Re: parse.y patch + smtpd.conf.5 patch
I guess I should have included the smtpd.conf(5) patch as well. Plus remove trailing whitspace. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.206 diff -u -p -u -r1.206 smtpd.conf.5 --- smtpd.conf.58 Oct 2018 06:10:17 - 1.206 +++ smtpd.conf.53 Dec 2018 03:08:02 - @@ -269,7 +269,7 @@ Server certificates for those protocols Require TLS to be used when relaying, using mandatory STARTTLS by default. When used with a smarthost, the protocol must not be .Dq smtp+notls:// . -If +If .Op no-verify is specified, do not require a valid certificate. .It Cm auth Pf < Ar table Ns > @@ -540,7 +540,7 @@ Specify that transaction's RCPT TO shoul .Ar recipient . .It Xo .Op Ic \&! -.Cm tag Ar tag +.Cm tagged Ar tag .Xc Matches transactions tagged with the given .Ar tag . On Sun, Dec 02, 2018 at 07:02:14PM -0600, Edgar Pettijohn wrote: > I think this was probably an oversight. > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v > retrieving revision 1.232 > diff -u -p -u -r1.232 parse.y > --- parse.y 30 Nov 2018 15:33:40 - 1.232 > +++ parse.y 3 Dec 2018 01:00:45 - > @@ -921,7 +921,7 @@ ACTION STRING { > ; > > match_option: > -negation TAG tables { > +negation TAGGED tables { > struct table *t = $3; > > if (rule->flag_tag) { > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
parse.y patch
I think this was probably an oversight. Index: parse.y === RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v retrieving revision 1.232 diff -u -p -u -r1.232 parse.y --- parse.y 30 Nov 2018 15:33:40 - 1.232 +++ parse.y 3 Dec 2018 01:00:45 - @@ -921,7 +921,7 @@ ACTION STRING { ; match_option: -negation TAG tables { +negation TAGGED tables { struct table *t = $3; if (rule->flag_tag) { -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
Thanks a lot Matt for your quick answer. I will check the open relay checker you advice me. It should be fine also. > Le 2 déc. 2018 à 21:52, Matt Schwartz a écrit : > > No Francois, there is no risk of an open relay with the first rule > because the session must be authenticated with a username and > password. If you want, you can use an open relay checker like > https://mxtoolbox.com/diagnostic.aspx if you're really concerned. I > use the same rule you did and I passed the open relay check. > -Matt > On Sun, Dec 2, 2018 at 3:48 PM François wrote: >> >> After understood the Gilles’ advices, I fixed the issues by finding the >> right ruleset : >> >> action distribuer mbox alias >> action relayer relay >> >> match auth from any for any action relayer >> match from any for domain example.org action distribuer >> >> Now, I’m able to send and receive emails with my osmtpd 6.4 server. >> >> Last question. Is there any to risk to be an open relay with the rule #1? >> I expect the auth mechanism avoid any bad usage of my server. Do I right ? >> >> BR, François. >> >>> Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit : >>> >>> On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote: Thanks Gilles for your quick answer. Based on your recommendations, I have now only this 3 match rules : match from any mail-from for any reject match auth from local action relayer match auth from any action distribuer >>> >>> you also need a for on the last rules >>> >>> not specifying from implies from local, >>> not specifying for implies for local. >>> >>> >>> you should most definitely have something along the lines of: >>> >>> match auth from local for [...] >>> match auth from auth for [...] >>> >>> >>> Below how the server reacts when I try to send an email from my laptop connected at the same osmtpd server network to an outside email domain (redarmor.net) : Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? franc...@example.org" as MAILADDR in table static:indesirables -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched And when I sent an email from outside domain (redarmor.net) to my domain (example.org) : Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as DOMAIN in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as MAILADDR in table static:indesirables -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as DOMAIN in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched As explained in my first email, this two examples leads to the error message result="550 Invalid recipient ??. I will try a configuration which set explicitly the source for the ?? relayer ?? action like this : action ?? relayer" relay src helo-src with a table sources set with the local network. BR, Fran??ois. > Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit : > > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: >> Hello All >> >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server >> hosted at home. >> I'm running Linux on Raspberry Pi. >> >> I didn't face any issue with the release 6.0.2. But after migrated the >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive >> emails properly through smtp protocol. >> > > [...] > >> >> Here after an extract of my smtpd.conf : >> >> listen on 127.0.0.1 >> listen on $lan_addr tls-require pki mail.example.org hostname >> mail.example.org >> listen on $lan_addr smtps pki mail.example.org auth hostname >> mail.example.org mask-src >> listen on $lan_addr port 587 tls-require pki mail.example.org auth >> hostname mail.example.org mask-src >> >> table aliases file:/etc/aliases >> tab
Re: no rule matched after upgrade to 6.4.0p2
No Francois, there is no risk of an open relay with the first rule because the session must be authenticated with a username and password. If you want, you can use an open relay checker like https://mxtoolbox.com/diagnostic.aspx if you're really concerned. I use the same rule you did and I passed the open relay check. -Matt On Sun, Dec 2, 2018 at 3:48 PM François wrote: > > After understood the Gilles’ advices, I fixed the issues by finding the right > ruleset : > > action distribuer mbox alias > action relayer relay > > match auth from any for any action relayer > match from any for domain example.org action distribuer > > Now, I’m able to send and receive emails with my osmtpd 6.4 server. > > Last question. Is there any to risk to be an open relay with the rule #1? > I expect the auth mechanism avoid any bad usage of my server. Do I right ? > > BR, François. > > > Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit : > > > > On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote: > >> Thanks Gilles for your quick answer. > >> > >> Based on your recommendations, I have now only this 3 match rules : > >> > >> match from any mail-from for any reject > >> match auth from local action relayer > >> match auth from any action distribuer > >> > > > > you also need a for on the last rules > > > > not specifying from implies from local, > > not specifying for implies for local. > > > > > > you should most definitely have something along the lines of: > > > >match auth from local for [...] > >match auth from auth for [...] > > > > > > > >> Below how the server reacts when I try to send an email from my laptop > >> connected at the same osmtpd server network to an outside email domain > >> (redarmor.net) : > >> > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as > >> NETADDR in table static: -> found > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as > >> DOMAIN in table static: -> found > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? > >> franc...@example.org" as MAILADDR in table static:indesirables -> 0 > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as > >> NETADDR in table static: -> 0 > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as > >> NETADDR in table static: -> found > >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as > >> DOMAIN in table static: -> 0 > >> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched > >> > >> And when I sent an email from outside domain (redarmor.net) to my domain > >> (example.org) : > >> > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > >> NETADDR in table static: -> found > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as > >> DOMAIN in table static: -> found > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" > >> as MAILADDR in table static:indesirables -> 0 > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > >> NETADDR in table static: -> 0 > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > >> NETADDR in table static: -> found > >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as > >> DOMAIN in table static: -> 0 > >> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched > >> > >> As explained in my first email, this two examples leads to the error > >> message result="550 Invalid recipient ??. > >> > >> I will try a configuration which set explicitly the source for the ?? > >> relayer ?? action like this : action ?? relayer" relay src > >> helo-src with a table sources set with the local network. > >> > >> BR, Fran??ois. > >> > >> > >> > >> > >>> Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit : > >>> > >>> On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: > Hello All > > I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server > hosted at home. > I'm running Linux on Raspberry Pi. > > I didn't face any issue with the release 6.0.2. But after migrated the > smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive > emails properly through smtp protocol. > > >>> > >>> [...] > >>> > > Here after an extract of my smtpd.conf : > > listen on 127.0.0.1 > listen on $lan_addr tls-require pki mail.example.org hostname > mail.example.org > listen on $lan_addr smtps pki mail.example.org auth hostname > mail.example.org mask-src > listen on $lan_addr port 587 tls-require pki mail.example.org auth > hostname mail.example.org mask-src > > table aliases file:/etc/aliases > table indesirables { "@qq.com ?? } > > action distribuer mbox alias > action relayer relay > > match from any mail-from for any reject > match for local action distribuer > match for any action relayer > >
Re: no rule matched after upgrade to 6.4.0p2
After understood the Gilles’ advices, I fixed the issues by finding the right ruleset : action distribuer mbox alias action relayer relay match auth from any for any action relayer match from any for domain example.org action distribuer Now, I’m able to send and receive emails with my osmtpd 6.4 server. Last question. Is there any to risk to be an open relay with the rule #1? I expect the auth mechanism avoid any bad usage of my server. Do I right ? BR, François. > Le 2 déc. 2018 à 13:27, Gilles Chehade a écrit : > > On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote: >> Thanks Gilles for your quick answer. >> >> Based on your recommendations, I have now only this 3 match rules : >> >> match from any mail-from for any reject >> match auth from local action relayer >> match auth from any action distribuer >> > > you also need a for on the last rules > > not specifying from implies from local, > not specifying for implies for local. > > > you should most definitely have something along the lines of: > >match auth from local for [...] >match auth from auth for [...] > > > >> Below how the server reacts when I try to send an email from my laptop >> connected at the same osmtpd server network to an outside email domain >> (redarmor.net) : >> >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as >> NETADDR in table static: -> found >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as >> DOMAIN in table static: -> found >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? >> franc...@example.org" as MAILADDR in table static:indesirables -> 0 >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as >> NETADDR in table static: -> 0 >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as >> NETADDR in table static: -> found >> Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as >> DOMAIN in table static: -> 0 >> Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched >> >> And when I sent an email from outside domain (redarmor.net) to my domain >> (example.org) : >> >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as >> NETADDR in table static: -> found >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as >> DOMAIN in table static: -> found >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as >> MAILADDR in table static:indesirables -> 0 >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as >> NETADDR in table static: -> 0 >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as >> NETADDR in table static: -> found >> Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as >> DOMAIN in table static: -> 0 >> Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched >> >> As explained in my first email, this two examples leads to the error message >> result="550 Invalid recipient ??. >> >> I will try a configuration which set explicitly the source for the ?? >> relayer ?? action like this : action ?? relayer" relay src >> helo-src with a table sources set with the local network. >> >> BR, Fran??ois. >> >> >> >> >>> Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit : >>> >>> On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: Hello All I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted at home. I'm running Linux on Raspberry Pi. I didn't face any issue with the release 6.0.2. But after migrated the smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails properly through smtp protocol. >>> >>> [...] >>> Here after an extract of my smtpd.conf : listen on 127.0.0.1 listen on $lan_addr tls-require pki mail.example.org hostname mail.example.org listen on $lan_addr smtps pki mail.example.org auth hostname mail.example.org mask-src listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname mail.example.org mask-src table aliases file:/etc/aliases table indesirables { "@qq.com ?? } action distribuer mbox alias action relayer relay match from any mail-from for any reject match for local action distribuer match for any action relayer I don't understand my mistake. For information, I compiled the binaries from the sources, maybe I missed to set something in the Makefile. Thanks in advance for your support. >>> >>> The problem is that in 6.0.x authenticated users are considered as local >>> sessions and therefore match you last two rules, but this was not right, >>> it led to some configuration being impossible to express. >>> >>> Starting with 6.4.x, authenticated users are no longer considered local, >>> and rules must explicitly match them: >>> >>> match auth from any [...] >>
Re: Catchall / virtual in new syntax
On Sun, Dec 02, 2018 at 04:11:54PM +0100, Stefan Bagdohn wrote: > Dear Gilles, > > You are a genius! I have no idea why this did not work out in the last weeks > when I tried to get it up and running. > Now I ended up with: > A genius, that's unlikely, but glad that it works ;-) -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Catchall / virtual in new syntax
Dear Gilles, You are a genius! I have no idea why this did not work out in the last weeks when I tried to get it up and running. Now I ended up with: action aaa relay host smtp+tls://exo...@smtp.provider.com auth action bbb mbox virtual { "@" => buggy } match from any for domain example.com rcpt-to f...@example.com action aaa match from any for any action bbb This does exactly what I intend: Take mail from local network and local machine from arbitrary sender to arbitrary recipient, pass it to the local user buggy, modify the recipient to be f...@example.com, and allow relay for only this recipient. (If recipient is fine in the first place, it does not take the route through the local user.) Excellent! Thank you so much for your help and the trigger to try it again! Regards Stefan > On 2. Dec 2018, at 14:49, Gilles Chehade wrote: > > On Sun, Dec 02, 2018 at 02:38:46PM +0100, Stefan Bagdohn wrote: >> Hi all, >> >> with the old grammar i used the following config: >> >> accept from any for domain "example.com" recipient "f...@example.com" relay >> via tls+auth://exo...@smtp.provider.com auth >> accept from any for any virtual { "@" => buggy } deliver to mbox >> >> to do some sort of catchall. >> >> This worked well. Any mail (local from system and remote from lan) was >> basically delivered to the local user buggy which had a .forward that >> contains f...@example.com. So it was relayed afterwards by the first rule. >> >> Any hint how this could be done in the new grammar? I have no idea how to >> implement the old-style => catchall. >> > > grammar set aside, it's done the exact same way. > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Catchall / virtual in new syntax
On Sun, Dec 02, 2018 at 02:38:46PM +0100, Stefan Bagdohn wrote: > Hi all, > > with the old grammar i used the following config: > > accept from any for domain "example.com" recipient "f...@example.com" relay > via tls+auth://exo...@smtp.provider.com auth > accept from any for any virtual { "@" => buggy } deliver to mbox > > to do some sort of catchall. > > This worked well. Any mail (local from system and remote from lan) was > basically delivered to the local user buggy which had a .forward that > contains f...@example.com. So it was relayed afterwards by the first rule. > > Any hint how this could be done in the new grammar? I have no idea how to > implement the old-style => catchall. > grammar set aside, it's done the exact same way. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Catchall / virtual in new syntax
Hi all, with the old grammar i used the following config: accept from any for domain "example.com" recipient "f...@example.com" relay via tls+auth://exo...@smtp.provider.com auth accept from any for any virtual { "@" => buggy } deliver to mbox to do some sort of catchall. This worked well. Any mail (local from system and remote from lan) was basically delivered to the local user buggy which had a .forward that contains f...@example.com. So it was relayed afterwards by the first rule. Any hint how this could be done in the new grammar? I have no idea how to implement the old-style => catchall. Thank you in advance! Stefan -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
On Sun, Dec 02, 2018 at 01:05:56PM +0100, Fran??ois wrote: > Thanks Gilles for your quick answer. > > Based on your recommendations, I have now only this 3 match rules : > > match from any mail-from for any reject > match auth from local action relayer > match auth from any action distribuer > you also need a for on the last rules not specifying from implies from local, not specifying for implies for local. you should most definitely have something along the lines of: match auth from local for [...] match auth from auth for [...] > Below how the server reacts when I try to send an email from my laptop > connected at the same osmtpd server network to an outside email domain > (redarmor.net) : > > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR > in table static: -> found > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN > in table static: -> found > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check ?? franc...@example.org" > as MAILADDR in table static:indesirables -> 0 > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR > in table static: -> 0 > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR > in table static: -> found > Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN > in table static: -> 0 > Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched > > And when I sent an email from outside domain (redarmor.net) to my domain > (example.org) : > > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > NETADDR in table static: -> found > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as > DOMAIN in table static: -> found > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as > MAILADDR in table static:indesirables -> 0 > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > NETADDR in table static: -> 0 > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as > NETADDR in table static: -> found > Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check ?? example.org" as > DOMAIN in table static: -> 0 > Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched > > As explained in my first email, this two examples leads to the error message > result="550 Invalid recipient ??. > > I will try a configuration which set explicitly the source for the ?? relayer > ?? action like this : action ?? relayer" relay src helo-src > with a table sources set with the local network. > > BR, Fran??ois. > > > > > > Le 2 d??c. 2018 ?? 12:26, Gilles Chehade a ??crit : > > > > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: > >> Hello All > >> > >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server > >> hosted at home. > >> I'm running Linux on Raspberry Pi. > >> > >> I didn't face any issue with the release 6.0.2. But after migrated the > >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails > >> properly through smtp protocol. > >> > > > > [...] > > > >> > >> Here after an extract of my smtpd.conf : > >> > >> listen on 127.0.0.1 > >> listen on $lan_addr tls-require pki mail.example.org hostname > >> mail.example.org > >> listen on $lan_addr smtps pki mail.example.org auth hostname > >> mail.example.org mask-src > >> listen on $lan_addr port 587 tls-require pki mail.example.org auth > >> hostname mail.example.org mask-src > >> > >> table aliases file:/etc/aliases > >> table indesirables { "@qq.com ?? } > >> > >> action distribuer mbox alias > >> action relayer relay > >> > >> match from any mail-from for any reject > >> match for local action distribuer > >> match for any action relayer > >> > >> I don't understand my mistake. For information, I compiled the binaries > >> from the sources, maybe I missed to set something in the Makefile. > >> Thanks in advance for your support. > >> > > > > The problem is that in 6.0.x authenticated users are considered as local > > sessions and therefore match you last two rules, but this was not right, > > it led to some configuration being impossible to express. > > > > Starting with 6.4.x, authenticated users are no longer considered local, > > and rules must explicitly match them: > > > >match auth from any [...] > > > > The 'auth' criteria is no longer related to the locality, so you're able > > to write rules that match differently the authenticated users which come > > from your machine or from others: > > > >match auth from local [...] > >match auth from any [...] > > > > Your new ruleset should have one or two additional match rules I guess. > > > > Also, while at it, it is now also possible to match non-network sessions > > with: > > > >match from socket [...] > > > > This used to only be matched by from local but can now also be matched a > > bit more precisely. > > > > > > -- > > Gilles Ch
Re: no rule matched after upgrade to 6.4.0p2
Thanks Gilles for your quick answer. Based on your recommendations, I have now only this 3 match rules : match from any mail-from for any reject match auth from local action relayer match auth from any action distribuer Below how the server reacts when I try to send an email from my laptop connected at the same osmtpd server network to an outside email domain (redarmor.net) : Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check « franc...@example.org" as MAILADDR in table static:indesirables -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 2 12:43:12 gabrielle smtpd[1459]: lookup: check "redarmor.net" as DOMAIN in table static: -> 0 Dec 2 12:43:12 gabrielle smtpd[1459]: no rule matched And when I sent an email from outside domain (redarmor.net) to my domain (example.org) : Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check « example.org" as DOMAIN in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "za...@redarmor.net" as MAILADDR in table static:indesirables -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check "217.70.183.201" as NETADDR in table static: -> found Dec 2 12:47:02 gabrielle smtpd[1459]: lookup: check « example.org" as DOMAIN in table static: -> 0 Dec 2 12:47:02 gabrielle smtpd[1459]: no rule matched As explained in my first email, this two examples leads to the error message result="550 Invalid recipient ». I will try a configuration which set explicitly the source for the « relayer » action like this : action « relayer" relay src helo-src with a table sources set with the local network. BR, François. > Le 2 déc. 2018 à 12:26, Gilles Chehade a écrit : > > On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: >> Hello All >> >> I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted >> at home. >> I'm running Linux on Raspberry Pi. >> >> I didn't face any issue with the release 6.0.2. But after migrated the >> smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails >> properly through smtp protocol. >> > > [...] > >> >> Here after an extract of my smtpd.conf : >> >> listen on 127.0.0.1 >> listen on $lan_addr tls-require pki mail.example.org hostname >> mail.example.org >> listen on $lan_addr smtps pki mail.example.org auth hostname >> mail.example.org mask-src >> listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname >> mail.example.org mask-src >> >> table aliases file:/etc/aliases >> table indesirables { "@qq.com ?? } >> >> action distribuer mbox alias >> action relayer relay >> >> match from any mail-from for any reject >> match for local action distribuer >> match for any action relayer >> >> I don't understand my mistake. For information, I compiled the binaries from >> the sources, maybe I missed to set something in the Makefile. >> Thanks in advance for your support. >> > > The problem is that in 6.0.x authenticated users are considered as local > sessions and therefore match you last two rules, but this was not right, > it led to some configuration being impossible to express. > > Starting with 6.4.x, authenticated users are no longer considered local, > and rules must explicitly match them: > >match auth from any [...] > > The 'auth' criteria is no longer related to the locality, so you're able > to write rules that match differently the authenticated users which come > from your machine or from others: > >match auth from local [...] >match auth from any [...] > > Your new ruleset should have one or two additional match rules I guess. > > Also, while at it, it is now also possible to match non-network sessions > with: > >match from socket [...] > > This used to only be matched by from local but can now also be matched a > bit more precisely. > > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: no rule matched after upgrade to 6.4.0p2
On Sun, Dec 02, 2018 at 11:46:45AM +0100, Fran??ois wrote: > Hello All > > I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted > at home. > I'm running Linux on Raspberry Pi. > > I didn't face any issue with the release 6.0.2. But after migrated the > smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails > properly through smtp protocol. > [...] > > Here after an extract of my smtpd.conf : > > listen on 127.0.0.1 > listen on $lan_addr tls-require pki mail.example.org hostname mail.example.org > listen on $lan_addr smtps pki mail.example.org auth hostname mail.example.org > mask-src > listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname > mail.example.org mask-src > > table aliases file:/etc/aliases > table indesirables { "@qq.com ?? } > > action distribuer mbox alias > action relayer relay > > match from any mail-from for any reject > match for local action distribuer > match for any action relayer > > I don't understand my mistake. For information, I compiled the binaries from > the sources, maybe I missed to set something in the Makefile. > Thanks in advance for your support. > The problem is that in 6.0.x authenticated users are considered as local sessions and therefore match you last two rules, but this was not right, it led to some configuration being impossible to express. Starting with 6.4.x, authenticated users are no longer considered local, and rules must explicitly match them: match auth from any [...] The 'auth' criteria is no longer related to the locality, so you're able to write rules that match differently the authenticated users which come from your machine or from others: match auth from local [...] match auth from any [...] Your new ruleset should have one or two additional match rules I guess. Also, while at it, it is now also possible to match non-network sessions with: match from socket [...] This used to only be matched by from local but can now also be matched a bit more precisely. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
no rule matched after upgrade to 6.4.0p2
Hello All I'm trying to move from Opensmtpd 6.0.2p1 to 6.4.0p2 my email server hosted at home. I'm running Linux on Raspberry Pi. I didn't face any issue with the release 6.0.2. But after migrated the smtpd.conf file in 6.4.0p2 format, I'm not able to send or receive emails properly through smtp protocol. For each attempt to send an email, I get the message "smtpd[]: no rule matched" which leads to result="550 Invalid recipient ». Dec 1 20:29:45 smtpd[29376]: 641781d3ab71ac4d smtp authentication user=francois address=192.168.0.1 host=192.168.0.1 result=ok Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 235 2.0.0: Authentication succeeded Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: STATE_AUTH_INIT -> STATE_HELO Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_LOWAT Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_DATAIN Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: <<< MAIL FROM: Dec 1 20:29:45 smtpd[29376]: mproc: pony -> queue : 8 IMSG_SMTP_MESSAGE_CREATE Dec 1 20:29:45 smtpd[29377]: imsg: queue <- pony: IMSG_SMTP_MESSAGE_CREATE (len=8) Dec 1 20:29:45 smtpd[29377]: queue-backend: queue_message_create() -> 1 (cc9fdc77) Dec 1 20:29:45 smtpd[29377]: mproc: queue -> pony : 16 IMSG_SMTP_MESSAGE_CREATE Dec 1 20:29:45 smtpd[29376]: imsg: pony <- queue: IMSG_SMTP_MESSAGE_CREATE (len=16) Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 250 2.0.0: Ok Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_LOWAT Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: IO_DATAIN Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: <<< RCPT TO: Dec 1 20:29:45 smtpd[29376]: mproc: pony -> lka : 293 IMSG_SMTP_EXPAND_RCPT Dec 1 20:29:45 smtpd[29375]: imsg: lka <- pony: IMSG_SMTP_EXPAND_RCPT (len=293) Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: expand_insert() called for address:za...@redarmor.net[parent=(nil), rule=(nil)] Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: inserted node 0x11aae10 Dec 1 20:29:45 smtpd[29375]: expand: lka_expand: address: za...@redarmor.net [depth=0] Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table static: -> found Dec 1 20:29:45 smtpd[29375]: lookup: check "redarmor.net" as DOMAIN in table static: -> found Dec 1 20:29:45 smtpd[29375]: lookup: check « franc...@example.org" as MAILADDR in table static:indesirables -> 0 Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table static: -> 0 Dec 1 20:29:45 smtpd[29375]: lookup: check "192.168.0.1" as NETADDR in table static: -> 0 Dec 1 20:29:45 smtpd[29375]: no rule matched Dec 1 20:29:45 smtpd[29375]: mproc: lka -> pony : 34 IMSG_SMTP_EXPAND_RCPT Dec 1 20:29:45 smtpd[29375]: expand: 0x11ad800: clearing expand tree Dec 1 20:29:45 smtpd[29376]: imsg: pony <- lka: IMSG_SMTP_EXPAND_RCPT (len=34) Dec 1 20:29:45 smtpd[29376]: smtp: 0x22a4660: >>> 550 Invalid recipient Dec 1 20:29:45 smtpd[29376]: 641781d3ab71ac4d smtp failed-command address=192.168.0.1 host=192.168.0.1 command="RCPT TO:" result="550 Invalid recipient" Here after an extract of my smtpd.conf : listen on 127.0.0.1 listen on $lan_addr tls-require pki mail.example.org hostname mail.example.org listen on $lan_addr smtps pki mail.example.org auth hostname mail.example.org mask-src listen on $lan_addr port 587 tls-require pki mail.example.org auth hostname mail.example.org mask-src table aliases file:/etc/aliases table indesirables { "@qq.com » } action distribuer mbox alias action relayer relay match from any mail-from for any reject match for local action distribuer match for any action relayer I don't understand my mistake. For information, I compiled the binaries from the sources, maybe I missed to set something in the Makefile. Thanks in advance for your support. BR, François. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org