Re: mlmmj with opensmtpd

2016-08-17 Thread Gilles Chehade 
You should not be running EXPERIMENTAL filters if you are unable to troubleshoot something as trivial as this by yourself... 
Gilles 
b‹«yÇ¢½çm†+)[yÆ®±ì¨¹ªÞ²æìr¸›yÛhš+¢—§²kivŠàN‹§²æìr¸›zǧu©šŠ[hš+úéì¹»®&Þ¢—§²kivŠà

Re: What is the correct syntax in opensmtpd

2016-08-17 Thread Edgar Pettijohn 


Sent from my iPhone

> On Aug 17, 2016, at 2:41 PM, Mik J  wrote:
> 
> Hello,
> 
> I have two rules like these
> accept from local for domain  relay via smtp://127.0.0.1:10023
> accept from source  for domain  relay via 
> smtp://127.0.0.1:10023
> 

Seems like you could add your local ip's to the myips table.

> Is there a way to make only one rule ?
> 
> If a mail is local OR coming from some ips I trust then relay the mails
> 
> Regards

What is the correct syntax in opensmtpd

2016-08-17 Thread Mik J 
Hello,
I have two rules like theseaccept from local for domain  relay via 
smtp://127.0.0.1:10023
accept from source  for domain  relay via 
smtp://127.0.0.1:10023

Is there a way to make only one rule ?
If a mail is local OR coming from some ips I trust then relay the mails
Regards

Re: mlmmj with opensmtpd

2016-08-17 Thread Marcus MERIGHI 
siefke_lis...@web.de (siefke_lis...@web.de), 2016.08.17 (Wed) 15:52 (CEST):
> On Wed, 17 Aug 2016 07:39:43 -0500 Edgar Pettijohn
>  wrote:
> 
> > > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI
> > >  wrote:
> > > 
> > > I think:
> > > 
> > > 1) smtpd accepts message 
> > >   (accept from any recipient ! for domain  relay
> > > via "smtp://127.0.0.1:10024")
> > > 2) smtpd forwards to amavisd
> > > 3) avavisd returns the message scanned to smtpd
> > > 4) smtpd does not accept the message (invalid rcpt)
> > >   (accept tagged Scanned from local for domain  virtual
> > >  deliver to maildir "~/maildir")
> > > 
> > > I suspect your  does not contain the line
> > > mlmmj-test:  "|/usr/bin/mlmmj-receive
> > > -L /var/spool/mlmmj/mlmmj-test/".
> > > 
> > That's my thoughts also.
> 
> Okay but how should set it in vusers file? Can i set so like in alias?

smtpd.conf(5):

accept for domain "*.example.com" virtual  deliver to mbox

The table users holds a key-value mapping of virtual to system users.
For an example of how to configure the users table, see table(5).


So yes, just like aliases(5). If it doesn't want your
mlmmj-receive(1)-line there then put the user name there and give the
user a forward(5) file. 

Marcus

> !DSPAM:57b46c12250168480815571!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread siefke_lis...@web.de 
On Wed, 17 Aug 2016 14:20:21 +0200 Marcus MERIGHI
 wrote:

> I think:
> 
> 1) smtpd accepts message 
>(accept from any recipient ! for domain  relay
> via "smtp://127.0.0.1:10024")
> 2) smtpd forwards to amavisd
> 3) avavisd returns the message scanned to smtpd
> 4) smtpd does not accept the message (invalid rcpt)
>(accept tagged Scanned from local for domain  virtual
>  deliver to maildir "~/maildir")

But can i set mlmmj part in vuser? I think this come in, go to
amavisd and then use alias file. 

Silvio

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table ownership/permissions issues

2016-08-17 Thread Jeremy Volkening 

On Wed, Aug 17, 2016 at 09:57:22AM +0100, Craig Skinner wrote:

Hi Jeremy/all,

On Wed, 17 Aug 2016 00:25:30 -0500 Jeremy Volkening wrote:


The short of it is that to share the passwd file, either:

1. The file must be world-readable (not so good)

2. The opensmtpd and dovecot daemon users must share a primary group,
or

3. The daemons must call initgroups() or something similar after
dropping privileges.


4. As a workaround, in whatever script/Makefile which creates the file,
copy or hard link the file, e.g:

-rw-r- 1 root postmasters 314 Aug 15 16:58 passwd
-rw-r- 1 root opensmtpd   314 Aug 15 16:58 passwd-smtp
-rw-r- 1 root dovecot 314 Aug 15 16:58 passwd-imap


Hard links (at least in Linux) can't have different owners/permissions, 
so that doesn't really solve this issue. But you're right, it's not a 
big deal to keep two copies of the database in sync if using a script of 
some sort to manage users.


Jeremy

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread siefke_lis...@web.de 
On Wed, 17 Aug 2016 07:39:43 -0500 Edgar Pettijohn
 wrote:

> > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI
> >  wrote:
> > 
> > I think:
> > 
> > 1) smtpd accepts message 
> >   (accept from any recipient ! for domain  relay
> > via "smtp://127.0.0.1:10024")
> > 2) smtpd forwards to amavisd
> > 3) avavisd returns the message scanned to smtpd
> > 4) smtpd does not accept the message (invalid rcpt)
> >   (accept tagged Scanned from local for domain  virtual
> >  deliver to maildir "~/maildir")
> > 
> > I suspect your  does not contain the line
> > mlmmj-test:  "|/usr/bin/mlmmj-receive
> > -L /var/spool/mlmmj/mlmmj-test/".
> > 
> That's my thoughts also.

Okay but how should set it in vusers file? Can i set so like in alias?

Silvio

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread Edgar Pettijohn 


Sent from my iPhone

> On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI  wrote:
> 
> I think:
> 
> 1) smtpd accepts message 
>   (accept from any recipient ! for domain  relay via
>"smtp://127.0.0.1:10024")
> 2) smtpd forwards to amavisd
> 3) avavisd returns the message scanned to smtpd
> 4) smtpd does not accept the message (invalid rcpt)
>   (accept tagged Scanned from local for domain  virtual 
>deliver to maildir "~/maildir")
> 
> I suspect your  does not contain the line
> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/".
> 
That's my thoughts also.

Edgar

> Marcus
> 
> siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST):
>> Hello, 
>> 
>> i try to run mlmmj with opensmtpd. 
>> 
>> My config:
>> 
>> # generate db using makemap
>> table aliases  file:/etc/smtpd/tables/aliases
>> table vdomsfile:/etc/smtpd/tables/domains.conf
>> table vusers   file:/etc/smtpd/tables/users.conf
>> table blacklistfile:/etc/smtpd/tables/blacklist.conf
>> 
>> # Filter
>> filter dnsbl-sorbsdnsbl   "-h dnsbl.sorbs.net"
>> filter dnsbl-spamcop  dnsbl   "-h bl.spamcop.net"
>> filter dnsbl-spamhaus dnsbl   "-h zen.spamhaus.org"
>> filter dnsbl-all  chain   dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus
>> 
>> # See smtpd.conf(5) for more information.
>> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
>> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
>> 
>> # Inbound mail smtp, smtps, deliver
>> listen on localhost
>> listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com
>> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
>> 
>> # Receive scanned mails from amavisd-new
>> listen on localhost port 10025 tag Scanned
>> 
>> # Deliver locally messages coming back in from scanner
>> accept from local for local alias  deliver to maildir "~/maildir"
>> accept tagged Scanned from local for domain  virtual  deliver 
>> to maildir "~/maildir"
>> reject tagged Scanned
>> 
>> # Forward all mail received for local domains to amavis
>> accept from any recipient ! for domain  relay via 
>> "smtp://127.0.0.1:10024"
>> 
>> # Relay anything that came in from authenticated users
>> accept from local for any relay
>> 
>> 
>> I set the virtual domains for lists and in alias i wrote:
>> 
>> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/"
>> 
>> 
>> But opensmtpd like not my mails. Where is my mistake? 
>> 
>> log
>> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47]
>> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on 
>> session 3ff7f8362c39862f: version=TLSv1.2, 
>> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
>> 48d916eb on session 3ff7f8362c39862f: from=, 
>> to=, size=2772, ndest=1, proto=ESMTP
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to 
>> smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b...
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on 
>> session 3ff7f8406ef2764b
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session 
>> 3ff7f8362c39862f
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f84124a80a05 from host localhost [127.0.0.1]
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on 
>> session 3ff7f84124a80a05: "RCPT TO:" 
>> => 550 Invalid recipient
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid 
>> recipients, skip data transfer
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp 
>> FWD from  -> 
>> , BODY=7BIT 550 5.1.0 from 
>> MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient
>> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked 
>> MTA-BLOCKED {RejectedInbound}, [127.0.0.1] 
>> [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8]  -> 
>> , Message-ID: 
>> <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: pK4TzHnXfKAp, 
>> Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms
>> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for 
>> 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from=, 
>> to=, rcpt=<->, source=127.0.0.1, 
>> relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected 
>> by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid 
>> recipient
>> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
>> 3ff7f846f96b5f37 from host

Re: mlmmj with opensmtpd

2016-08-17 Thread Marcus MERIGHI 
I think:

1) smtpd accepts message 
   (accept from any recipient ! for domain  relay via
"smtp://127.0.0.1:10024")
2) smtpd forwards to amavisd
3) avavisd returns the message scanned to smtpd
4) smtpd does not accept the message (invalid rcpt)
   (accept tagged Scanned from local for domain  virtual 
deliver to maildir "~/maildir")

I suspect your  does not contain the line
mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/".

Marcus

siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST):
> Hello, 
> 
> i try to run mlmmj with opensmtpd. 
> 
> My config:
> 
> # generate db using makemap
> table aliases  file:/etc/smtpd/tables/aliases
> table vdomsfile:/etc/smtpd/tables/domains.conf
> table vusers   file:/etc/smtpd/tables/users.conf
> table blacklistfile:/etc/smtpd/tables/blacklist.conf
> 
> # Filter
> filter dnsbl-sorbsdnsbl   "-h dnsbl.sorbs.net"
> filter dnsbl-spamcop  dnsbl   "-h bl.spamcop.net"
> filter dnsbl-spamhaus dnsbl   "-h zen.spamhaus.org"
> filter dnsbl-all  chain   dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus
> 
> # See smtpd.conf(5) for more information.
> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
> 
> # Inbound mail smtp, smtps, deliver
> listen on localhost
> listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com
> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
> 
> # Receive scanned mails from amavisd-new
> listen on localhost port 10025 tag Scanned
>  
> # Deliver locally messages coming back in from scanner
> accept from local for local alias  deliver to maildir "~/maildir"
> accept tagged Scanned from local for domain  virtual  deliver 
> to maildir "~/maildir"
> reject tagged Scanned
> 
> # Forward all mail received for local domains to amavis
> accept from any recipient ! for domain  relay via 
> "smtp://127.0.0.1:10024"
> 
> # Relay anything that came in from authenticated users
> accept from local for any relay
> 
> 
> I set the virtual domains for lists and in alias i wrote:
> 
> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/"
> 
> 
> But opensmtpd like not my mails. Where is my mistake? 
> 
> log
> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47]
> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on 
> session 3ff7f8362c39862f: version=TLSv1.2, 
> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
> 48d916eb on session 3ff7f8362c39862f: from=, 
> to=, size=2772, ndest=1, proto=ESMTP
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to 
> smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b...
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on session 
> 3ff7f8406ef2764b
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session 
> 3ff7f8362c39862f
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f84124a80a05 from host localhost [127.0.0.1]
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on 
> session 3ff7f84124a80a05: "RCPT TO:" 
> => 550 Invalid recipient
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid 
> recipients, skip data transfer
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp FWD 
> from  -> , 
> BODY=7BIT 550 5.1.0 from MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked MTA-BLOCKED 
> {RejectedInbound}, [127.0.0.1] [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8] 
>  -> , 
> Message-ID: <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: 
> pK4TzHnXfKAp, Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for 
> 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from=, 
> to=, rcpt=<->, source=127.0.0.1, 
> relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected 
> by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid 
> recipient
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f846f96b5f37 from host vps296466.ovh.net [local]
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
> 895e6b66 on session 3ff7f846f96b5f37: from=<>, to=, 
> size=4228, ndest=1, proto=ESMTP
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in:

Re: mlmmj with opensmtpd

2016-08-17 Thread Silvio Siefke 
On Tue, 16 Aug 2016 23:17:18 -0500
Edgar Pettijohn  wrote:

So now cleaner after i kick out the filter's. 

smtpd -dv 
debug: init ssl-tree
info: loading pki information for fr-sb.silviosiefke.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for fr-sb.silviosiefke.com
info: OpenSMTPD 5.9.2p1 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: parent_send_config: configuring ca process
filter: building simple chains...
filter: building complex chains...
filter: done building complex chains
debug: ca_engine_init: using RSA privsep engine
debug: smtp: listen on 127.0.0.1 port 10025 flags 0x400 pki "" ca ""
debug: smtp: listen on IPv6:fe80::f816:3eff:fec5:7c12 port 587 flags 0x469 pki 
"fr-sb.silviosiefke.com" ca ""
debug: smtp: listen on 164.132.55.246 port 587 flags 0x469 pki 
"fr-sb.silviosiefke.com" ca ""
debug: smtp: listen on IPv6:fe80::f816:3eff:fec5:7c12 port 25 flags 0x401 pki 
"fr-sb.silviosiefke.com" ca ""
debug: smtp: listen on 164.132.55.246 port 25 flags 0x401 pki 
"fr-sb.silviosiefke.com" ca ""
debug: smtp: listen on 127.0.0.1 port 25 flags 0x400 pki "" ca ""
debug: init private ssl-tree
debug: pony: rsae_init
debug: pony: rsae_init
debug: smtp: will accept at most 2043 clients
debug: queue: done loading queue into scheduler
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x23fc1a0
smtp-in: New session 7ceea047b02403f2 from host mail-wm0-f65.google.com 
[74.125.82.65]
debug: lka: looking up pki "fr-sb.silviosiefke.com"
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_enc
smtp-in: Started TLS on session 7ceea047b02403f2: version=TLSv1.2, 
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
debug: smtp: SIZE in MAIL FROM command
smtp: 0x24727f0: fd 5 from queue
smtp: 0x24727f0: fd 7 from filter
debug: smtp: 0x24727f0: data io done (2778 bytes)
filter: deferring eom query...
filter: running eom query...
debug: 0x24727f0: end of message, msgflags=0x
debug: scheduler: evp:9362c104cd76a1cf scheduled (mta)
smtp-in: Accepted message 9362c104 on session 7ceea047b02403f2: 
from=, to=, 
size=2778, ndest=1, proto=ESMTP
debug: mta: received evp:9362c104cd76a1cf for 

debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=1, ntask=1, 
nconnector=0, nconn=0
debug: mta: querying MX for [relay:127.0.0.1,port=10024,mx]...
debug: mta: [relay:127.0.0.1,port=10024,mx] waiting for MX
debug: MXs for domain 127.0.0.1:
127.0.0.1 preference -1
debug: mta: ... got mx (0x24315a0, 127.0.0.1, [relay:127.0.0.1,port=10024,mx])
debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=1, ntask=1, 
nconnector=0, nconn=0
debug: mta: querying source for [relay:127.0.0.1,port=10024,mx]...
debug: mta: ... got source for [relay:127.0.0.1,port=10024,mx]: []
debug: mta: new [connector:[]->[relay:127.0.0.1,port=10024,mx],0x1]
debug: mta: connecting with [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]
debug: mta-routing: searching new route for 
[connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]...
debug: mta-routing: selecting candidate route [] <-> 127.0.0.1
debug: mta-routing: spawning new connection on [] <-> 127.0.0.1
debug: mta: 0x23e8dc0: spawned for relay [relay:127.0.0.1,port=10024,mx]
debug: mta: connecting with [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]
debug: mta: cannot use [relay:127.0.0.1,port=10024,mx] before 2s
debug: mta-routing: no route available for 
[connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]: must wait a bit
debug: mta: retrying to connect on 
[connector:[]->[relay:127.0.0.1,port=10024,mx],0x0] in 2s...
debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=3, ntask=1, 
nconnector=1, nconn=1
debug: mta: scheduling relay [relay:127.0.0.1,port=10024,mx] in 1s...
smtp-out: Connecting to smtp://127.0.0.1:10024 (localhost) on session 
7ceea051873a4c65...
smtp-out: Connected on session 7ceea051873a4c65
debug: mta-routing: route [] <-> 127.0.0.1 (localhost) is now valid.
debug: mta: connecting with 
[connector:[]->[relay:127.0.0.1,port=10024,mx],0x2]
debug: mta: cancelling connector timeout
debug: mta: enough connections already
debug: mta: 0x23e8dc0: handling next task for relay 
[relay:127.0.0.1,port=10024,mx]
smtp-in: Closing session 7ceea047b02403f2
debug: smtp: 0x24727f0: deleting session: done
debug: mta: ... timeout for [relay:127.0.0.1,port=10024,mx]
debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=2, ntask=0, 
nconnector=1, nconn=1
debug: mta: all done for [relay:127.0.0.1,port=10024,mx]
debug: smtp: new client on listener: 0x2412d80
smtp-in: New session 7ceea052ae493484 from host localhost [127.0.0.1]
smtp-in: Failed command on

Re: mlmmj with opensmtpd

2016-08-17 Thread Joerg Jung 

> On 17 Aug 2016, at 12:47, Silvio Siefke  wrote:
> 
> On Tue, 16 Aug 2016 23:17:18 -0500
> Edgar Pettijohn  wrote:
> 
> 
>> # smtpd -dv 
> 
> # smtpd -dv 
> debug: init ssl-tree
> info: loading pki information for fr-sb.silviosiefke.com
> debug: init ca-tree
> debug: init ssl-tree
> info: loading pki keys for fr-sb.silviosiefke.com
> info: OpenSMTPD 5.9.2p1 starting
> debug: bounce warning after 4h
> debug: using "fs" queue backend
> debug: using "ramqueue" scheduler backend
> debug: using "ram" stat backend
> debug: parent_send_config_ruleset: reloading
> debug: parent_send_config: configuring pony process
> debug: parent_send_config: configuring ca process
> filter: building simple chains...
> filter: building simple chain "dnsbl-sorbs"
> filter: registering proc "dnsbl-sorbs"
> filter: building simple chain "dnsbl-spamcop"
> filter: registering proc "dnsbl-spamcop"
> filter: building simple chain "dnsbl-spamhaus"
> filter: registering proc "dnsbl-spamhaus"
> debug: init private ssl-tree
> filter: building complex chains...
> filter: building chain "dnsbl-all"...
> filter: adding filter "dnsbl-sorbs"
> filter: adding filter "dnsbl-spamcop"
> filter: adding filter "dnsbl-spamhaus"
> filter: done building chain "dnsbl-all"
> filter: done building complex chains
> debug: ca_engine_init: using RSA privsep engine
> dnsbl-sorbs: illegal option -- v
> warn: filter-dnsbl: bad option
> dnsbl-spamcop: illegal option -- v
> warn: filter-dnsbl: bad option
> warn: pony -> dnsbl-sorbs: imsg_read: Connection reset by peer
> fatal: exiting: Connection reset by peer
> warn: ca -> pony: pipe closed
> warn: parent -> ca: pipe closed
> [root@vps296466 siefke]# warn: lka -> parent: pipe closed
> warn: control -> ca: pipe closed
> warn: scheduler -> control: pipe closed
> warn: queue -> parent: pipe closed
> dnsbl-spamhaus: illegal option — v

^^^ that is the problem. Try correcting/adjusting the filter options in your 
smtpd.conf. 

> warn: filter-dnsbl: bad option
> 
> More give not out. 
> 
> Silvio


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread Silvio Siefke 
On Tue, 16 Aug 2016 23:17:18 -0500
Edgar Pettijohn  wrote:


> # smtpd -dv 

# smtpd -dv 
debug: init ssl-tree
info: loading pki information for fr-sb.silviosiefke.com
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for fr-sb.silviosiefke.com
info: OpenSMTPD 5.9.2p1 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: parent_send_config: configuring ca process
filter: building simple chains...
filter: building simple chain "dnsbl-sorbs"
filter: registering proc "dnsbl-sorbs"
filter: building simple chain "dnsbl-spamcop"
filter: registering proc "dnsbl-spamcop"
filter: building simple chain "dnsbl-spamhaus"
filter: registering proc "dnsbl-spamhaus"
debug: init private ssl-tree
filter: building complex chains...
filter: building chain "dnsbl-all"...
filter: adding filter "dnsbl-sorbs"
filter: adding filter "dnsbl-spamcop"
filter: adding filter "dnsbl-spamhaus"
filter: done building chain "dnsbl-all"
filter: done building complex chains
debug: ca_engine_init: using RSA privsep engine
dnsbl-sorbs: illegal option -- v
warn: filter-dnsbl: bad option
dnsbl-spamcop: illegal option -- v
warn: filter-dnsbl: bad option
warn: pony -> dnsbl-sorbs: imsg_read: Connection reset by peer
fatal: exiting: Connection reset by peer
warn: ca -> pony: pipe closed
warn: parent -> ca: pipe closed
[root@vps296466 siefke]# warn: lka -> parent: pipe closed
warn: control -> ca: pipe closed
warn: scheduler -> control: pipe closed
warn: queue -> parent: pipe closed
dnsbl-spamhaus: illegal option -- v
warn: filter-dnsbl: bad option

More give not out. 

Silvio


pgpDMzPqLiI_h.pgp
Description: PGP signature

Re: table ownership/permissions issues

2016-08-17 Thread Craig Skinner 
Hi Jeremy/all,

On Wed, 17 Aug 2016 00:25:30 -0500 Jeremy Volkening wrote:
> 
> The short of it is that to share the passwd file, either:
> 
> 1. The file must be world-readable (not so good)
> 
> 2. The opensmtpd and dovecot daemon users must share a primary group,
> or
> 
> 3. The daemons must call initgroups() or something similar after 
> dropping privileges.

4. As a workaround, in whatever script/Makefile which creates the file,
copy or hard link the file, e.g:

-rw-r- 1 root postmasters 314 Aug 15 16:58 passwd
-rw-r- 1 root opensmtpd   314 Aug 15 16:58 passwd-smtp
-rw-r- 1 root dovecot 314 Aug 15 16:58 passwd-imap

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table ownership/permissions issues

2016-08-17 Thread Jeremy Volkening 

On Wed, Aug 17, 2016 at 07:39:41AM +0200, Joerg Jung wrote:



My conclusions on this issue:

It seems on Linux that a process started as a user by another user (as done by opensmptd 
and dovecot to drop permissions to a non-privileged user) inherits by default only that 
user's primary group. Secondary groups (e.g. as defined in /etc/groups) are not inherited 
unless explicitly done so (see "man initgroups"). This isn't something I've 
dealt with before and didn't really understand.

The short of it is that to share the passwd file, either:

1. The file must be world-readable (not so good)

2. The opensmtpd and dovecot daemon users must share a primary group, or

3. The daemons must call initgroups() or something similar after dropping 
privileges.


4. The daemon reads the file before it drops privileges? Though would miss 
updates later...


Good point... I believe that's how opensmtpd currently handles SSL 
private keys.



Can you please open a bug report on github for this? Thanks!


I filed it as a feature request. FWIW, it turns out dovecot can already 
do this if you explicitly set the groups:


http://marc.info/?l=dovecot=133350196124100=2

Jeremy

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org