In DMARC Report Deliverability, it's written "To authorize this
> RUA, add the following DMARC DNS record:", first it was not obvious
> to me in which zone I have to add the record, maybe you can write "To
> authorize this RUA, add the following DMARC DNS record in zone
> xyz.org:"
> I
Heho,
> That is a real cool project!
Thanks. And mostly running on openbsd. ;-)
> I didn't knew signed rDNS is possible.
Yeah; It actually is:
https://dnssec-analyzer.verisignlabs.com/3.197.191.195.in-addr.arpa
But many orgs don't sign their rDNS, which makes it hard for endusers
to get
Heho,
together with some colleagues i setup an email-sending-selftest
(powered by openbsd, and partially opensmtpd ;-)) In case it is useful
for some: https://www.email-security-scans.org/
Only thing keeping me from 10/10 at the moment is outbound MTA-STS and
DANE checking. If anyone has taken a
this, so procedure is called:
>
> query_alias CALL get_aliases(?);
>
> But then, same error occurred again.
> So my question is, am I doing something wrong. And can OpenSMTPD be
> configured to call MySQL stored procedures.
>
> Thanks,
> Roko Dobovičnik
>
>
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M tob...@fiebig.nl
y 0 localhost.
>
> I mistyped swbmail.de as webmail.de. So it is partially my fault.
> Webmail.de is for sale by sedo.com. It is really weird that they
> enter localhost as mx. They should at least have their own fake
> mailer which simply rejects emails to webmail.com.
>
> But my question is: How can I harden smtpd.conf against such mx
> entries?
>
> OpenBSD obsd-test.rebehn.net 7.2 GENERIC#6 amd64 running under ESXi
> 7.0U3
> Clean install, default smtpd.conf
>
> Thanks for any help,
>
> Heinrich
>
>
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M tob...@fiebig.nl
s action.
try:
match from auth for any action "process_dkim"
With best regards,
Tobias
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M tob...@fiebig.nl
n "process_outbound" relay host tls+auth://label@REDACTED auth
>
> match tag DKIM for any action "process_outbound"
>
> # Accept incoming mail from authenticated users who want to send
> email to
> domains we don't manage, and send it to DKIM:
> action "process_dkim" relay host smtp://127.0.0.1:10027
> match from local for any action "process_dkim"
--
Dr.-Ing. Tobias Fiebig
T +31 616 80 98 99
M tob...@fiebig.nl
Heho,
i recently came about it for ibm.com, iirc, as well when implementing
SPF for a measurement tool. ;-)
With best regards,
Tobias
heho,
yes, this is rather easily doable. Relevant configs from my setup below
(still want to blog about _that_ part, as my mysql is a bit more...
grown...)
General setup doc (bit outdated, though... but still explaining the
rather funny SQL statement and reasoning behind that i have in there)
Heho,
On Tue, 2022-12-27 at 22:54 +0100, xad...@mail.de wrote:
> ...
> # To accept external mail, replace with: listen on all
>
> #listen on all tls pki mail.example.com
>
> listen on egress port submission tls-require pki mail.example.com \
> hostname "example.com" auth #filter "rspamd"
> ...
Heho,
i am currently looking at adding MTA-STS/DANE support to my mailer;
However, these are not supported in opensmtpd.
Given my limited coding abilities, i figured it might make more sense
to try implementing that as a filter, given that [1] mentions outbound
filters. however, man
Heho,
How are you testing this? libressl connect? Are you signalling SNI there?
With best regards,
Tobias
-Original Message-
From: wim
Sent: Friday, 23 September 2022 13:26
To: misc@opensmtpd.org
Subject: SNI seems not working
Hi,
Hi,
HI,
Hi, I'm trying to configure SNI,
but it
thinking it would be nice to be able to
specify multiple relay hosts, explicitly.
On Thu, Sep 08, 2022 at 12:35:04AM +0200, Tobias Fiebig wrote:
> Heho,
> Why don't you add mailrelays.domain as a DNSAltName to the certs of these
> hosts? Or are they not under your control?
>
> Wi
Heho,
Why don't you add mailrelays.domain as a DNSAltName to the certs of these
hosts? Or are they not under your control?
With best regards,
Tobias
-Original Message-
From: Tassilo Philipp
Sent: Wednesday, 7 September 2022 11:31
To: misc@opensmtpd.org
Subject: certificate
Heho,
I just started to see some DoS issue on my OpenSMTPd with table-mysql as the
backend. Specifically, my server ran into the user lookup process eating a full
core and torturing the mysql server after some funny brute-force attempts came
in. (writeup with graphs here:
21 matches
Mail list logo
