Re: parse.y patch + smtpd.conf.5 patch
I guess I should have included the smtpd.conf(5) patch as well.
Plus remove trailing whitspace.
Index: smtpd.conf.5
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.206
diff -u -p -u -r1.206 smtpd.conf.5
--- smtpd.conf.58 Oct 2018 06:10:17 - 1.206
+++ smtpd.conf.53 Dec 2018 03:08:02 -
@@ -269,7 +269,7 @@ Server certificates for those protocols
Require TLS to be used when relaying, using mandatory STARTTLS by default.
When used with a smarthost, the protocol must not be
.Dq smtp+notls:// .
-If
+If
.Op no-verify
is specified, do not require a valid certificate.
.It Cm auth Pf < Ar table Ns >
@@ -540,7 +540,7 @@ Specify that transaction's RCPT TO shoul
.Ar recipient .
.It Xo
.Op Ic \&!
-.Cm tag Ar tag
+.Cm tagged Ar tag
.Xc
Matches transactions tagged with the given
.Ar tag .
On Sun, Dec 02, 2018 at 07:02:14PM -0600, Edgar Pettijohn wrote:
> I think this was probably an oversight.
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
> retrieving revision 1.232
> diff -u -p -u -r1.232 parse.y
> --- parse.y 30 Nov 2018 15:33:40 - 1.232
> +++ parse.y 3 Dec 2018 01:00:45 -
> @@ -921,7 +921,7 @@ ACTION STRING {
> ;
>
> match_option:
> -negation TAG tables {
> +negation TAGGED tables {
> struct table *t = $3;
>
> if (rule->flag_tag) {
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
parse.y patch
I think this was probably an oversight.
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
retrieving revision 1.232
diff -u -p -u -r1.232 parse.y
--- parse.y 30 Nov 2018 15:33:40 - 1.232
+++ parse.y 3 Dec 2018 01:00:45 -
@@ -921,7 +921,7 @@ ACTION STRING {
;
match_option:
-negation TAG tables {
+negation TAGGED tables {
struct table *t = $3;
if (rule->flag_tag) {
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
Thanks a lot Matt for your quick answer. I will check the open relay checker you advice me. It should be fine also. > Le 2 déc. 2018 à 21:52, Matt Schwartz a écrit : > > No Francois, there is no risk of an open relay with the first rule > because the session must be authenticated with a username and > password. If you want, you can use an open relay checker like > https://mxtoolbox.com/diagnostic.aspx if you're really concerned. I > use the same rule you did and I passed the open relay check. > -Matt > On Sun, Dec 2, 2018 at 3:48 PM François wrote: >> >> After understood the Gilles’ advices, I fixed the issues by finding the >> right ruleset : >> >> action distribuer mbox alias >> action relayer relay >> >> match auth from any for any action relayer >> match from any for domain example.org action distribuer >> >> Now, I’m able to send and receive emails with my osmtpd 6.4 server. >> >> Last question. Is there any to risk to be an open relay with the rule #1? >> I expect the auth mechanism avoid any bad usage of my server. Do I right ? >> >> BR, François. >> >>> Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit : >>> >>> On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote: Thanks Gilles for your quick answer. Based on your recommendations, I have now only this 3 match rules : match from any mail-from for any reject match auth from local action relayer match auth from any action distribuer >>> >>> you also need a for on the last rules >>> >>> not specifying from implies from local, >>> not specifying for implies for local. >>> >>> >>> you should most definitely have something along the lines of: >>> >>> match auth from local for [...] >>> match auth from auth for [...] >>> >>> >>> Below how the server reacts when I try to send an email from my laptop connected at the same osmtpd server network to an outside email domain (redarmor.net) : Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? franc...@example.org" as MAILADDR in table static:indesirables -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched And when I sent an email from outside domain (redarmor.net) to my domain (example.org) : Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as DOMAIN in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as MAILADDR in table static:indesirables -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as DOMAIN in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched As explained in my first email, this two examples leads to the error message result="550 Invalid recipient ??. I will try a configuration which set explicitly the source for the ?? relayer ?? action like this : action ?? relayer" relay src helo-src with a table sources set with the local network. BR, Fran??ois. > Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit : > > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: >> Hello All >> >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server >> hosted at home. >> I'm running Linux on Raspberry Pi. >> >> I didn't face any issue with the release 6.0.2. But after migrated the >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive >> emails properly through smtp protocol. >> > > [...] > >> >> Here after an extract of my smtpd.conf : >> >> listen on 127.0.0.1 >> listen on $lan_addr tls-require pki mail.example.org hostname >> mail.example.org >> listen on $lan_addr smtps pki mail.example.org auth hostname >> mail.example.org mask-src >> listen on $lan_addr port 587 tls-require pki mail.example.org auth >> hostname mail.example.org mask-src >> >> table aliases file:/etc/aliases >> tab
Re: no rule matched after upgrade to 6.4.0p2
No Francois, there is no risk of an open relay with the first rule
because the session must be authenticated with a username and
password. If you want, you can use an open relay checker like
https://mxtoolbox.com/diagnostic.aspx if you're really concerned. I
use the same rule you did and I passed the open relay check.
-Matt
On Sun, Dec 2, 2018 at 3:48 PM François wrote:
>
> After understood the Gilles’ advices, I fixed the issues by finding the right
> ruleset :
>
> action distribuer mbox alias
> action relayer relay
>
> match auth from any for any action relayer
> match from any for domain example.org action distribuer
>
> Now, I’m able to send and receive emails with my osmtpd 6.4 server.
>
> Last question. Is there any to risk to be an open relay with the rule #1?
> I expect the auth mechanism avoid any bad usage of my server. Do I right ?
>
> BR, François.
>
> > Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit :
> >
> > On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote:
> >> Thanks Gilles for your quick answer.
> >>
> >> Based on your recommendations, I have now only this 3 match rules :
> >>
> >> match from any mail-from for any reject
> >> match auth from local action relayer
> >> match auth from any action distribuer
> >>
> >
> > you also need a for on the last rules
> >
> > not specifying from implies from local,
> > not specifying for implies for local.
> >
> >
> > you should most definitely have something along the lines of:
> >
> >match auth from local for [...]
> >match auth from auth for [...]
> >
> >
> >
> >> Below how the server reacts when I try to send an email from my laptop
> >> connected at the same osmtpd server network to an outside email domain
> >> (redarmor.net) :
> >>
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
> >> NETADDR in table static: -> found
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as
> >> DOMAIN in table static: -> found
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ??
> >> franc...@example.org" as MAILADDR in table static:indesirables -> 0
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
> >> NETADDR in table static: -> 0
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
> >> NETADDR in table static: -> found
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as
> >> DOMAIN in table static: -> 0
> >> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched
> >>
> >> And when I sent an email from outside domain (redarmor.net) to my domain
> >> (example.org) :
> >>
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> >> NETADDR in table static: -> found
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> >> DOMAIN in table static: -> found
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net"
> >> as MAILADDR in table static:indesirables -> 0
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> >> NETADDR in table static: -> 0
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> >> NETADDR in table static: -> found
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> >> DOMAIN in table static: -> 0
> >> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched
> >>
> >> As explained in my first email, this two examples leads to the error
> >> message result="550 Invalid recipient ??.
> >>
> >> I will try a configuration which set explicitly the source for the ??
> >> relayer ?? action like this : action ?? relayer" relay src
> >> helo-src with a table sources set with the local network.
> >>
> >> BR, Fran??ois.
> >>
> >>
> >>
> >>
> >>> Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit :
> >>>
> >>> On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
> Hello All
>
> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server
> hosted at home.
> I'm running Linux on Raspberry Pi.
>
> I didn't face any issue with the release 6.0.2. But after migrated the
> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive
> emails properly through smtp protocol.
>
> >>>
> >>> [...]
> >>>
>
> Here after an extract of my smtpd.conf :
>
> listen on 127.0.0.1
> listen on $lan_addr tls-require pki mail.example.org hostname
> mail.example.org
> listen on $lan_addr smtps pki mail.example.org auth hostname
> mail.example.org mask-src
> listen on $lan_addr port 587 tls-require pki mail.example.org auth
> hostname mail.example.org mask-src
>
> table aliases file:/etc/aliases
> table indesirables { "@qq.com ?? }
>
> action distribuer mbox alias
> action relayer relay
>
> match from any mail-from for any reject
> match for local action distribuer
> match for any action relayer
> >
Re: no rule matched after upgrade to 6.4.0p2
After understood the Gilles’ advices, I fixed the issues by finding the right
ruleset :
action distribuer mbox alias
action relayer relay
match auth from any for any action relayer
match from any for domain example.org action distribuer
Now, I’m able to send and receive emails with my osmtpd 6.4 server.
Last question. Is there any to risk to be an open relay with the rule #1?
I expect the auth mechanism avoid any bad usage of my server. Do I right ?
BR, François.
> Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit :
>
> On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote:
>> Thanks Gilles for your quick answer.
>>
>> Based on your recommendations, I have now only this 3 match rules :
>>
>> match from any mail-from for any reject
>> match auth from local action relayer
>> match auth from any action distribuer
>>
>
> you also need a for on the last rules
>
> not specifying from implies from local,
> not specifying for implies for local.
>
>
> you should most definitely have something along the lines of:
>
>match auth from local for [...]
>match auth from auth for [...]
>
>
>
>> Below how the server reacts when I try to send an email from my laptop
>> connected at the same osmtpd server network to an outside email domain
>> (redarmor.net) :
>>
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
>> NETADDR in table static: -> found
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as
>> DOMAIN in table static: -> found
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ??
>> franc...@example.org" as MAILADDR in table static:indesirables -> 0
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
>> NETADDR in table static: -> 0
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as
>> NETADDR in table static: -> found
>> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as
>> DOMAIN in table static: -> 0
>> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched
>>
>> And when I sent an email from outside domain (redarmor.net) to my domain
>> (example.org) :
>>
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
>> NETADDR in table static: -> found
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
>> DOMAIN in table static: -> found
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as
>> MAILADDR in table static:indesirables -> 0
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
>> NETADDR in table static: -> 0
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
>> NETADDR in table static: -> found
>> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
>> DOMAIN in table static: -> 0
>> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched
>>
>> As explained in my first email, this two examples leads to the error message
>> result="550 Invalid recipient ??.
>>
>> I will try a configuration which set explicitly the source for the ??
>> relayer ?? action like this : action ?? relayer" relay src
>> helo-src with a table sources set with the local network.
>>
>> BR, Fran??ois.
>>
>>
>>
>>
>>> Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit :
>>>
>>> On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
Hello All
I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server
hosted at home.
I'm running Linux on Raspberry Pi.
I didn't face any issue with the release 6.0.2. But after migrated the
smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
properly through smtp protocol.
>>>
>>> [...]
>>>
Here after an extract of my smtpd.conf :
listen on 127.0.0.1
listen on $lan_addr tls-require pki mail.example.org hostname
mail.example.org
listen on $lan_addr smtps pki mail.example.org auth hostname
mail.example.org mask-src
listen on $lan_addr port 587 tls-require pki mail.example.org auth
hostname mail.example.org mask-src
table aliases file:/etc/aliases
table indesirables { "@qq.com ?? }
action distribuer mbox alias
action relayer relay
match from any mail-from for any reject
match for local action distribuer
match for any action relayer
I don't understand my mistake. For information, I compiled the binaries
from the sources, maybe I missed to set something in the Makefile.
Thanks in advance for your support.
>>>
>>> The problem is that in 6.0.x authenticated users are considered as local
>>> sessions and therefore match you last two rules, but this was not right,
>>> it led to some configuration being impossible to express.
>>>
>>> Starting with 6.4.x, authenticated users are no longer considered local,
>>> and rules must explicitly match them:
>>>
>>> match auth from any [...]
>>
Re: Catchall / virtual in new syntax
On Sun, Dec 02, 2018 at 04:11:54PM +0100, Stefan Bagdohn wrote: > Dear Gilles, > > You are a genius! I have no idea why this did not work out in the last weeks > when I tried to get it up and running. > Now I ended up with: > A genius, that's unlikely, but glad that it works ;-) -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Catchall / virtual in new syntax
Dear Gilles,
You are a genius! I have no idea why this did not work out in the last weeks
when I tried to get it up and running.
Now I ended up with:
action aaa relay host smtp+tls://exo...@smtp.provider.com auth
action bbb mbox virtual { "@" => buggy }
match from any for domain example.com rcpt-to f...@example.com action aaa
match from any for any action bbb
This does exactly what I intend: Take mail from local network and local machine
from arbitrary sender to arbitrary recipient, pass it to the local user buggy,
modify the recipient to be f...@example.com, and allow relay for only this
recipient. (If recipient is fine in the first place, it does not take the route
through the local user.)
Excellent!
Thank you so much for your help and the trigger to try it again!
Regards
Stefan
> On 2. Dec 2018, at 14:49, Gilles Chehade wrote:
>
> On Sun, Dec 02, 2018 at 02:38:46PM +0100, Stefan Bagdohn wrote:
>> Hi all,
>>
>> with the old grammar i used the following config:
>>
>> accept from any for domain "example.com" recipient "f...@example.com" relay
>> via tls+auth://exo...@smtp.provider.com auth
>> accept from any for any virtual { "@" => buggy } deliver to mbox
>>
>> to do some sort of catchall.
>>
>> This worked well. Any mail (local from system and remote from lan) was
>> basically delivered to the local user buggy which had a .forward that
>> contains f...@example.com. So it was relayed afterwards by the first rule.
>>
>> Any hint how this could be done in the new grammar? I have no idea how to
>> implement the old-style => catchall.
>>
>
> grammar set aside, it's done the exact same way.
>
> --
> Gilles Chehade @poolpOrg
>
> https://www.poolp.org tip me: https://paypal.me/poolpOrg
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Catchall / virtual in new syntax
On Sun, Dec 02, 2018 at 02:38:46PM +0100, Stefan Bagdohn wrote:
> Hi all,
>
> with the old grammar i used the following config:
>
> accept from any for domain "example.com" recipient "f...@example.com" relay
> via tls+auth://exo...@smtp.provider.com auth
> accept from any for any virtual { "@" => buggy } deliver to mbox
>
> to do some sort of catchall.
>
> This worked well. Any mail (local from system and remote from lan) was
> basically delivered to the local user buggy which had a .forward that
> contains f...@example.com. So it was relayed afterwards by the first rule.
>
> Any hint how this could be done in the new grammar? I have no idea how to
> implement the old-style => catchall.
>
grammar set aside, it's done the exact same way.
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Catchall / virtual in new syntax
Hi all,
with the old grammar i used the following config:
accept from any for domain "example.com" recipient "f...@example.com" relay via
tls+auth://exo...@smtp.provider.com auth
accept from any for any virtual { "@" => buggy } deliver to mbox
to do some sort of catchall.
This worked well. Any mail (local from system and remote from lan) was
basically delivered to the local user buggy which had a .forward that contains
f...@example.com. So it was relayed afterwards by the first rule.
Any hint how this could be done in the new grammar? I have no idea how to
implement the old-style => catchall.
Thank you in advance!
Stefan
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote:
> Thanks Gilles for your quick answer.
>
> Based on your recommendations, I have now only this 3 match rules :
>
> match from any mail-from for any reject
> match auth from local action relayer
> match auth from any action distribuer
>
you also need a for on the last rules
not specifying from implies from local,
not specifying for implies for local.
you should most definitely have something along the lines of:
match auth from local for [...]
match auth from auth for [...]
> Below how the server reacts when I try to send an email from my laptop
> connected at the same osmtpd server network to an outside email domain
> (redarmor.net) :
>
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static: -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
> in table static: -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? franc...@example.org"
> as MAILADDR in table static:indesirables -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static: -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
> in table static: -> found
> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
> in table static: -> 0
> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched
>
> And when I sent an email from outside domain (redarmor.net) to my domain
> (example.org) :
>
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static: -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> DOMAIN in table static: -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as
> MAILADDR in table static:indesirables -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static: -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
> NETADDR in table static: -> found
> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as
> DOMAIN in table static: -> 0
> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched
>
> As explained in my first email, this two examples leads to the error message
> result="550 Invalid recipient ??.
>
> I will try a configuration which set explicitly the source for the ?? relayer
> ?? action like this : action ?? relayer" relay src helo-src
> with a table sources set with the local network.
>
> BR, Fran??ois.
>
>
>
>
> > Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit :
> >
> > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
> >> Hello All
> >>
> >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server
> >> hosted at home.
> >> I'm running Linux on Raspberry Pi.
> >>
> >> I didn't face any issue with the release 6.0.2. But after migrated the
> >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
> >> properly through smtp protocol.
> >>
> >
> > [...]
> >
> >>
> >> Here after an extract of my smtpd.conf :
> >>
> >> listen on 127.0.0.1
> >> listen on $lan_addr tls-require pki mail.example.org hostname
> >> mail.example.org
> >> listen on $lan_addr smtps pki mail.example.org auth hostname
> >> mail.example.org mask-src
> >> listen on $lan_addr port 587 tls-require pki mail.example.org auth
> >> hostname mail.example.org mask-src
> >>
> >> table aliases file:/etc/aliases
> >> table indesirables { "@qq.com ?? }
> >>
> >> action distribuer mbox alias
> >> action relayer relay
> >>
> >> match from any mail-from for any reject
> >> match for local action distribuer
> >> match for any action relayer
> >>
> >> I don't understand my mistake. For information, I compiled the binaries
> >> from the sources, maybe I missed to set something in the Makefile.
> >> Thanks in advance for your support.
> >>
> >
> > The problem is that in 6.0.x authenticated users are considered as local
> > sessions and therefore match you last two rules, but this was not right,
> > it led to some configuration being impossible to express.
> >
> > Starting with 6.4.x, authenticated users are no longer considered local,
> > and rules must explicitly match them:
> >
> >match auth from any [...]
> >
> > The 'auth' criteria is no longer related to the locality, so you're able
> > to write rules that match differently the authenticated users which come
> > from your machine or from others:
> >
> >match auth from local [...]
> >match auth from any [...]
> >
> > Your new ruleset should have one or two additional match rules I guess.
> >
> > Also, while at it, it is now also possible to match non-network sessions
> > with:
> >
> >match from socket [...]
> >
> > This used to only be matched by from local but can now also be matched a
> > bit more precisely.
> >
> >
> > --
> > Gilles Ch
Re: no rule matched after upgrade to 6.4.0p2
Thanks Gilles for your quick answer.
Based on your recommendations, I have now only this 3 match rules :
match from any mail-from for any reject
match auth from local action relayer
match auth from any action distribuer
Below how the server reacts when I try to send an email from my laptop
connected at the same osmtpd server network to an outside email domain
(redarmor.net) :
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
in table static: -> found
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
in table static: -> found
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check « franc...@example.org" as
MAILADDR in table static:indesirables -> 0
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
in table static: -> 0
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR
in table static: -> found
Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN
in table static: -> 0
Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched
And when I sent an email from outside domain (redarmor.net) to my domain
(example.org) :
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
NETADDR in table static: -> found
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check « example.org" as DOMAIN
in table static: -> found
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as
MAILADDR in table static:indesirables -> 0
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
NETADDR in table static: -> 0
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as
NETADDR in table static: -> found
Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check « example.org" as DOMAIN
in table static: -> 0
Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched
As explained in my first email, this two examples leads to the error message
result="550 Invalid recipient ».
I will try a configuration which set explicitly the source for the « relayer »
action like this : action « relayer" relay src helo-src
with a table sources set with the local network.
BR, François.
> Le 2 déc. 2018 à 12:26, Gilles Chehade a écrit :
>
> On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
>> Hello All
>>
>> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted
>> at home.
>> I'm running Linux on Raspberry Pi.
>>
>> I didn't face any issue with the release 6.0.2. But after migrated the
>> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
>> properly through smtp protocol.
>>
>
> [...]
>
>>
>> Here after an extract of my smtpd.conf :
>>
>> listen on 127.0.0.1
>> listen on $lan_addr tls-require pki mail.example.org hostname
>> mail.example.org
>> listen on $lan_addr smtps pki mail.example.org auth hostname
>> mail.example.org mask-src
>> listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname
>> mail.example.org mask-src
>>
>> table aliases file:/etc/aliases
>> table indesirables { "@qq.com ?? }
>>
>> action distribuer mbox alias
>> action relayer relay
>>
>> match from any mail-from for any reject
>> match for local action distribuer
>> match for any action relayer
>>
>> I don't understand my mistake. For information, I compiled the binaries from
>> the sources, maybe I missed to set something in the Makefile.
>> Thanks in advance for your support.
>>
>
> The problem is that in 6.0.x authenticated users are considered as local
> sessions and therefore match you last two rules, but this was not right,
> it led to some configuration being impossible to express.
>
> Starting with 6.4.x, authenticated users are no longer considered local,
> and rules must explicitly match them:
>
>match auth from any [...]
>
> The 'auth' criteria is no longer related to the locality, so you're able
> to write rules that match differently the authenticated users which come
> from your machine or from others:
>
>match auth from local [...]
>match auth from any [...]
>
> Your new ruleset should have one or two additional match rules I guess.
>
> Also, while at it, it is now also possible to match non-network sessions
> with:
>
>match from socket [...]
>
> This used to only be matched by from local but can now also be matched a
> bit more precisely.
>
>
> --
> Gilles Chehade @poolpOrg
>
> https://www.poolp.org tip me: https://paypal.me/poolpOrg
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote:
> Hello All
>
> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted
> at home.
> I'm running Linux on Raspberry Pi.
>
> I didn't face any issue with the release 6.0.2. But after migrated the
> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
> properly through smtp protocol.
>
[...]
>
> Here after an extract of my smtpd.conf :
>
> listen on 127.0.0.1
> listen on $lan_addr tls-require pki mail.example.org hostname mail.example.org
> listen on $lan_addr smtps pki mail.example.org auth hostname mail.example.org
> mask-src
> listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname
> mail.example.org mask-src
>
> table aliases file:/etc/aliases
> table indesirables { "@qq.com ?? }
>
> action distribuer mbox alias
> action relayer relay
>
> match from any mail-from for any reject
> match for local action distribuer
> match for any action relayer
>
> I don't understand my mistake. For information, I compiled the binaries from
> the sources, maybe I missed to set something in the Makefile.
> Thanks in advance for your support.
>
The problem is that in 6.0.x authenticated users are considered as local
sessions and therefore match you last two rules, but this was not right,
it led to some configuration being impossible to express.
Starting with 6.4.x, authenticated users are no longer considered local,
and rules must explicitly match them:
match auth from any [...]
The 'auth' criteria is no longer related to the locality, so you're able
to write rules that match differently the authenticated users which come
from your machine or from others:
match auth from local [...]
match auth from any [...]
Your new ruleset should have one or two additional match rules I guess.
Also, while at it, it is now also possible to match non-network sessions
with:
match from socket [...]
This used to only be matched by from local but can now also be matched a
bit more precisely.
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
no rule matched after upgrade to 6.4.0p2
Hello All
I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted at
home.
I'm running Linux on Raspberry Pi.
I didn't face any issue with the release 6.0.2. But after migrated the
smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails
properly through smtp protocol.
For each attempt to send an email, I get the message "smtpd[]: no rule matched"
which leads to result="550 Invalid recipient ».
Dec 1 20:29:45 smtpd[29376]: 641781d3ab71ac4d smtp authentication
user=francois address=192.168.0.1 host=192.168.0.1 result=ok
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 235 2.0.0: Authentication
succeeded
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: STATE_AUTH_INIT -> STATE_HELO
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_LOWAT
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_DATAIN
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: <<< MAIL
FROM:
Dec 1 20:29:45 smtpd[29376]: mproc: pony -> queue : 8 IMSG_SMTP_MESSAGE_CREATE
Dec 1 20:29:45 smtpd[29377]: imsg: queue <- pony: IMSG_SMTP_MESSAGE_CREATE
(len=8)
Dec 1 20:29:45 smtpd[29377]: queue-backend: queue_message_create() -> 1
(cc9fdc77)
Dec 1 20:29:45 smtpd[29377]: mproc: queue -> pony : 16 IMSG_SMTP_MESSAGE_CREATE
Dec 1 20:29:45 smtpd[29376]: imsg: pony <- queue: IMSG_SMTP_MESSAGE_CREATE
(len=16)
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 250 2.0.0: Ok
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_LOWAT
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_DATAIN
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: <<< RCPT TO:
Dec 1 20:29:45 smtpd[29376]: mproc: pony -> lka : 293 IMSG_SMTP_EXPAND_RCPT
Dec 1 20:29:45 smtpd[29375]: imsg: lka <- pony: IMSG_SMTP_EXPAND_RCPT (len=293)
Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: expand_insert() called for
address:za...@redarmor.net[parent=(nil), rule=(nil)]
Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: inserted node 0x11aae10
Dec 1 20:29:45 smtpd[29375]: expand: lka_expand: address: za...@redarmor.net
[depth=0]
Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table
static: -> found
Dec 1 20:29:45 smtpd[29375]: lookup: check "redarmor.net" as DOMAIN in table
static: -> found
Dec 1 20:29:45 smtpd[29375]: lookup: check « franc...@example.org" as MAILADDR
in table static:indesirables -> 0
Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table
static: -> 0
Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table
static: -> 0
Dec 1 20:29:45 smtpd[29375]: no rule matched
Dec 1 20:29:45 smtpd[29375]: mproc: lka -> pony : 34 IMSG_SMTP_EXPAND_RCPT
Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: clearing expand tree
Dec 1 20:29:45 smtpd[29376]: imsg: pony <- lka: IMSG_SMTP_EXPAND_RCPT (len=34)
Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 550 Invalid recipient
Dec 1 20:29:45 smtpd[29376]: 641781d3ab71ac4d smtp failed-command
address=192.168.0.1 host=192.168.0.1 command="RCPT TO:"
result="550 Invalid recipient"
Here after an extract of my smtpd.conf :
listen on 127.0.0.1
listen on $lan_addr tls-require pki mail.example.org hostname mail.example.org
listen on $lan_addr smtps pki mail.example.org auth hostname mail.example.org
mask-src
listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname
mail.example.org mask-src
table aliases file:/etc/aliases
table indesirables { "@qq.com » }
action distribuer mbox alias
action relayer relay
match from any mail-from for any reject
match for local action distribuer
match for any action relayer
I don't understand my mistake. For information, I compiled the binaries from
the sources, maybe I missed to set something in the Makefile.
Thanks in advance for your support.
BR, François.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
