Re: Virtual domains

2015-03-12 Thread Edgar Pettijohn 


On 03/12/15 18:37, Gonzalo wrote:

Ok, but now I have no email:

debug: mda: all done for user ":vmail"
debug: scheduler: evp:4bb1b8d779458d6b scheduled (mda)
mda: new user 1f4c8dcc1b038c63 for ":vmail"
debug: lka: userinfo :vmail
lookup: lookup "vmail" as USERINFO in table getpwnam: -> 
"vmail:5001:5001:/home/vmail"
debug: mda: new session 1f4c8dcdae55d45d for user ":vmail" 
evpid 4bb1b8d779458d6b

debug: mda: no more envelope for ":vmail"
debug: mda: got message fd 4 for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: querying mda fd for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: smtpd: forking mda for session 1f4c8dcdae55d45d: 
"/usr/local/libexec/dovecot/dovecot-lda -f tengoandr...@gmail.com 
 -d blo" as vmail
debug: mda: got mda fd 5 for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: end-of-file for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: mda: all data sent for session 1f4c8dcdae55d45d evpid 
4bb1b8d779458d6b
debug: smtpd: mda process done for session 1f4c8dcdae55d45d: exited 
abnormally
delivery: TempFail for 4bb1b8d779458d6b: from=>, to=>, user=vmail, method=mda, delay=1m30s, 
stat=Error (exited abnormally)

debug: mda: session 1f4c8dcdae55d45d done
debug: mda: user "vmail" becomes runnable
debug: mda: all done for user ":vmail"


usuariosv
@foobar.com.ar  vmail

usuarios
foo:$2b$06$aHet9bLmm.bkoK4A6tueb.eb0j2vivzV1pH7PrZoixwzBROTr0Gd6:5001:5001:/var/www/mail/%n



2015-03-12 19:07 GMT-03:00 Edgar Pettijohn III 
mailto:ed...@pettijohn-web.com>>:


one system user will take care of it all. you could do:

@domain.tlduser

and map all to one user.

On Mar 12, 2015, at 5:05 PM, Gonzalo wrote:


I mean, I don't want to create a system user per email account.

El mar 12, 2015 6:55 PM, "Edgar Pettijohn III"
mailto:ed...@pettijohn-web.com>> escribiC3:

smtpd.conf(5)
*for* [*!*] *domain*/domain/*virtual*|<|/users/>
This rule applies to mail destined for the specified
virtual/domain/. This parameter supports the b
wildcard, so that a single rule for all sub-domains can
be used, for example:

accept for domain "*.example.com  " \
virtual  deliver to mbox

The table /users/ *holds a key-value mapping of virtual
to **system* users. For an example of how to configure
the /users/ table, seemakemap(8)
.

Also look in makemap(8) for some more details.

For it to work you will have to have a system user to handle
all of the mail.  You would have to do the same with postfix
and probably other mta.






--
Enviado desde mi tostadora de mano...

Did you actually add the vmail user to the system with /usr/sbin/adduser?

Re: Virtual domains

2015-03-12 Thread Gonzalo 
Ok, but now I have no email:

debug: mda: all done for user ":vmail"
debug: scheduler: evp:4bb1b8d779458d6b scheduled (mda)
mda: new user 1f4c8dcc1b038c63 for ":vmail"
debug: lka: userinfo :vmail
lookup: lookup "vmail" as USERINFO in table getpwnam: ->
"vmail:5001:5001:/home/vmail"
debug: mda: new session 1f4c8dcdae55d45d for user ":vmail" evpid
4bb1b8d779458d6b
debug: mda: no more envelope for ":vmail"
debug: mda: got message fd 4 for session 1f4c8dcdae55d45d evpid
4bb1b8d779458d6b
debug: mda: querying mda fd for session 1f4c8dcdae55d45d evpid
4bb1b8d779458d6b
debug: smtpd: forking mda for session 1f4c8dcdae55d45d:
"/usr/local/libexec/dovecot/dovecot-lda -f tengoandr...@gmail.com -d blo"
as vmail
debug: mda: got mda fd 5 for session 1f4c8dcdae55d45d evpid 4bb1b8d779458d6b
debug: mda: end-of-file for session 1f4c8dcdae55d45d evpid 4bb1b8d779458d6b
debug: mda: all data sent for session 1f4c8dcdae55d45d evpid
4bb1b8d779458d6b
debug: smtpd: mda process done for session 1f4c8dcdae55d45d: exited
abnormally
delivery: TempFail for 4bb1b8d779458d6b: from=, to=<
b...@foobar.com.ar>, user=vmail, method=mda, delay=1m30s, stat=Error (exited
abnormally)
debug: mda: session 1f4c8dcdae55d45d done
debug: mda: user "vmail" becomes runnable
debug: mda: all done for user ":vmail"


usuariosv
@foobar.com.ar vmail

usuarios
foo:$2b$06$aHet9bLmm.bkoK4A6tueb.eb0j2vivzV1pH7PrZoixwzBROTr0Gd6:5001:5001:/var/www/mail/%n



2015-03-12 19:07 GMT-03:00 Edgar Pettijohn III :

> one system user will take care of it all. you could do:
>
> @domain.tld user
>
> and map all to one user.
>
> On Mar 12, 2015, at 5:05 PM, Gonzalo wrote:
>
> I mean, I don't want to create a system user per email account.
>  El mar 12, 2015 6:55 PM, "Edgar Pettijohn III" 
> escribió:
>
>> smtpd.conf(5)
>> *for* [*!*] *domain* *domain* *virtual* <*users*>This rule applies to
>> mail destined for the specified virtual*domain*. This parameter supports
>> the ‘*’ wildcard, so that a single rule for all sub-domains can be used,
>> for example:
>>
>> accept for domain "*.example.com" \
>>virtual  deliver to mbox
>>
>> The table *users* *holds a key-value mapping of virtual to **system*
>> users. For an example of how to configure the *users* table, see
>> makemap(8) .
>>
>> Also look in makemap(8) for some more details.
>>
>> For it to work you will have to have a system user to handle all of the
>> mail.  You would have to do the same with postfix and probably other mta.
>>
>
>


-- 
Enviado desde mi tostadora de mano...

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth 

On Thu, 12 Mar 2015 11:13:53 -0700, Seth  wrote:


On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa  wrote:

 I have not tried  to remove the sets after installation however.


This command will remove the installation sets

$ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf

Obviously test it out first somewhere where it won't trash your system.

$ cd ~
$ sudo pax -rvzf xetc56.tgz -p e
$ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf


Ahem, DO NOT try this against the xbase56.tgz set, I did and it trashed my  
system. Thank the cybergodz for disk snapshots.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Virtual domains

2015-03-12 Thread Edgar Pettijohn III 
one system user will take care of it all. you could do:

@domain.tld user

and map all to one user.

On Mar 12, 2015, at 5:05 PM, Gonzalo wrote:

> I mean, I don't want to create a system user per email account.
> El mar 12, 2015 6:55 PM, "Edgar Pettijohn III"  
> escribió:
> smtpd.conf(5)
> for [!] domain domain virtual 
> This rule applies to mail destined for the specified virtualdomain. This 
> parameter supports the ‘*’ wildcard, so that a single rule for all 
> sub-domains can be used, for example:
> accept for domain "*.example.com" \ 
>virtual  deliver to mbox
> The table users holds a key-value mapping of virtual to system users. For an 
> example of how to configure the users table, seemakemap(8).
> 
> Also look in makemap(8) for some more details.
> 
> For it to work you will have to have a system user to handle all of the mail. 
>  You would have to do the same with postfix and probably other mta.

Re: Virtual domains

2015-03-12 Thread Gonzalo 
I mean, I don't want to create a system user per email account.
 El mar 12, 2015 6:55 PM, "Edgar Pettijohn III" 
escribió:

> smtpd.conf(5)
> *for* [*!*] *domain* *domain* *virtual* <*users*>This rule applies to
> mail destined for the specified virtual*domain*. This parameter supports
> the ‘*’ wildcard, so that a single rule for all sub-domains can be used,
> for example:
>
> accept for domain "*.example.com" \
>virtual  deliver to mbox
>
> The table *users* *holds a key-value mapping of virtual to **system*
> users. For an example of how to configure the *users* table, seemakemap(8)
> .
>
> Also look in makemap(8) for some more details.
>
> For it to work you will have to have a system user to handle all of the
> mail.  You would have to do the same with postfix and probably other mta.
>

Re: Virtual domains

2015-03-12 Thread Edgar Pettijohn III 
smtpd.conf(5)
for [!] domain domain virtual 
This rule applies to mail destined for the specified virtualdomain. This 
parameter supports the ‘*’ wildcard, so that a single rule for all sub-domains 
can be used, for example:
accept for domain "*.example.com" \ 
   virtual  deliver to mbox
The table users holds a key-value mapping of virtual to system users. For an 
example of how to configure the users table, seemakemap(8).

Also look in makemap(8) for some more details.

For it to work you will have to have a system user to handle all of the mail.  
You would have to do the same with postfix and probably other mta.

Re: Virtual domains

2015-03-12 Thread Gonzalo 
I dont want systems users
El mar 12, 2015 6:43 PM, "Edgar Pettijohn III" 
escribió:

>
> On Mar 11, 2015, at 8:09 PM, Seth wrote:
>
> > On Wed, 11 Mar 2015 13:11:16 -0700, Gonzalo 
> wrote:
> >
> >> Hi Guys,
> >>
> >> I have this conf on OpenBSD 5.6
> >>
> >> table dominios  file:/etc/mail/dominios
> >> table usuarios  file:/etc/dovecot/users
> >> table aliases   db:/etc/mail/aliases.db
> >> table spam  file:/etc/mail/spam
> >>
> >> expire 4h
> >>
> >> pki foobar.com.ar certificate  "/etc/mail/certs/foobar.crt"
> >> pki foobar.com.ar key  "/etc/mail/certs/foobar.key"
> >> pki foobar.com.ar dhparams "/etc/ssl/
> >> foobar.com.ar/dhparam.pem"
> >>
> >> listen on lo0 port 25
> >> listen on egress secure pki foobar.com.ar hostname foobar.com.ar
> >> #listen on egress port 587 tls-require pki foobar.com.ar auth
> 
> >> hostname foobar.com.ar
> >> listen on egress port 587 tls-require pki foobar.com.ar auth 
> >>
> >> reject from any sender  for domain 
> >>
> >> accept for local alias  deliver to mda
> >> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
> >> accept from any for domain  alias  deliver to mda
> >> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
> >> accept from any for domain  deliver to mda
> >> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
> >> accept for any relay
> >>
> >>
> >>
> >> I can login and recive/send mails with foobar.com.ar (usr bla) but I
> can't
> >> with other domain in file:/etc/mail/dominios or file:/etc/dovecot/users
> >>
> >> file:/etc/dovecot/users
> >> bla bla:$2b$06$bhtDQvYWeY0xvL3ylAKmetPY7Awe9RdbjXKrhrC.
> >> blo blo:$2b$06t9bLmm.bkoK4A6tueb.eb0j2vivzV1pH7PrZoixwzBROTr0Gd6
> >>
> >> file:/etc/mail/dominios
> >> hostname
> >> foobar.com.ar
> >> blo.com.ar
> >>
> >>
> >> Any idea, what I doind wrong here?
> >
> > What messages show up in the log when authentication fails?
> >
> > Have you tried running smtpd -dv in the terminal to watch the failures
> take place?
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
>
> The format of your "usarios" table is incorrect I believe.  It should be a
> mapping of an email address to a system user.  Mine looks like so:
>
> # /etc/mail/vusers
> us...@domain.tld  _vmail
>
> Then your dovecot userdb needs to look something like this:
>
> user1:{BLF-CRYPT}"password hash":5000:5000::/var/vmail/%d/%n
>
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>

Re: Virtual domains

2015-03-12 Thread Edgar Pettijohn III 

On Mar 11, 2015, at 8:09 PM, Seth wrote:

> On Wed, 11 Mar 2015 13:11:16 -0700, Gonzalo  wrote:
> 
>> Hi Guys,
>> 
>> I have this conf on OpenBSD 5.6
>> 
>> table dominios  file:/etc/mail/dominios
>> table usuarios  file:/etc/dovecot/users
>> table aliases   db:/etc/mail/aliases.db
>> table spam  file:/etc/mail/spam
>> 
>> expire 4h
>> 
>> pki foobar.com.ar certificate  "/etc/mail/certs/foobar.crt"
>> pki foobar.com.ar key  "/etc/mail/certs/foobar.key"
>> pki foobar.com.ar dhparams "/etc/ssl/
>> foobar.com.ar/dhparam.pem"
>> 
>> listen on lo0 port 25
>> listen on egress secure pki foobar.com.ar hostname foobar.com.ar
>> #listen on egress port 587 tls-require pki foobar.com.ar auth 
>> hostname foobar.com.ar
>> listen on egress port 587 tls-require pki foobar.com.ar auth 
>> 
>> reject from any sender  for domain 
>> 
>> accept for local alias  deliver to mda
>> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
>> accept from any for domain  alias  deliver to mda
>> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
>> accept from any for domain  deliver to mda
>> "/usr/local/libexec/dovecot/dovecot-lda -f %{sender}"
>> accept for any relay
>> 
>> 
>> 
>> I can login and recive/send mails with foobar.com.ar (usr bla) but I can't
>> with other domain in file:/etc/mail/dominios or file:/etc/dovecot/users
>> 
>> file:/etc/dovecot/users
>> bla bla:$2b$06$bhtDQvYWeY0xvL3ylAKmetPY7Awe9RdbjXKrhrC.
>> blo blo:$2b$06t9bLmm.bkoK4A6tueb.eb0j2vivzV1pH7PrZoixwzBROTr0Gd6
>> 
>> file:/etc/mail/dominios
>> hostname
>> foobar.com.ar
>> blo.com.ar
>> 
>> 
>> Any idea, what I doind wrong here?
> 
> What messages show up in the log when authentication fails?
> 
> Have you tried running smtpd -dv in the terminal to watch the failures take 
> place?
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


The format of your "usarios" table is incorrect I believe.  It should be a 
mapping of an email address to a system user.  Mine looks like so:

# /etc/mail/vusers
us...@domain.tld  _vmail

Then your dovecot userdb needs to look something like this:

user1:{BLF-CRYPT}"password hash":5000:5000::/var/vmail/%d/%n



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Virtual domains

2015-03-12 Thread Gonzalo 
debug: pony: rsae_bn_mod_exp
smtp-in: Started TLS on session cdb6415f5a23579f: version=TLSv1/SSLv3,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
smtp-in: Client certificate verification succeeded on session
cdb6415f5a23579f
debug: smtp: SIZE in MAIL FROM command
lookup: check "209.85.217.171" as NETADDR in table static: -> found
lookup: check "tengoandr...@gmail.com" as MAILADDR in table static:spam -> 0
lookup: check "209.85.217.171" as NETADDR in table static: -> 0
lookup: check "209.85.217.171" as NETADDR in table static: -> found
lookup: check "blo.com.ar" as DOMAIN in table static:dominios -> found
lookup: lookup "b...@blo.com.ar" as ALIAS in table static:usuariosv -> "blo"
debug: aliases_virtual_get: 'b...@blo.com.ar' resolved to 1 nodes
lookup: lookup "blo" as ALIAS in table static:usuariosv -> 0
lookup: lookup "blo" as USERINFO in table getpwnam: -> 0
smtp-in: Failed command on session cdb6415f5a23579f: "RCPT TO:<
b...@blo.com.ar>" => 550 Invalid recipient
smtp-in: Closing session cdb6415f5a23579f
debug: smtp: 0x1baeac80c000: deleting session: done
debug: pony: rsae_finish


Any ideas?



2015-03-12 13:02 GMT-03:00 Seth :

> On Thu, 12 Mar 2015 07:14:11 -0700, Gonzalo 
> wrote:
>
>  Mmm I have the same output..
>> El mar 11, 2015 11:31 PM, "Seth"  escribió:
>>
>
> Offhand I would say this is probably more of Dovecot delivery
> configuration issue moreso than an OpenSMTPD one. I don't have much
> experience using or troubleshooting LDA or LMTP delivery unfortunately
> however so sorry I cannot be of more help.
>
> Try increasing verbosity of the Dovecot logs and watch them with a tail -f
> command as message deliveries are attempted, that might yield some clues.
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>


-- 
Enviado desde mi tostadora de mano...

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth 

On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa  wrote:

 I have not tried  to remove the sets after installation however.


This command will remove the installation sets

$ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf

Obviously test it out first somewhere where it won't trash your system.

$ cd ~
$ sudo pax -rvzf xetc56.tgz -p e
$ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf

It leaves a few skeleton directories but that's it.

$ tree
.
|-- etc
|   |-- X11
|   |   |-- app-defaults
|   |   |-- fs
|   |   |-- twm
|   |   |-- xdm
|   |   |-- xinit
|   |   `-- xsm
|   `-- fonts
|   `-- conf.d
|-- usr

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth 

On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa  wrote:


I did the following on my "X-less" installation of OpenBSD 5.6

 - downloaded the two sets xetc56.tgz and xbase56.tgz
 - added the sets according to the FAQ  
http://www.openbsd.org/faq/faq4.html#AddFileSet  


 - created the symlink as follows:
   /usr/local/lib/X11/app-defaults -> /etc/X11/app-defaults

after doing so dkimproxy compiled and installed fine. I have not tried  
to remove the sets after installation however.


Thank you, that solved the problem.

Commands used

$ ftp -o http://mirrors.sonic.net/openbsd/5.6/amd64/xetc56.tgz
$ ftp -o http://mirrors.sonic.net/openbsd/5.6/amd64/xbase56.tgz
$ sudo mv x*.tgz /; cd /
$ sudo pax -rvzf xetc56.tgz -p e
$ sudo pax -rvzf xbase56.tgz -p e
$ sudo ln -s /etc/X11/app-defaults  /usr/local/lib/X11/app-defaults
$ cd /usr/ports/mail/dkimproxy/; sudo make install

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Eric Ripa 
I did the following on my "X-less" installation of OpenBSD 5.6

 - downloaded the two sets xetc56.tgz and xbase56.tgz
 - added the sets according to the FAQ 
http://www.openbsd.org/faq/faq4.html#AddFileSet 

 - created the symlink as follows:
   /usr/local/lib/X11/app-defaults -> /etc/X11/app-defaults

after doing so dkimproxy compiled and installed fine. I have not tried to 
remove the sets after installation however.


Eric Ripa




> On 2015-03-12, at 17:15, Seth  wrote:
> 
> I was going to build and configure dkimproxy for use with OpenSMTPD according 
> to this guide [1] but got stopped cold by the following error:
> 
> $ sudo make
> Fatal: /usr/local/lib/X11/app-defaults should exist and be a symlink
> *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2513 
> '/usr/ports/pobj/dkimproxy-1.4.1/.extract_started': 
> @appdefaults=/usr/local/...)
> *** Error 1 in /usr/ports/mail/dkimproxy 
> (/usr/ports/infrastructure/mk/bsd.port.mk:2455 'all')
> 
> The dkimproxy port apparently requires X11 OpenBSD install sets?
> 
> I know that some people on this list help to finish up the OpenBSD port of 
> dkimproxy [2], can anyone assist with getting it to build on a headless 
> server with no X install sets present?
> 
> [1] 
> http://technoquarter.blogspot.com/2015/02/openbsd-mail-server-part-5-dkimproxy.html
> [2] http://www.mail-archive.com/ports%40openbsd.org/msg47873.html
> 
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Gonzalo 
Right.
El mar 12, 2015 1:47 PM, "Giovanni Bechis"  escribió:

> On 03/12/15 17:42, Gonzalo wrote:
> > what are you talking about??
> >
> > onzalo : /usr/ports> sudo pkg_add -vi dkimproxy
> > Password:
> > Update candidates: quirks-2.54 -> quirks-2.54
> > quirks-2.54 signed on 2015-03-08T12:33:05Z
>
> on 5.6 there is no package:
> 
> revision 1.323
> date: 2015/02/16 18:10:21;  author: jasper;  state: Exp;  lines: +2 -1;
> commitid: L4dxY4PfIGmB6s3k;
> hookup dkimproxy which seems to have been forgotten when originally
> imported
>
> ok sthen@
> 
>
>  Giovanni
>

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Giovanni Bechis 
On 03/12/15 17:42, Gonzalo wrote:
> what are you talking about??
> 
> onzalo : /usr/ports> sudo pkg_add -vi dkimproxy
> Password:
> Update candidates: quirks-2.54 -> quirks-2.54
> quirks-2.54 signed on 2015-03-08T12:33:05Z

on 5.6 there is no package:

revision 1.323
date: 2015/02/16 18:10:21;  author: jasper;  state: Exp;  lines: +2 -1;  
commitid: L4dxY4PfIGmB6s3k;
hookup dkimproxy which seems to have been forgotten when originally imported

ok sthen@


 Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Gonzalo 
what are you talking about??

onzalo : /usr/ports> sudo pkg_add -vi dkimproxy
Password:
Update candidates: quirks-2.54 -> quirks-2.54
quirks-2.54 signed on 2015-03-08T12:33:05Z
dkimproxy-1.4.1p0:p5-Crypt-OpenSSL-Random-0.06p0: ok
dkimproxy-1.4.1p0:p5-Crypt-OpenSSL-Bignum-0.04p5: ok
dkimproxy-1.4.1p0:p5-Crypt-OpenSSL-RSA-0.28p0: ok
dkimproxy-1.4.1p0:p5-Net-DNS-0.82: ok
dkimproxy-1.4.1p0:p5-Time-TimeDate-2.30: ok
dkimproxy-1.4.1p0:p5-Mail-Tools-2.07: ok
dkimproxy-1.4.1p0:p5-Mail-DKIM-0.40p0: ok
dkimproxy-1.4.1p0:p5-Net-Server-2.008: ok
dkimproxy-1.4.1p0: ok
The following new rcscripts were installed: /etc/rc.d/dkimproxy_in
/etc/rc.d/dkimproxy_out
See rcctl(8) for details.
Extracted 2497432 from 2502874




2015-03-12 13:39 GMT-03:00 Daniel Pajonzeck :

> On 12.03.2015 17:20, Gonzalo wrote:
> > Do you try with pkg_add -vi dkimproxy ?
>
> You need to install from ports tree, there are no packages for dkimproxy
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>


-- 
Enviado desde mi tostadora de mano...

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Daniel Pajonzeck 
On 12.03.2015 17:20, Gonzalo wrote:
> Do you try with pkg_add -vi dkimproxy ?

You need to install from ports tree, there are no packages for dkimproxy

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Gonzalo 
Do you try with pkg_add -vi dkimproxy ?

irrc doesn't need X11
El mar 12, 2015 1:16 PM, "Seth"  escribió:

> I was going to build and configure dkimproxy for use with OpenSMTPD
> according to this guide [1] but got stopped cold by the following error:
>
> $ sudo make
> Fatal: /usr/local/lib/X11/app-defaults should exist and be a symlink
> *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2513
> '/usr/ports/pobj/dkimproxy-1.4.1/.extract_started':
> @appdefaults=/usr/local/...)
> *** Error 1 in /usr/ports/mail/dkimproxy (/usr/ports/infrastructure/mk/
> bsd.port.mk:2455 'all')
>
> The dkimproxy port apparently requires X11 OpenBSD install sets?
>
> I know that some people on this list help to finish up the OpenBSD port of
> dkimproxy [2], can anyone assist with getting it to build on a headless
> server with no X install sets present?
>
> [1] http://technoquarter.blogspot.com/2015/02/openbsd-mail-
> server-part-5-dkimproxy.html
> [2] http://www.mail-archive.com/ports%40openbsd.org/msg47873.html
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>

Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth 
I was going to build and configure dkimproxy for use with OpenSMTPD  
according to this guide [1] but got stopped cold by the following error:


$ sudo make
Fatal: /usr/local/lib/X11/app-defaults should exist and be a symlink
*** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2513  
'/usr/ports/pobj/dkimproxy-1.4.1/.extract_started':  
@appdefaults=/usr/local/...)
*** Error 1 in /usr/ports/mail/dkimproxy  
(/usr/ports/infrastructure/mk/bsd.port.mk:2455 'all')


The dkimproxy port apparently requires X11 OpenBSD install sets?

I know that some people on this list help to finish up the OpenBSD port of  
dkimproxy [2], can anyone assist with getting it to build on a headless  
server with no X install sets present?


[1]  
http://technoquarter.blogspot.com/2015/02/openbsd-mail-server-part-5-dkimproxy.html

[2] http://www.mail-archive.com/ports%40openbsd.org/msg47873.html

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Virtual domains

2015-03-12 Thread Seth 

On Thu, 12 Mar 2015 07:14:11 -0700, Gonzalo  wrote:


Mmm I have the same output..
El mar 11, 2015 11:31 PM, "Seth"  escribió:


Offhand I would say this is probably more of Dovecot delivery  
configuration issue moreso than an OpenSMTPD one. I don't have much  
experience using or troubleshooting LDA or LMTP delivery unfortunately  
however so sorry I cannot be of more help.


Try increasing verbosity of the Dovecot logs and watch them with a tail -f  
command as message deliveries are attempted, that might yield some clues.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Mail not bouncing on missing system user (451 Temporary failure Instead of 550 Invalid user)

2015-03-12 Thread Eric Ripa 
An update on this thread in case anyone is interested or search for the same.

I never found any resolution to let OpenSMTPD rely on getpwnam (and thus 
ypldap).

I traced the rules and lookup further and my only suspicion is that it's ypldap 
causing the odd behavior with getpwnam. In the end I took another approach and 
created a virtual user table mapping to the system users (fetched by ypldap) + 
added all aliases in the same virtual user map. Now I get proper Invalid 
Recipient replies and nothing stuck in the queue. I build the virtual user 
table with a simple Python LDAP script.

This solution actually is better in the end as it allows my client to have more 
fine-grained control over mail accounts, aliases and group-mail aliases.

---

I do however have a question left:

In my trials I briefly had the configuration as follows:
accept tagged for domain  alias  deliver to lmtp 
"/var/dovecot/lmtp"
accept tagged for domain  virtual  deliver to lmtp 
"/var/dovecot/lmtp"

But everything ended up in the first rule, and even though the alias map didn't 
contain any of the recipients it never went to the virtual user rule and all 
mails stayed in "Temporary lookup failure".

I solved it by combining my alias and virtual user maps, but if I understand it 
correctly the above should have worked.. or? Maybe it's the ypldap ghost..

Thanks,
Eric Ripa





> On 2015-03-06, at 08:22, Eric Ripa  wrote:
> 
> Hi,
> 
> I originally posted this as an issue on Github but then I realized that the 
> mail list probably would be a better match. So I'm reposting here and have 
> closed the Github issue.
> 
> 
> I've setup OpenBSD 5.6 with OpenSMTPD 5.4.4 for use with system user (LDAP, 
> using ypldap) on one primary domain. The setup is based on the guide 
> available here: http://technoquarter.blogspot.se 
> 
> 
> 
> This is the two rules that (in my mind) should affect this.
> 
>   table domains db:/etc/mail/domains.db
>   accept for domain  deliver to lmtp "/var/dovecot/lmtp"
> 
> And my domains file:
> 
>  example.com  accept
> 
> If I send to a user that does exist on the system I get correct behavior and 
> the mail delivers, but when I send to a non-existing user the mail goes into 
> limbo with '451 Temporary Failure'
> 
> Using smtpd -d -T lookup I can see the following behaviors, first an existing 
> user:
> 
>lookup: lookup "eric.ripa" as USERINFO in table getpwnam: -> 
> "eric.ripa:1101:1025:/home/eric.ripa"
>delivery: Ok for f23a96c23e2500b8: from= >, to= >, user=eric.ripa, method=lmtp, delay=1s, 
> stat=Delivered
> 
> Then the non-existing user:
> 
>lookup: lookup "foo" as USERINFO in table getpwnam: -> -1
>smtp-in: Failed command on session a6ee64eda205f046: "RCPT 
> TO:mailto:f...@example.com>>" => 451 Temporary failure
>relay: TempFail for c534b8c7f5ad4a41: session=a6ee64ec089bf84f, 
> from=mailto:t...@example.com>>, to= >, rcpt=<->, source=127.0.0.1, relay=127.0.0.1 
> (localhost), delay=6m41s, stat=451 Temporary failure
> 
> Shouldn't this mail bounce with a 550 or something similar? Currently the 
> mail stays in the queue until the envelope expires.
> 
> Any ideas? Is it possible to force a reject if user doesn't exist on the 
> system?
> 
> Thanks,
> Eric Ripa



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Can "pki" be omitted from the "listen on" directive

2015-03-12 Thread Gilles Chehade 
On Sat, Mar 07, 2015 at 04:20:40AM -0700, Clint Pachl wrote:
> Does the hostname in the pki directive correspond to the hostname in
> /etc/mail/mailname? If so, can I omit the pki parameter in the "listen on"
> directive?
> 
> For example, if I have "mail.example.com" in /etc/mail/mailname and the
> following pki directives in smtpd.conf:
> 
>   pki mail.example.com certificate "/etc/ssl/mail.example.com.crt"
>   pki mail.example.com key "/etc/ssl/private/mail.example.com.key"
> 
> can I safely change:
> 
>   listen on mail port smtp tls pki mail.example.com auth-optional 
>   listen on mail port submission tls-require pki mail.example.com auth
> 
> 
> to:
> 
>   listen on mail port smtp tls auth-optional 
>   listen on mail port submission tls-require auth 
> 
> What if mail is accepted from local for domains other than "example.com"?
> Will secure connections still be used.
> 

Yes, however I personally prefer to state things explicitely


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Support for ECDSA CA server certificates

2015-03-12 Thread Gilles Chehade 
On Tue, Feb 17, 2015 at 01:00:37PM -0800, Seth wrote:
> I'm in the process of switching out existing RSA Certificate Authority
> server certificates for ECDSA (Elliptical Curve DSA) ones.
> 
> Are ECDSA certs supported by OpenSMTPD? Or does that depend completely on
> the chosen SSL library, i.e. OpenSSL, LibreSSL, BoringSSL, etc?
> 

They are not supported yet but they should be soon.

Basically, we rely on privilege separation for handling private keys and
it requires writing slightly more code than the usual. There's been some
discussion going on about this on another OpenBSD project and we'll pick
the change when it's available there.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OS X Binaries / Patches

2015-03-12 Thread Gilles Chehade 
On Wed, Mar 11, 2015 at 07:03:14PM -0700, Benjamin Perrault wrote:
> Hi all,
> 

Hi,


> So a while back - I mailed the list ( 
> http://article.gmane.org/gmane.mail.opensmtpd.general/2397 ) about OpenSMTPD 
> - but since I didn???t hear anything back, I went thru, sorted the issues ( 
> both build and runtime ) and have it working on OS X Yosemite. 
> 
> I???m not sure if this is of any use to anyone but me, but I???m hoping it 
> is. If anything, it???s a first step getting OpenSMTPD into Homebrew or 
> Macports, amongst other things.
> 
> So..
> 

Well, to be perfectly clear about our position:

We are not necessarily interested _ourselves_ in porting to all systems,
primarily because unless there's high demand it diverts our efforts from
working on features that more people expect.

However, we greatly appreciate when people do the porting and we do want
to help them merge their changes so that OpenSMTPD runs on as many hosts
as possible.

If OpenSMTPD doesn't run on a system and you don't see us working on it,
or you see that a ticket for portability stalls, it doesn't mean we dont
care but just that we'd appreciate if someone else did the work ;-)


> --
> b.) Patches
> 
> What???s the best way to handle these? 
> 
> I have a quick and dirty patch ( like you would see in Homebrew or even 
> FreeBSD ports ) that will allow everything to build/work correctly after 
> it???s applied to the 5.4.4p1 source tree. Since some of the OS X changes do 
> break the build on the other BSDs, this might be a good idea ( this is even 
> more an prevalent in the latest portable snapshot ). It???s not something you 
> would put in a git pull request, that???s for sure. But it works.
>
> Or I can spend some time and make a not-so-dirty patch that can be applied 
> without breaking non-OS X builds.. but I???m not sure the code/style 
> guidelines, nor am I 100% sure how to cleanly apply the needed changes - so I 
> might need a little help and this will. It would be an undertaking. 
>  
> Or I can do both. Or some hybrid.. Or.. basically, I don???t really know what 
> the best way to handle it. What says the development team / community say? 
> 

First of all, you need to separate the changes you did to allow the
project to build, from the packaging you did so it can install on your
system.

Our portable branch only focuses on making the project build on systems
disregarding how it will be packaged. Any diff you have to make it build
we can review and either merge or help you modify so that it can be made
into a diff suitable for merge.

I'd say, the first step would be to share the diffs :-)


> Anyway - thanks to the OpenSTMPD team for building such a great SMTP server - 
> I hope this work will be useful to someone and contributes to OpenSMTPD???s 
> total domination. 
> 

Total domination is in progress.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org