Re: mlmmj with opensmtpd
You should not be running EXPERIMENTAL filters if you are unable to troubleshoot something as trivial as this by yourself... Gilles b«yÇ¢½çm+)[yÆ®±ì¨¹ªÞ²æìr¸yÛh+¢§²kivàN§²æìr¸zǧu©[h+úéì¹»®&Þ¢§²kivà
Re: What is the correct syntax in opensmtpd
Sent from my iPhone > On Aug 17, 2016, at 2:41 PM, Mik Jwrote: > > Hello, > > I have two rules like these > accept from local for domain relay via smtp://127.0.0.1:10023 > accept from source for domain relay via > smtp://127.0.0.1:10023 > Seems like you could add your local ip's to the myips table. > Is there a way to make only one rule ? > > If a mail is local OR coming from some ips I trust then relay the mails > > Regards
What is the correct syntax in opensmtpd
Hello, I have two rules like theseaccept from local for domain relay via smtp://127.0.0.1:10023 accept from source for domain relay via smtp://127.0.0.1:10023 Is there a way to make only one rule ? If a mail is local OR coming from some ips I trust then relay the mails Regards
Re: mlmmj with opensmtpd
siefke_lis...@web.de (siefke_lis...@web.de), 2016.08.17 (Wed) 15:52 (CEST): > On Wed, 17 Aug 2016 07:39:43 -0500 Edgar Pettijohn >wrote: > > > > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI > > > wrote: > > > > > > I think: > > > > > > 1) smtpd accepts message > > > (accept from any recipient ! for domain relay > > > via "smtp://127.0.0.1:10024") > > > 2) smtpd forwards to amavisd > > > 3) avavisd returns the message scanned to smtpd > > > 4) smtpd does not accept the message (invalid rcpt) > > > (accept tagged Scanned from local for domain virtual > > > deliver to maildir "~/maildir") > > > > > > I suspect your does not contain the line > > > mlmmj-test: "|/usr/bin/mlmmj-receive > > > -L /var/spool/mlmmj/mlmmj-test/". > > > > > That's my thoughts also. > > Okay but how should set it in vusers file? Can i set so like in alias? smtpd.conf(5): accept for domain "*.example.com" virtual deliver to mbox The table users holds a key-value mapping of virtual to system users. For an example of how to configure the users table, see table(5). So yes, just like aliases(5). If it doesn't want your mlmmj-receive(1)-line there then put the user name there and give the user a forward(5) file. Marcus > !DSPAM:57b46c12250168480815571! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: mlmmj with opensmtpd
On Wed, 17 Aug 2016 14:20:21 +0200 Marcus MERIGHIwrote: > I think: > > 1) smtpd accepts message >(accept from any recipient ! for domain relay > via "smtp://127.0.0.1:10024") > 2) smtpd forwards to amavisd > 3) avavisd returns the message scanned to smtpd > 4) smtpd does not accept the message (invalid rcpt) >(accept tagged Scanned from local for domain virtual > deliver to maildir "~/maildir") But can i set mlmmj part in vuser? I think this come in, go to amavisd and then use alias file. Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: table ownership/permissions issues
On Wed, Aug 17, 2016 at 09:57:22AM +0100, Craig Skinner wrote: Hi Jeremy/all, On Wed, 17 Aug 2016 00:25:30 -0500 Jeremy Volkening wrote: The short of it is that to share the passwd file, either: 1. The file must be world-readable (not so good) 2. The opensmtpd and dovecot daemon users must share a primary group, or 3. The daemons must call initgroups() or something similar after dropping privileges. 4. As a workaround, in whatever script/Makefile which creates the file, copy or hard link the file, e.g: -rw-r- 1 root postmasters 314 Aug 15 16:58 passwd -rw-r- 1 root opensmtpd 314 Aug 15 16:58 passwd-smtp -rw-r- 1 root dovecot 314 Aug 15 16:58 passwd-imap Hard links (at least in Linux) can't have different owners/permissions, so that doesn't really solve this issue. But you're right, it's not a big deal to keep two copies of the database in sync if using a script of some sort to manage users. Jeremy -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: mlmmj with opensmtpd
On Wed, 17 Aug 2016 07:39:43 -0500 Edgar Pettijohnwrote: > > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI > > wrote: > > > > I think: > > > > 1) smtpd accepts message > > (accept from any recipient ! for domain relay > > via "smtp://127.0.0.1:10024") > > 2) smtpd forwards to amavisd > > 3) avavisd returns the message scanned to smtpd > > 4) smtpd does not accept the message (invalid rcpt) > > (accept tagged Scanned from local for domain virtual > > deliver to maildir "~/maildir") > > > > I suspect your does not contain the line > > mlmmj-test: "|/usr/bin/mlmmj-receive > > -L /var/spool/mlmmj/mlmmj-test/". > > > That's my thoughts also. Okay but how should set it in vusers file? Can i set so like in alias? Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: mlmmj with opensmtpd
Sent from my iPhone > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHIwrote: > > I think: > > 1) smtpd accepts message > (accept from any recipient ! for domain relay via >"smtp://127.0.0.1:10024") > 2) smtpd forwards to amavisd > 3) avavisd returns the message scanned to smtpd > 4) smtpd does not accept the message (invalid rcpt) > (accept tagged Scanned from local for domain virtual >deliver to maildir "~/maildir") > > I suspect your does not contain the line > mlmmj-test: "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/". > That's my thoughts also. Edgar > Marcus > > siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST): >> Hello, >> >> i try to run mlmmj with opensmtpd. >> >> My config: >> >> # generate db using makemap >> table aliases file:/etc/smtpd/tables/aliases >> table vdomsfile:/etc/smtpd/tables/domains.conf >> table vusers file:/etc/smtpd/tables/users.conf >> table blacklistfile:/etc/smtpd/tables/blacklist.conf >> >> # Filter >> filter dnsbl-sorbsdnsbl "-h dnsbl.sorbs.net" >> filter dnsbl-spamcop dnsbl "-h bl.spamcop.net" >> filter dnsbl-spamhaus dnsbl "-h zen.spamhaus.org" >> filter dnsbl-all chain dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus >> >> # See smtpd.conf(5) for more information. >> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt" >> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key" >> >> # Inbound mail smtp, smtps, deliver >> listen on localhost >> listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com >> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth >> >> # Receive scanned mails from amavisd-new >> listen on localhost port 10025 tag Scanned >> >> # Deliver locally messages coming back in from scanner >> accept from local for local alias deliver to maildir "~/maildir" >> accept tagged Scanned from local for domain virtual deliver >> to maildir "~/maildir" >> reject tagged Scanned >> >> # Forward all mail received for local domains to amavis >> accept from any recipient ! for domain relay via >> "smtp://127.0.0.1:10024" >> >> # Relay anything that came in from authenticated users >> accept from local for any relay >> >> >> I set the virtual domains for lists and in alias i wrote: >> >> mlmmj-test: "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/" >> >> >> But opensmtpd like not my mails. Where is my mistake? >> >> log >> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session >> 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47] >> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on >> session 3ff7f8362c39862f: version=TLSv1.2, >> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message >> 48d916eb on session 3ff7f8362c39862f: from= , >> to= , size=2772, ndest=1, proto=ESMTP >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to >> smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b... >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on >> session 3ff7f8406ef2764b >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session >> 3ff7f8362c39862f >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session >> 3ff7f84124a80a05 from host localhost [127.0.0.1] >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on >> session 3ff7f84124a80a05: "RCPT TO: " >> => 550 Invalid recipient >> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid >> recipients, skip data transfer >> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp >> FWD from -> >> , BODY=7BIT 550 5.1.0 from >> MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient >> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked >> MTA-BLOCKED {RejectedInbound}, [127.0.0.1] >> [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8] -> >> , Message-ID: >> <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: pK4TzHnXfKAp, >> Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms >> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for >> 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from= , >> to= , rcpt=<->, source=127.0.0.1, >> relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected >> by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid >> recipient >> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session >> 3ff7f846f96b5f37 from host
Re: mlmmj with opensmtpd
I think: 1) smtpd accepts message (accept from any recipient ! for domain relay via "smtp://127.0.0.1:10024") 2) smtpd forwards to amavisd 3) avavisd returns the message scanned to smtpd 4) smtpd does not accept the message (invalid rcpt) (accept tagged Scanned from local for domain virtual deliver to maildir "~/maildir") I suspect your does not contain the line mlmmj-test: "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/". Marcus siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST): > Hello, > > i try to run mlmmj with opensmtpd. > > My config: > > # generate db using makemap > table aliases file:/etc/smtpd/tables/aliases > table vdomsfile:/etc/smtpd/tables/domains.conf > table vusers file:/etc/smtpd/tables/users.conf > table blacklistfile:/etc/smtpd/tables/blacklist.conf > > # Filter > filter dnsbl-sorbsdnsbl "-h dnsbl.sorbs.net" > filter dnsbl-spamcop dnsbl "-h bl.spamcop.net" > filter dnsbl-spamhaus dnsbl "-h zen.spamhaus.org" > filter dnsbl-all chain dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus > > # See smtpd.conf(5) for more information. > pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt" > pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key" > > # Inbound mail smtp, smtps, deliver > listen on localhost > listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com > listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth > > # Receive scanned mails from amavisd-new > listen on localhost port 10025 tag Scanned > > # Deliver locally messages coming back in from scanner > accept from local for local alias deliver to maildir "~/maildir" > accept tagged Scanned from local for domain virtual deliver > to maildir "~/maildir" > reject tagged Scanned > > # Forward all mail received for local domains to amavis > accept from any recipient ! for domain relay via > "smtp://127.0.0.1:10024" > > # Relay anything that came in from authenticated users > accept from local for any relay > > > I set the virtual domains for lists and in alias i wrote: > > mlmmj-test: "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/" > > > But opensmtpd like not my mails. Where is my mistake? > > log > Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session > 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47] > Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on > session 3ff7f8362c39862f: version=TLSv1.2, > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message > 48d916eb on session 3ff7f8362c39862f: from=, > to= , size=2772, ndest=1, proto=ESMTP > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to > smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b... > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on session > 3ff7f8406ef2764b > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session > 3ff7f8362c39862f > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session > 3ff7f84124a80a05 from host localhost [127.0.0.1] > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on > session 3ff7f84124a80a05: "RCPT TO: " > => 550 Invalid recipient > Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid > recipients, skip data transfer > Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp FWD > from -> , > BODY=7BIT 550 5.1.0 from MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient > Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked MTA-BLOCKED > {RejectedInbound}, [127.0.0.1] [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8] > -> , > Message-ID: <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: > pK4TzHnXfKAp, Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms > Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for > 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from= , > to= , rcpt=<->, source=127.0.0.1, > relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected > by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid > recipient > Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session > 3ff7f846f96b5f37 from host vps296466.ovh.net [local] > Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message > 895e6b66 on session 3ff7f846f96b5f37: from=<>, to= , > size=4228, ndest=1, proto=ESMTP > Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in:
Re: mlmmj with opensmtpd
On Tue, 16 Aug 2016 23:17:18 -0500 Edgar Pettijohnwrote: So now cleaner after i kick out the filter's. smtpd -dv debug: init ssl-tree info: loading pki information for fr-sb.silviosiefke.com debug: init ca-tree debug: init ssl-tree info: loading pki keys for fr-sb.silviosiefke.com info: OpenSMTPD 5.9.2p1 starting debug: bounce warning after 4h debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend debug: parent_send_config_ruleset: reloading debug: parent_send_config: configuring pony process debug: parent_send_config: configuring ca process filter: building simple chains... filter: building complex chains... filter: done building complex chains debug: ca_engine_init: using RSA privsep engine debug: smtp: listen on 127.0.0.1 port 10025 flags 0x400 pki "" ca "" debug: smtp: listen on IPv6:fe80::f816:3eff:fec5:7c12 port 587 flags 0x469 pki "fr-sb.silviosiefke.com" ca "" debug: smtp: listen on 164.132.55.246 port 587 flags 0x469 pki "fr-sb.silviosiefke.com" ca "" debug: smtp: listen on IPv6:fe80::f816:3eff:fec5:7c12 port 25 flags 0x401 pki "fr-sb.silviosiefke.com" ca "" debug: smtp: listen on 164.132.55.246 port 25 flags 0x401 pki "fr-sb.silviosiefke.com" ca "" debug: smtp: listen on 127.0.0.1 port 25 flags 0x400 pki "" ca "" debug: init private ssl-tree debug: pony: rsae_init debug: pony: rsae_init debug: smtp: will accept at most 2043 clients debug: queue: done loading queue into scheduler debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done debug: smtp: new client on listener: 0x23fc1a0 smtp-in: New session 7ceea047b02403f2 from host mail-wm0-f65.google.com [74.125.82.65] debug: lka: looking up pki "fr-sb.silviosiefke.com" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc smtp-in: Started TLS on session 7ceea047b02403f2: version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128 debug: smtp: SIZE in MAIL FROM command smtp: 0x24727f0: fd 5 from queue smtp: 0x24727f0: fd 7 from filter debug: smtp: 0x24727f0: data io done (2778 bytes) filter: deferring eom query... filter: running eom query... debug: 0x24727f0: end of message, msgflags=0x debug: scheduler: evp:9362c104cd76a1cf scheduled (mta) smtp-in: Accepted message 9362c104 on session 7ceea047b02403f2: from= , to= , size=2778, ndest=1, proto=ESMTP debug: mta: received evp:9362c104cd76a1cf for debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying MX for [relay:127.0.0.1,port=10024,mx]... debug: mta: [relay:127.0.0.1,port=10024,mx] waiting for MX debug: MXs for domain 127.0.0.1: 127.0.0.1 preference -1 debug: mta: ... got mx (0x24315a0, 127.0.0.1, [relay:127.0.0.1,port=10024,mx]) debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying source for [relay:127.0.0.1,port=10024,mx]... debug: mta: ... got source for [relay:127.0.0.1,port=10024,mx]: [] debug: mta: new [connector:[]->[relay:127.0.0.1,port=10024,mx],0x1] debug: mta: connecting with [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0] debug: mta-routing: searching new route for [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]... debug: mta-routing: selecting candidate route [] <-> 127.0.0.1 debug: mta-routing: spawning new connection on [] <-> 127.0.0.1 debug: mta: 0x23e8dc0: spawned for relay [relay:127.0.0.1,port=10024,mx] debug: mta: connecting with [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0] debug: mta: cannot use [relay:127.0.0.1,port=10024,mx] before 2s debug: mta-routing: no route available for [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0]: must wait a bit debug: mta: retrying to connect on [connector:[]->[relay:127.0.0.1,port=10024,mx],0x0] in 2s... debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=3, ntask=1, nconnector=1, nconn=1 debug: mta: scheduling relay [relay:127.0.0.1,port=10024,mx] in 1s... smtp-out: Connecting to smtp://127.0.0.1:10024 (localhost) on session 7ceea051873a4c65... smtp-out: Connected on session 7ceea051873a4c65 debug: mta-routing: route [] <-> 127.0.0.1 (localhost) is now valid. debug: mta: connecting with [connector:[]->[relay:127.0.0.1,port=10024,mx],0x2] debug: mta: cancelling connector timeout debug: mta: enough connections already debug: mta: 0x23e8dc0: handling next task for relay [relay:127.0.0.1,port=10024,mx] smtp-in: Closing session 7ceea047b02403f2 debug: smtp: 0x24727f0: deleting session: done debug: mta: ... timeout for [relay:127.0.0.1,port=10024,mx] debug: mta: draining [relay:127.0.0.1,port=10024,mx] refcount=2, ntask=0, nconnector=1, nconn=1 debug: mta: all done for [relay:127.0.0.1,port=10024,mx] debug: smtp: new client on listener: 0x2412d80 smtp-in: New session 7ceea052ae493484 from host localhost [127.0.0.1] smtp-in: Failed command on
Re: mlmmj with opensmtpd
> On 17 Aug 2016, at 12:47, Silvio Siefkewrote: > > On Tue, 16 Aug 2016 23:17:18 -0500 > Edgar Pettijohn wrote: > > >> # smtpd -dv > > # smtpd -dv > debug: init ssl-tree > info: loading pki information for fr-sb.silviosiefke.com > debug: init ca-tree > debug: init ssl-tree > info: loading pki keys for fr-sb.silviosiefke.com > info: OpenSMTPD 5.9.2p1 starting > debug: bounce warning after 4h > debug: using "fs" queue backend > debug: using "ramqueue" scheduler backend > debug: using "ram" stat backend > debug: parent_send_config_ruleset: reloading > debug: parent_send_config: configuring pony process > debug: parent_send_config: configuring ca process > filter: building simple chains... > filter: building simple chain "dnsbl-sorbs" > filter: registering proc "dnsbl-sorbs" > filter: building simple chain "dnsbl-spamcop" > filter: registering proc "dnsbl-spamcop" > filter: building simple chain "dnsbl-spamhaus" > filter: registering proc "dnsbl-spamhaus" > debug: init private ssl-tree > filter: building complex chains... > filter: building chain "dnsbl-all"... > filter: adding filter "dnsbl-sorbs" > filter: adding filter "dnsbl-spamcop" > filter: adding filter "dnsbl-spamhaus" > filter: done building chain "dnsbl-all" > filter: done building complex chains > debug: ca_engine_init: using RSA privsep engine > dnsbl-sorbs: illegal option -- v > warn: filter-dnsbl: bad option > dnsbl-spamcop: illegal option -- v > warn: filter-dnsbl: bad option > warn: pony -> dnsbl-sorbs: imsg_read: Connection reset by peer > fatal: exiting: Connection reset by peer > warn: ca -> pony: pipe closed > warn: parent -> ca: pipe closed > [root@vps296466 siefke]# warn: lka -> parent: pipe closed > warn: control -> ca: pipe closed > warn: scheduler -> control: pipe closed > warn: queue -> parent: pipe closed > dnsbl-spamhaus: illegal option — v ^^^ that is the problem. Try correcting/adjusting the filter options in your smtpd.conf. > warn: filter-dnsbl: bad option > > More give not out. > > Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: mlmmj with opensmtpd
On Tue, 16 Aug 2016 23:17:18 -0500 Edgar Pettijohnwrote: > # smtpd -dv # smtpd -dv debug: init ssl-tree info: loading pki information for fr-sb.silviosiefke.com debug: init ca-tree debug: init ssl-tree info: loading pki keys for fr-sb.silviosiefke.com info: OpenSMTPD 5.9.2p1 starting debug: bounce warning after 4h debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend debug: parent_send_config_ruleset: reloading debug: parent_send_config: configuring pony process debug: parent_send_config: configuring ca process filter: building simple chains... filter: building simple chain "dnsbl-sorbs" filter: registering proc "dnsbl-sorbs" filter: building simple chain "dnsbl-spamcop" filter: registering proc "dnsbl-spamcop" filter: building simple chain "dnsbl-spamhaus" filter: registering proc "dnsbl-spamhaus" debug: init private ssl-tree filter: building complex chains... filter: building chain "dnsbl-all"... filter: adding filter "dnsbl-sorbs" filter: adding filter "dnsbl-spamcop" filter: adding filter "dnsbl-spamhaus" filter: done building chain "dnsbl-all" filter: done building complex chains debug: ca_engine_init: using RSA privsep engine dnsbl-sorbs: illegal option -- v warn: filter-dnsbl: bad option dnsbl-spamcop: illegal option -- v warn: filter-dnsbl: bad option warn: pony -> dnsbl-sorbs: imsg_read: Connection reset by peer fatal: exiting: Connection reset by peer warn: ca -> pony: pipe closed warn: parent -> ca: pipe closed [root@vps296466 siefke]# warn: lka -> parent: pipe closed warn: control -> ca: pipe closed warn: scheduler -> control: pipe closed warn: queue -> parent: pipe closed dnsbl-spamhaus: illegal option -- v warn: filter-dnsbl: bad option More give not out. Silvio pgpDMzPqLiI_h.pgp Description: PGP signature
Re: table ownership/permissions issues
Hi Jeremy/all, On Wed, 17 Aug 2016 00:25:30 -0500 Jeremy Volkening wrote: > > The short of it is that to share the passwd file, either: > > 1. The file must be world-readable (not so good) > > 2. The opensmtpd and dovecot daemon users must share a primary group, > or > > 3. The daemons must call initgroups() or something similar after > dropping privileges. 4. As a workaround, in whatever script/Makefile which creates the file, copy or hard link the file, e.g: -rw-r- 1 root postmasters 314 Aug 15 16:58 passwd -rw-r- 1 root opensmtpd 314 Aug 15 16:58 passwd-smtp -rw-r- 1 root dovecot 314 Aug 15 16:58 passwd-imap -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: table ownership/permissions issues
On Wed, Aug 17, 2016 at 07:39:41AM +0200, Joerg Jung wrote: My conclusions on this issue: It seems on Linux that a process started as a user by another user (as done by opensmptd and dovecot to drop permissions to a non-privileged user) inherits by default only that user's primary group. Secondary groups (e.g. as defined in /etc/groups) are not inherited unless explicitly done so (see "man initgroups"). This isn't something I've dealt with before and didn't really understand. The short of it is that to share the passwd file, either: 1. The file must be world-readable (not so good) 2. The opensmtpd and dovecot daemon users must share a primary group, or 3. The daemons must call initgroups() or something similar after dropping privileges. 4. The daemon reads the file before it drops privileges? Though would miss updates later... Good point... I believe that's how opensmtpd currently handles SSL private keys. Can you please open a bug report on github for this? Thanks! I filed it as a feature request. FWIW, it turns out dovecot can already do this if you explicitly set the groups: http://marc.info/?l=dovecot=133350196124100=2 Jeremy -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org