Re: SSL/TLS
very sorry , i forgot to write URL . it is http://aoiyuma.mydns.jp/mydns-MS.html On 2015e9407f29f% 06:22, SSL wrote: Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the translation site because this is written in Japanese. For example, https://translate.google.co.jp/?hl=ja -- tuyosi takesima
Re: SSL/TLS
Hi all . following the advices that I received in the past , Itry to put together . I think that there aremistakes. Please point out at that time. In addition, please use the translation site because this is written in Japanese. For example, https://translate.google.co.jp/?hl=ja -- tuyosi takesima
Re: SSL/TLS
i rewrite smtpd.conf by auth-optional this one allow to mail to & from gmail.com . -by https://www.opensmtpd.org/smtpd.conf.5.html If *auth-optional* is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail from untrusted senders and outgoing mail from authenticated users in situations where it is not possible to listen on the submission port. Both *auth* and *auth-optional* accept an optional table as a parameter. When provided, credentials are looked up in this table. Credentials format is described in table(5). --- how about this ? pki mail.aoiyuma.mydns.jp certificate "/etc/ssl/mail.aoiyuma.mydns.jp.crt" pki mail.aoiyuma.mydns.jp key "/etc/ssl/private/mail.aoiyuma.mydns.jp.key" listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth-optional listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth-optional listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth-optional table aliases db:/etc/mail/aliases.db accept from any for domain "aoiyuma.mydns.jp" alias deliver to maildir accept from any for domain "aoiyuma.mydns.jp" deliver to maildir accept for localalias deliver to maildir accept for local deliver to maildir mynetwork1 = "6.2.6.2/32" mynetwork2 = "114.22.25.247/32" accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay accept from local for any relay
Re: SSL/TLS
On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote: > > > On 2015e9407f28f% 20:50, Denis Fondras wrote: > >>are there open relay when ' accept from local for any relay' is replaced . > >> > >Nope ! > >"from local" means that only the machine running OpenSMTPd or any > >*authenticated* client can relay. > > > >Moreover, if no rule is matching then OpenSMTPd rejects the mail (default > >setting = secure setting) > > > kind advice . > > surely i can send mail from x...@aoiyuma.mydns.jp to y...@gmail.com > . > > > strangely i cannot send mail from Y@gmailto > x...@aoiyuma.mydns.jp . > - > > Delivery to the following recipient failed permanently: > > tuy...@aoiyuma.mydns.jp > > Technical details of permanent failure: > Google tried to deliver your message, but it was rejected by the server for > the recipient domain aoiyuma.mydns.jp by mail.aoiyuma.mydns.jp. > [157.7.208.141]. > > The error that the other server returned was: > 530 5.5.1 Invalid command: Must issue an AUTH command first You have: listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth From smtpd.conf(5): If the auth parameter is used, then a client may only start an SMTP transaction after a successful authentication. Any remote sender that passed SMTPAUTH is treated as if it was the server's local user that was sending the mail. This means that filter rules using from local will be matched. If auth-optional is specified, then SMTPAUTH is not required to establish an SMTP transaction. This is only useful to let a listener accept incoming mail from untrusted senders and outgoing mail from authenticated users in situations where it is not possible to listen on the submission port. And I think you want smtps on port 465 not tls! -- Herbert -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
On 2015e9407f28f% 20:50, Denis Fondras wrote: are there open relay when ' accept from local for any relay' is replaced . Nope ! "from local" means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) kind advice . surely i can send mail from x...@aoiyuma.mydns.jp to y...@gmail.com . strangely i cannot send mail from Y@gmailto x...@aoiyuma.mydns.jp . - Delivery to the following recipient failed permanently: tuy...@aoiyuma.mydns.jp Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain aoiyuma.mydns.jp by mail.aoiyuma.mydns.jp. [157.7.208.141]. The error that the other server returned was: 530 5.5.1 Invalid command: Must issue an AUTH command first -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
> are there open relay when ' accept from local for any relay' is replaced . > Nope ! "from local" means that only the machine running OpenSMTPd or any *authenticated* client can relay. Moreover, if no rule is matching then OpenSMTPd rejects the mail (default setting = secure setting) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. thanks lot . i rewrite smtpd.conf pki mail.aoiyuma.mydns.jp certificate "/etc/ssl/mail.aoiyuma.mydns.jp.crt" pki mail.aoiyuma.mydns.jp key "/etc/ssl/private/mail.aoiyuma.mydns.jp.key" listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth table aliases db:/etc/mail/aliases.db accept from any for domain "aoiyuma.mydns.jp" alias deliver to maildir accept from any for domain "aoiyuma.mydns.jp" deliver to maildir accept for localalias deliver to maildir accept for local deliver to maildir mynetwork1 = "61.214.236.211/32" mynetwork2 = "114.22.25.247/32" accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay #reject from any for any accept from local for any relay <- this line accept from local for any relay --- then i send mail y...@gmail.com . my failure was 'reject from any for any' . are there open relay when ' accept from local for any relay' is replaced . -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
OpenSMTPD big deployments
Hi, in October I will give a talk at Linuxcon about OpenSMTPD, does anybody have some statistics about some big deployments ? Atm I have statistics only for my servers. Cheers & Thanks Giovanni -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
i follow you . On 2015e9407f28f% 19:18, Mariano Baragiola wrote: In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. surely i can send mail from x...@aoiyuma.mydns.jp to x...@aoiyuma.mydns.jp but cannod send mail from x...@aoiyuma.mydns.jp to y...@gmail.com (previously can send ) tail /var/log/maillog Jul 29 04:36:36 aoiyuma smtpd[13370]: smtp-in: Closing session 0d8c97396558bc0b Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: New session 0d8c973acd272d09 from host e0109-114-22-25-247.uqwimax.jp [114.22.25.247] Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: Started TLS on session 0d8c973acd272d09: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Accepted authentication for user tuyosi on session 0d8c973acd272d09 Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Failed command on session 0d8c973acd272d09: "RCPT TO:" => 550 Invalid recipient ^ Jul 29 04:36:52 aoiyuma smtpd[13370]: smtp-in: Closing session 0d8c973acd272d09 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
In my experience, Thunderbird auto-configuration is not good. Configure it manually, choosing STARTTLS as the encryption method. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SSL/TLS
thanks for advices . i rewite smtpd.conf pki mail.aoiyuma.mydns.jp certificate "/etc/ssl/mail.aoiyuma.mydns.jp.crt" pki mail.aoiyuma.mydns.jp key "/etc/ssl/private/mail.aoiyuma.mydns.jp.key" listen on lo0 listen on em0 port 25 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth table aliases db:/etc/mail/aliases.db accept from any for domain "aoiyuma.mydns.jp" alias deliver to maildir accept from any for domain "aoiyuma.mydns.jp" deliver to maildir accept for localalias deliver to maildir accept for local deliver to maildir mynetwork1 = "6.2.6.2/32" mynetwork2 = "114.22.25.247/32" accept from source $mynetwork1 for any relay accept from source $mynetwork2 for any relay reject from any for any thunderbird automativally detects mail server . about smtp --- authentification nethod : passeword , transmitted insecurely conectio security:none perhaps TLS does not run . so -- accept for local alias deliver to mda "/usr/local/bin/maildrop -f -" accept from any for domain aoiyuma.mydns.jp \ deliver to mda "/usr/local/bin/maildrop -f -" or like is needed ? - regards -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org