Re: SSL/TLS
thanks for advices . i rewite smtpd.conf pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth table aliases db:/etc/mail/aliases.db accept from any for domain aoiyuma.mydns.jp alias aliases deliver to maildir accept from any for domain aoiyuma.mydns.jp deliver to maildir accept for localalias aliases deliver to maildir accept for local deliver to maildir mynetwork1 = 6.2.6.2/32 mynetwork2 = 114.22.25.247/32 accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay reject from any for any thunderbird automativally detects mail server . about smtp --- authentification nethod : passeword , transmitted insecurely conectio security:none perhaps TLS does not run . so -- accept for local alias aliases deliver to mda /usr/local/bin/maildrop -f - accept from any for domain aoiyuma.mydns.jp \ deliver to mda /usr/local/bin/maildrop -f - or like is needed ? - regards -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. thanks lot . i rewrite smtpd.conf pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth table aliases db:/etc/mail/aliases.db accept from any for domain aoiyuma.mydns.jp alias aliases deliver to maildir accept from any for domain aoiyuma.mydns.jp deliver to maildir accept for localalias aliases deliver to maildir accept for local deliver to maildir mynetwork1 = 61.214.236.211/32 mynetwork2 = 114.22.25.247/32 accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay #reject from any for any accept from local for any relay - this line accept from local for any relay --- then i send mail y...@gmail.com . my failure was 'reject from any for any' . are there open relay when ' accept from local for any relay' is replaced . -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
OpenSMTPD big deployments
Hi, in October I will give a talk at Linuxcon about OpenSMTPD, does anybody have some statistics about some big deployments ? Atm I have statistics only for my servers. Cheers Thanks Giovanni -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
are there open relay when ' accept from local for any relay' is replaced . Nope ! from local means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote: On 2015e9407f28f% 20:50, Denis Fondras wrote: are there open relay when ' accept from local for any relay' is replaced . Nope ! from local means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) kind advice . surely i can send mail from x...@aoiyuma.mydns.jp to y...@gmail.com . strangely i cannot send mail from Y@gmailto x...@aoiyuma.mydns.jp . - Delivery to the following recipient failed permanently: tuy...@aoiyuma.mydns.jp Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain aoiyuma.mydns.jp by mail.aoiyuma.mydns.jp. [157.7.208.141]. The error that the other server returned was: 530 5.5.1 Invalid command: Must issue an AUTH command first You have: listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth From smtpd.conf(5): If the auth parameter is used, then a client may only start an SMTP transaction after a successful authentication. Any remote sender that passed SMTPAUTH is treated as if it was the server's local user that was sending the mail. This means that filter rules using from local will be matched. If auth-optional is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail from untrusted senders and outgoing mail from authenticated users in situations where it is not possible to listen on the submission port. And I think you want smtps on port 465 not tls! -- Herbert -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
i rewrite smtpd.conf by auth-optional this one allow to mail to from gmail.com . -by https://www.opensmtpd.org/smtpd.conf.5.html If *auth-optional* is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail from untrusted senders and outgoing mail from authenticated users in situations where it is not possible to listen on the submission port. Both *auth* and *auth-optional* accept an optional table as a parameter. When provided, credentials are looked up in this table. Credentials format is described in table(5). --- how about this ? pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth-optional listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth-optional listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth-optional table aliases db:/etc/mail/aliases.db accept from any for domain aoiyuma.mydns.jp alias aliases deliver to maildir accept from any for domain aoiyuma.mydns.jp deliver to maildir accept for localalias aliases deliver to maildir accept for local deliver to maildir mynetwork1 = 6.2.6.2/32 mynetwork2 = 114.22.25.247/32 accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay accept from local for any relay
Re: SSL/TLS
Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the translation site because this is written in Japanese. For example, https://translate.google.co.jp/?hl=ja -- tuyosi takesima