Re: Spot of bother with send to lmtp
Not to come off as utterly hopeless, but still having only limited success with this set up. I can get smtpd and dovecot working mostly as expected but only by dispensing with all the filters. As is from the faq, smtpd bails with: smtpd: bind: address already in use In order to get it going, I had to change the listen directives, replacing 'all' with 'egress' as well as expunging all the bits about filters. In fact, I had to comment out the filter declarations themselves at the start of smtpd.conf I had a go at uncommenting the filters one at a time, and thought I was making tremendous progress only to discover that somewhere down the list, smtpd has fallen outside the control of smtpctl, such that it wasn't actually rereading the config. Tracking it down with ps and properly killing it revealed that smtpd was once again failing to bind to the desired ports. Not entirely sure what to make of this I notice clamd is much slower to start than I'd have expected. Currently running the snapshot I grabbed this morning. And apart from the filters, everything works fine. On February 2, 2016 5:18:41 AM PST, Joerg Jung wrote: > >> Am 02.02.2016 um 05:36 schrieb Steve Conrad : >> >> Having a spot of bother setting up some virtual domains using the >excellent faq at https://opensmtpd.org/faq/example1.html a guide. >> >> Despite my best efforts to follow the guide, smtpd complains of two >syntax errors in the config file and declines to start. >> >> The offending lines are the ones involving sending to lmtp, one of >which is listed below: >> >> accept from any for domain virtual deliver to >lmtp "/var/dovecot/lmtp" rcpt-to >> >> If this is any different from the example, it's not jumping out at >me. Has the syntax for 'lmtp ... rcpt-to' changed recently? >> >> Running OpenBSD 5.8 amd64 on a digital ocean droplet. Thanks in >advance. This has been surprisingly easy going for learning a new MTA. >> If the service is free, you're the product. > >Yes, rcpt-to keyword was recently added. >You either need to install a snapshot or wait for 5.9. If the service is free, you're the product.
Re: force SMTPS for outgoing relays?
On Tue, 2 Feb 2016 13:28:14 -0600 [sigh] It is an ISP issue. My apologies for cluttering up the mailing list. Jeremy Jeremy Volkening wrote: > After successfully testing an identical configuration on another > system on another network, it seems likely that this issue is somehow > related to my particular local network configuration (NAT'd behind a > quasi-static public IP) which results in the remote MTAs refusing the > connection, and is not at all OpenSMTPD-specific. This at least sends > me in a fresh direction of research/inquiry. Any suggestions would > still be welcome, however. > > Jeremy > > On Tue, 2 Feb 2016 12:14:46 -0600 > Jeremy Volkening wrote: > > > Hello, > > > > Is there any way to force OpenSMTPD to use SMTPS on port 465 for > > outgoing relays (without using a smarthost)? > > > > I'm trying (and failing) to configure OpenSMTPD to relay outgoing > > mail (v5.4.4 on OpenBSD 5.8 and also tried v5.7.3p1 on Linux). Here > > is my barebones smtpd.conf: > > > > listen on localhost > > accept for local deliver to mbox > > accept for any relay > > > > I've tried many other possible configurations. Perhaps revealingly, > > if I set it to forward via a smarthost I have credentials on with > > explicit SMTPS: > > > > accept for any relay via smtps://.com > > > > then things work fine. If I don't explicity specify SMTPS then this > > fails as well with similar debugging output. Network monitoring > > indicates that when mail is successfully sent via smarthost, the > > connection is initiated on port 465. However, with other > > configurations all connection attempts are made on 25 and the > > destination servers never respond. I have tried this with multiple > > destinations. Name resolution succeeds in each case, but the > > destination servers never respond on port 25. > > > > I know from past experience with Exim that I must explicity tell it > > to use SMTPS for outgoing relays. I suspect that I'm having the same > > issue here, but I can't figure out how to configure this behavior on > > OpenSMTPD. I can set 'smtps' as an option on the 'listen' control > > word but not on 'relay'. Any help or suggestions would be greatly > > appreciated. I can attach full debugging output if requested, but > > again it seems clear from the network logs that smtpd is repeatedly > > trying to connect to remote hosts on port 25 with no response, while > > perhaps it should be trying on port 465. > > > > Thanks, > > Jeremy > > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: force SMTPS for outgoing relays?
After successfully testing an identical configuration on another system on another network, it seems likely that this issue is somehow related to my particular local network configuration (NAT'd behind a quasi-static public IP) which results in the remote MTAs refusing the connection, and is not at all OpenSMTPD-specific. This at least sends me in a fresh direction of research/inquiry. Any suggestions would still be welcome, however. Jeremy On Tue, 2 Feb 2016 12:14:46 -0600 Jeremy Volkening wrote: > Hello, > > Is there any way to force OpenSMTPD to use SMTPS on port 465 for > outgoing relays (without using a smarthost)? > > I'm trying (and failing) to configure OpenSMTPD to relay outgoing mail > (v5.4.4 on OpenBSD 5.8 and also tried v5.7.3p1 on Linux). Here is my > barebones smtpd.conf: > > listen on localhost > accept for local deliver to mbox > accept for any relay > > I've tried many other possible configurations. Perhaps revealingly, if > I set it to forward via a smarthost I have credentials on with > explicit SMTPS: > > accept for any relay via smtps://.com > > then things work fine. If I don't explicity specify SMTPS then this > fails as well with similar debugging output. Network monitoring > indicates that when mail is successfully sent via smarthost, the > connection is initiated on port 465. However, with other > configurations all connection attempts are made on 25 and the > destination servers never respond. I have tried this with multiple > destinations. Name resolution succeeds in each case, but the > destination servers never respond on port 25. > > I know from past experience with Exim that I must explicity tell it to > use SMTPS for outgoing relays. I suspect that I'm having the same > issue here, but I can't figure out how to configure this behavior on > OpenSMTPD. I can set 'smtps' as an option on the 'listen' control word > but not on 'relay'. Any help or suggestions would be greatly > appreciated. I can attach full debugging output if requested, but > again it seems clear from the network logs that smtpd is repeatedly > trying to connect to remote hosts on port 25 with no response, while > perhaps it should be trying on port 465. > > Thanks, > Jeremy -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
force SMTPS for outgoing relays?
Hello, Is there any way to force OpenSMTPD to use SMTPS on port 465 for outgoing relays (without using a smarthost)? I'm trying (and failing) to configure OpenSMTPD to relay outgoing mail (v5.4.4 on OpenBSD 5.8 and also tried v5.7.3p1 on Linux). Here is my barebones smtpd.conf: listen on localhost accept for local deliver to mbox accept for any relay I've tried many other possible configurations. Perhaps revealingly, if I set it to forward via a smarthost I have credentials on with explicit SMTPS: accept for any relay via smtps://.com then things work fine. If I don't explicity specify SMTPS then this fails as well with similar debugging output. Network monitoring indicates that when mail is successfully sent via smarthost, the connection is initiated on port 465. However, with other configurations all connection attempts are made on 25 and the destination servers never respond. I have tried this with multiple destinations. Name resolution succeeds in each case, but the destination servers never respond on port 25. I know from past experience with Exim that I must explicity tell it to use SMTPS for outgoing relays. I suspect that I'm having the same issue here, but I can't figure out how to configure this behavior on OpenSMTPD. I can set 'smtps' as an option on the 'listen' control word but not on 'relay'. Any help or suggestions would be greatly appreciated. I can attach full debugging output if requested, but again it seems clear from the network logs that smtpd is repeatedly trying to connect to remote hosts on port 25 with no response, while perhaps it should be trying on port 465. Thanks, Jeremy -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Spot of bother with send to lmtp
Thanks for sorting that out for me. On February 2, 2016 5:18:41 AM PST, Joerg Jung wrote: > >> Am 02.02.2016 um 05:36 schrieb Steve Conrad : >> >> Having a spot of bother setting up some virtual domains using the >excellent faq at https://opensmtpd.org/faq/example1.html a guide. >> >> Despite my best efforts to follow the guide, smtpd complains of two >syntax errors in the config file and declines to start. >> >> The offending lines are the ones involving sending to lmtp, one of >which is listed below: >> >> accept from any for domain virtual deliver to >lmtp "/var/dovecot/lmtp" rcpt-to >> >> If this is any different from the example, it's not jumping out at >me. Has the syntax for 'lmtp ... rcpt-to' changed recently? >> >> Running OpenBSD 5.8 amd64 on a digital ocean droplet. Thanks in >advance. This has been surprisingly easy going for learning a new MTA. >> If the service is free, you're the product. > >Yes, rcpt-to keyword was recently added. >You either need to install a snapshot or wait for 5.9. If the service is free, you're the product.
Re: latest OpenSSL causes OpenSMTPD to segv
On Tue, Feb 02, 2016 at 03:28:43PM +, Kevin Chadwick wrote: > > This impact all users who upgrade to OpenSSL 1.0.2f and will cause smtpd > > to crash as soon as the RSA engine is used (ie: whenever there's crypto) > > > > A quick workaround is to not upgrade to 1.0.2f yet and maybe ask OpenSSL > > why a "patchlevel" release contains more than patches. > > > > Meanwhile, we're investigating how we're going to unfuck this. > > Does this affect other projects? I am simply wondering what the odds > are of this being hostility or stupidity? > An OpenSSL developer who wasn't aware I already had the fix contacted me this night to let me know what was causing the crash. That does not seem very hostile to me ;-) I think it is unfortunate that they slipped an API change, even a subtle one, in a patch release that people were kind of obligated to apply, but this is more of a releng issue IMO. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: latest OpenSSL causes OpenSMTPD to segv
> This impact all users who upgrade to OpenSSL 1.0.2f and will cause smtpd > to crash as soon as the RSA engine is used (ie: whenever there's crypto) > > A quick workaround is to not upgrade to 1.0.2f yet and maybe ask OpenSSL > why a "patchlevel" release contains more than patches. > > Meanwhile, we're investigating how we're going to unfuck this. Does this affect other projects? I am simply wondering what the odds are of this being hostility or stupidity? -- KISSIS - Keep It Simple So It's Securable -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Announce: OpenSMTPD 5.7.3p2 released
OpenSMTPD 5.7.3p2 has just been released. OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases. It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux. The archives are now available from the main site at www.OpenSMTPD.org We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems. This is a -portable specific patchlevel release with no new feature. Issues fixed in this release (since 5.7.3p1): = - OpenSSL 1.0.2f was released by the OpenSSL project to address security issues, unfortunately that patchlevel release also introduces a change in the API we relied upon for our privileges separated RSA engine. With the introduced change, OpenSMTPD started unexpectedly executing a couple functions that were not meant to be used (yet ?), and that were bypassed until now. This resulted in OpenSMTPD crashing when linked to OpenSSL 1.0.2f but not to previous versions up to and including 1.0.2e This release introduces a fix to cope with the change on our side. Checksums: == SHA256 (opensmtpd-5.7.3p2.tar.gz) = 0d2973008d0f66bebb84bed516be6c32617735241cc54dd26643529281a8e52b Verify: === Starting with version 5.7.1, releases are signed with signify(1). You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine. Once you are confident the key is correct, you can verify the release as described below: 1- get the signature file corresponding to the tarball you're installing $ wget https://www.opensmtpd.org/archives/opensmtpd-5.7.3p2.sum.sig 2- verify that the signature file was not forged: $ signify -C -p /home/gilles/.signify/opensmtpd.pub -x opensmtpd-5.7.3p2.sum.sig Signature Verified opensmtpd-5.7.3p2.tar.gz: OK $ Support: You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html The "Official" IRC channel for the project is at: #OpenSMTPD @ irc.freenode.net Reporting Bugs: === Please read http://www.opensmtpd.org/report.html Security bugs should be reported directly to secur...@opensmtpd.org Other bugs may be reported to b...@opensmtpd.org OpenSMTPD is brought to you by Gilles Chehade, Eric Faurot and Sunil Nimmagadda. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Spot of bother with send to lmtp
> Am 02.02.2016 um 05:36 schrieb Steve Conrad : > > Having a spot of bother setting up some virtual domains using the excellent > faq at https://opensmtpd.org/faq/example1.html a guide. > > Despite my best efforts to follow the guide, smtpd complains of two syntax > errors in the config file and declines to start. > > The offending lines are the ones involving sending to lmtp, one of which is > listed below: > > accept from any for domain virtual deliver to lmtp > "/var/dovecot/lmtp" rcpt-to > > If this is any different from the example, it's not jumping out at me. Has > the syntax for 'lmtp ... rcpt-to' changed recently? > > Running OpenBSD 5.8 amd64 on a digital ocean droplet. Thanks in advance. This > has been surprisingly easy going for learning a new MTA. > If the service is free, you're the product. Yes, rcpt-to keyword was recently added. You either need to install a snapshot or wait for 5.9.