Re: OpenSMTPD build on OpenSSL 1.1.x
On 28/08/2019 01:00, Reio Remma wrote: The fresh RPM installed nicely on a clean CentOS 7 with their OpenSSH 1.0.2k and OpenSMTPD started too: Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta delivery evpid=953ab16d13e43b2f from= to= rcpt=<-> source="192.168.1.142" relay="108.177.14.27 (lt-in-f27.1e100.net)" delay=3m12 s result="Ok" stat="250 2.0.0 OK 1566942607 w6si428635lfk.121 - gsmtp" Funnily this sole test e-mail managed to get us Spamhaus banned due to using localhost.localdomain. :D Good luck, Reio
Re: OpenSMTPD build on OpenSSL 1.1.x
Hello, 27 août 2019 20:25 "Richard Narron" a écrit: > The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD > works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 > Yay ! > It took me a while to get it to work though. > > I first downloaded the "current" portable version from > https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz > > And I got errors very similar to those of Denis Fateyev on Fedora 30. > Yes, our latest release was not OpenSSL 1.1 compatible, the next one which will happen in October will be. > Next I downloaded the portable version from github.com > and found that autoconf had not been run and this was no good. > > Finally I discovered the post on the mailing list which mentioned the > "bootstrap" script and then I was able to download and build the portable > version from git. > That's because this is the development branch, we run the boostrap script when we perform a release. In October, all you'll have to do is download the tarball from the website, like you did with 6.4.2p1, and it will work for OpenSSL 1.1 > The code shows version "6.6.0-portable". > > It runs fine on Slackware64 current and I'm happy that it now works with > OpenSSL 1.1 > Neat
Re: OpenSMTPD build on OpenSSL 1.1.x
28 août 2019 00:00 "Reio Remma" a écrit: > On 27.08.2019 21:25, Richard Narron wrote: > >> The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD >> works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 >> It took me a while to get it to work though. >> I first downloaded the "current" portable version from >> https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz >> And I got errors very similar to those of Denis Fateyev on Fedora 30. >> Next I downloaded the portable version from github.com >> and found that autoconf had not been run and this was no good. >> Finally I discovered the post on the mailing list which mentioned the >> "bootstrap" script and then I was able to download and build the portable >> version from git. >> The code shows version "6.6.0-portable". >> It runs fine on Slackware64 current and I'm happy that it now works with >> OpenSSL 1.1 >> Regards, >> Richard Narron > > Your success pushed me to try 6.6.0 on CentOS 7 with OpenSSL 1.1.1c. > > Can anyone tell me if changing to -lcrypto -lssl to -l:libssl.a > -l:libcrypto.a is the correct way > to get OpenSSL 1.1.1c statically compiled into OpenSMTPD? I ended up using > these (and -pthreads > -ldl) and managed to build an RPM based on 6.0.3 RPM from CentOS 7. > I don't know about the -l:lib notation sorry Out of curiosity, why would you want ssl statically compiled into OpenSMTPD ? This means that when an issue hits OpenSSL, updating OpenSSL and restarting the daemon will not be enough to be back on track. In addition, I'm not sure why you need -pthreads because OpenSMTPD is not multi-threaded. > The fresh RPM installed nicely on a clean CentOS 7 with their OpenSSH 1.0.2k > and OpenSMTPD started > too:Aug 28 00:54:54 localhost smtpd[25943]: info: OpenSMTPD 6.6.0-portable > starting > Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta connecting > address=smtp://108.177.14.27:25 host=lt-in-f27.1e100.net > Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta connected > Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta tls > ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 > Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta server-cert-check > result="success" > Aug 28 00:50:07 localhost smtpd[9338]: cfa3e1042696f77a mta delivery > evpid=953ab16d13e43b2f > from= to= rcpt=<-> > source="192.168.1.142" > relay="108.177.14.27 (lt-in-f27.1e100.net)" delay=3m12 > s result="Ok" stat="250 2.0.0 OK 1566942607 w6si428635lfk.121 - gsmtp" More > testing will have to > wait until tomorrow. :) > > Good luck, > Reio
Re: OpenSMTPD build on OpenSSL 1.1.x
On 28/08/2019 10:44, gil...@poolp.org wrote: 28 août 2019 00:00 "Reio Remma" a écrit: On 27.08.2019 21:25, Richard Narron wrote: The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 It took me a while to get it to work though. I first downloaded the "current" portable version from https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz And I got errors very similar to those of Denis Fateyev on Fedora 30. Next I downloaded the portable version from github.com and found that autoconf had not been run and this was no good. Finally I discovered the post on the mailing list which mentioned the "bootstrap" script and then I was able to download and build the portable version from git. The code shows version "6.6.0-portable". It runs fine on Slackware64 current and I'm happy that it now works with OpenSSL 1.1 Regards, Richard Narron Your success pushed me to try 6.6.0 on CentOS 7 with OpenSSL 1.1.1c. Can anyone tell me if changing to -lcrypto -lssl to -l:libssl.a -l:libcrypto.a is the correct way to get OpenSSL 1.1.1c statically compiled into OpenSMTPD? I ended up using these (and -pthreads -ldl) and managed to build an RPM based on 6.0.3 RPM from CentOS 7. I don't know about the -l:lib notation sorry Out of curiosity, why would you want ssl statically compiled into OpenSMTPD ? This means that when an issue hits OpenSSL, updating OpenSSL and restarting the daemon will not be enough to be back on track. In addition, I'm not sure why you need -pthreads because OpenSMTPD is not multi-threaded. Hello! CentOS 7 has OpenSSL 1.0.2k as the max version and with OpenSSL 1.1.1c compiled into OpenSMTPD I can run the new OpenSMTPD version on a machine with CentOS 7's old OpenSSL version. I had to add -pthreads and -ldl to pass 'make' with the static OpenSSL libraries. Without these I ran into errors hinting at threads and dl. I'm a little wary of just forcibly replacing the whole OpenSSL 1.0.2k on a production machine. :) Thanks! Reio
Re: OpenSMTPD build on OpenSSL 1.1.x
On Wed, Aug 28, 2019 at 10:55:05AM +0300, Reio Remma wrote: > On 28/08/2019 10:44, gil...@poolp.org wrote: > > 28 ao??t 2019 00:00 "Reio Remma" a ??crit: > > > > > On 27.08.2019 21:25, Richard Narron wrote: > > > > > > > The OpenSMTPD portable version from > > > > https://github.com/OpenSMTPD/OpenSMTPD > > > > works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 > > > > It took me a while to get it to work though. > > > > I first downloaded the "current" portable version from > > > > https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz > > > > And I got errors very similar to those of Denis Fateyev on Fedora 30. > > > > Next I downloaded the portable version from github.com > > > > and found that autoconf had not been run and this was no good. > > > > Finally I discovered the post on the mailing list which mentioned the > > > > "bootstrap" script and then I was able to download and build the > > > > portable > > > > version from git. > > > > The code shows version "6.6.0-portable". > > > > It runs fine on Slackware64 current and I'm happy that it now works with > > > > OpenSSL 1.1 > > > > Regards, > > > > Richard Narron > > > Your success pushed me to try 6.6.0 on CentOS 7 with OpenSSL 1.1.1c. > > > > > > Can anyone tell me if changing to -lcrypto -lssl to -l:libssl.a > > > -l:libcrypto.a is the correct way > > > to get OpenSSL 1.1.1c statically compiled into OpenSMTPD? I ended up > > > using these (and -pthreads > > > -ldl) and managed to build an RPM based on 6.0.3 RPM from CentOS 7. > > > > > I don't know about the -l:lib notation sorry > > > > Out of curiosity, why would you want ssl statically compiled into OpenSMTPD > > ? > > This means that when an issue hits OpenSSL, updating OpenSSL and restarting > > the daemon will not be > > enough to be back on track. > > > > In addition, I'm not sure why you need -pthreads because OpenSMTPD is not > > multi-threaded. > > Hello! > > CentOS 7 has OpenSSL 1.0.2k as the max version and with OpenSSL 1.1.1c > compiled into OpenSMTPD I can run the new OpenSMTPD version on a machine > with CentOS 7's old OpenSSL version. > > I had to add -pthreads and -ldl to pass 'make' with the static OpenSSL > libraries. Without these I ran into errors hinting at threads and dl. > > I'm a little wary of just forcibly replacing the whole OpenSSL 1.0.2k on a > production machine. :) > Understood ! OpenSSL 1.0.x is going to be supported until 2019-12-31 so this will get solved by itself soon ;-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Re: OpenSMTPD build on OpenSSL 1.1.x
On 28/08/2019 11:30, Gilles Chehade wrote: OpenSSL 1.0.x is going to be supported until 2019-12-31 so this will get solved by itself soon ;-) Unfortunately not for CentOS 7. :D They have a policy of not making major version upgrades during the lifecycle of an OS version. :( Suspect I'll have to look at migrating everything tp CentOS 8 when that comes out. Reio
Question about match auth with the new syntax.
Hello! I've pretty much converted my setup to the new syntax now and I'm wondering if I get this right. I understand that from local was changed to not include authenticated users, but my question is does "match auth" match both authenticated and local users? I currently have - "match auth from any for any action dkim" - and I see that I can send mail from command line using that rule, so I'm guessing yes. :) Maybe the man page could reflect these bits for match auth and match from local. Thanks! Reio
Re: Question about match auth with the new syntax.
On Aug 28, 2019 1:52 PM, Reio Remma wrote: > > Hello! > > I've pretty much converted my setup to the new syntax now and I'm > wondering if I get this right. > > I understand that from local was changed to not include authenticated > users, but my question is does "match auth" match both authenticated and > local users? > > I currently have - "match auth from any for any action dkim" - and I see > that I can send mail from command line using that rule, so I'm guessing > yes. :) > > Maybe the man page could reflect these bits for match auth and match > from local. > Match from local for local is a default rule. You have to specifically negate it if you don't want it. Edgar > Thanks! > Reio >
