Re: SSL/TLS

2015-07-28 Thread SSL


thanks for advices .

i rewite smtpd.conf

pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key
listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth
table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 6.2.6.2/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay
reject from any for any

thunderbird automativally detects mail server .
about smtp
---
authentification nethod : passeword , transmitted insecurely
conectio security:none

perhaps TLS does not run .

so
--
accept for local alias aliases deliver to mda /usr/local/bin/maildrop 
-f -

accept from any for domain aoiyuma.mydns.jp \
deliver to mda /usr/local/bin/maildrop -f -
or like is needed ?

-
regards




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread Mariano Baragiola
In my experience, Thunderbird auto-configuration is not good.

Configure it manually, choosing STARTTLS as the encryption method.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL



On 2015e9407f28f% 19:18, Mariano Baragiola wrote:

In my experience, Thunderbird auto-configuration is not good.

Configure it manually, choosing STARTTLS as the encryption method.


thanks lot .

i rewrite smtpd.conf


pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key

listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth

table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 61.214.236.211/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay

#reject from any for any
accept from local for any relay  - this line
accept from local for any relay
---
then i send mail y...@gmail.com .


my failure was 'reject from any for any' .
are there open relay when ' accept from local for any relay' is replaced .







--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



OpenSMTPD big deployments

2015-07-28 Thread Giovanni Bechis
Hi,
in October I will give a talk at Linuxcon about OpenSMTPD, does anybody have 
some statistics about some big deployments ?
Atm I have statistics only for my servers.
 Cheers  Thanks
  Giovanni  

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread Denis Fondras
 are there open relay when ' accept from local for any relay' is replaced .
 

Nope !
from local means that only the machine running OpenSMTPd or any
*authenticated* client can relay.

Moreover, if no rule is matching then OpenSMTPd rejects the mail (default
setting = secure setting)

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL

i follow you .

On 2015e9407f28f% 19:18, Mariano Baragiola wrote:

In my experience, Thunderbird auto-configuration is not good.

Configure it manually, choosing STARTTLS as the encryption method.


surely i can send mail from x...@aoiyuma.mydns.jp   to x...@aoiyuma.mydns.jp
but cannod send mail   from x...@aoiyuma.mydns.jp   to y...@gmail.com
(previously can send )

 tail /var/log/maillog

Jul 29 04:36:36 aoiyuma smtpd[13370]: smtp-in: Closing session 
0d8c97396558bc0b


Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: New session 
0d8c973acd272d09 from host e0109-114-22-25-247.uqwimax.jp [114.22.25.247]


Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: Started TLS on session 
0d8c973acd272d09: version=TLSv1/SSLv3, 
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128


Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Accepted authentication 
for user tuyosi on session 0d8c973acd272d09


Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Failed command on session 
0d8c973acd272d09: RCPT TO:y...@gmail.com = 550 Invalid recipient

^
Jul 29 04:36:52 aoiyuma smtpd[13370]: smtp-in: Closing session 
0d8c973acd272d09




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread Herbert J. Skuhra
On Tue, Jul 28, 2015 at 09:05:24PM +0900, tuyosi wrote:
 
 
 On 2015e9407f28f% 20:50, Denis Fondras wrote:
 are there open relay when ' accept from local for any relay' is replaced .
 
 Nope !
 from local means that only the machine running OpenSMTPd or any
 *authenticated* client can relay.
 
 Moreover, if no rule is matching then OpenSMTPd rejects the mail (default
 setting = secure setting)
 
 kind advice .
 
 surely   i can send mail from x...@aoiyuma.mydns.jp to y...@gmail.com 
 .
 
 
 strangely  i cannot send mail from Y@gmailto
 x...@aoiyuma.mydns.jp .
 -
 
 Delivery to the following recipient failed permanently:
 
  tuy...@aoiyuma.mydns.jp
 
 Technical details of permanent failure:
 Google tried to deliver your message, but it was rejected by the server for 
 the recipient domain aoiyuma.mydns.jp by mail.aoiyuma.mydns.jp. 
 [157.7.208.141].
 
 The error that the other server returned was:
 530 5.5.1 Invalid command: Must issue an AUTH command first

You have:

listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth

From smtpd.conf(5):

If the auth parameter is used, then a client may only start an SMTP transaction
after a successful authentication. Any remote sender that passed SMTPAUTH is
treated as if it was the server's local user that was sending the mail. This
means that filter rules using from local will be matched. If auth-optional is
specified, then SMTPAUTH is not required to establish an SMTP transaction. This
is only useful to let a listener accept incoming mail from untrusted senders
and outgoing mail from authenticated users in situations where it is not
possible to listen on the submission port.

And I think you want smtps on port 465 not tls!

-- 
Herbert

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL

i rewrite  smtpd.conf by auth-optional
this one allow to mail to  from gmail.com .

-by https://www.opensmtpd.org/smtpd.conf.5.html
If *auth-optional* is specified, then SMTPAUTH is not required to 
establish an SMTP transaction. This is only useful to let a listener 
accept incoming mail from untrusted senders and outgoing mail from 
authenticated users in situations where it is not possible to listen on 
the submission port.
Both *auth* and *auth-optional* accept an optional table as a parameter. 
When provided, credentials are looked up in this table. Credentials 
format is described in table(5).

---

how about this ?

pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key
listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth-optional
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth-optional
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth-optional
table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 6.2.6.2/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay
accept from local for any relay




Re: SSL/TLS

2015-07-28 Thread SSL

Hi all .
following the advices that I received in the past ,  Itry to put together .

I think that there aremistakes.
Please point out at that time.

In addition, please use the translation site because this is written in 
Japanese.


For example,
https://translate.google.co.jp/?hl=ja
--
tuyosi takesima