Re: Announce: OpenSMTPD 6.4.1 released

2018-12-19 Thread Gilles Chehade
On Thu, Dec 20, 2018 at 02:52:19PM +1100, Antonino Sidoti wrote:
> HI,
> 
> I am on OpenBSD 6.4 and I have checked in the past few days for the new 
> update via ???syspatch???. So far nothing has come through for OpenSmtpd.
>

Are you sure ?

I'm running OpenBSD 6.4 and I did get the update via syspatch a while ago:

$ uname -srm
OpenBSD 6.4 amd64
$ syspatch -l|grep smtpd
007_smtpd
$

$ curl 
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/007_smtpd.patch.sig 
2>/dev/null |head -9
untrusted comment: verify with openbsd-64-base.pub
RWQq6XmS4eDAcT7iguLT8P2N4KVuxYXFb9rqG8JKe0uVSFR+dDlXh5TMkn8zF8IdAJrJRVOGSb9TxFjWlPKtBZLT/57ZH2pv0gk=

OpenBSD 6.4 errata 007, November 29, 2018

The mail.mda and mail.lmtp delivery agents were not reporting temporary
failures correctly, causing smtpd to bounce messages in some cases where
it should have retried them.




> > On 17 Dec 2018, at 3:15 am, Gilles Chehade  wrote:
> > 
> > On Sun, Dec 16, 2018 at 11:11:23AM -0500, Matt Schwartz wrote:
> >> Hi Gilles,
> >> 
> >> Stupid question but did these minor fixes come via a syspatch or do I need
> >> to download and compile the tarball?
> >> 
> > 
> > If you're on OpenBSD 6.4 and run syspatch, you will be fine.
> > 
> > 
> >> On Sun, Dec 16, 2018, 11:05 AM Gilles Chehade  >> 
> >>> Subject: Announce: OpenSMTPD 6.4.1 released
> >>> 
> >>> OpenSMTPD 6.4.1 has just been released.
> >>> 
> >>> OpenSMTPD is a FREE implementation of the SMTP protocol with some common
> >>> extensions. It allows ordinary machines to exchange e-mails with systems
> >>> speaking the SMTP protocol. It implements a fairly large part of RFC5321
> >>> and can already cover a large range of use-cases.
> >>> 
> >>> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD and Linux.
> >>> 
> >>> The archives are now available from the main site at www.OpenSMTPD.org
> >>> 
> >>> We would like to thank the OpenSMTPD community for their help in testing
> >>> the snapshots, reporting bugs, contributing code and packaging for other
> >>> systems.
> >>> 
> >>> This is a minor release with critical and portability fixes.
> >>> 
> >>> Changes in this release (since 6.4.0):
> >>> ==
> >>> 
> >>> - MDA exit status was improperly handled causing some temporary failures
> >>>  to be treated as permanent failures.
> >>> - fix hardcoded libexec paths preventing proper packaging [1]
> >>> - fix install of smtpctl to allow build/install as non-root
> >>> 
> >>> 
> >>> [1] Author: Michael Figiel 
> >>> 
> >>> 
> >>> Checksums:
> >>> ==
> >>> 
> >>>  SHA256 (opensmtpd-6.4.1.tar.gz) =
> >>>  755580753b36a4072bffac4993d1db82129352a087830e125e257c3ce8c5921f
> >>> 
> >>>  SHA256 (opensmtpd-6.4.1p1.tar.gz) =
> >>>  1b5dabe822a0e0b2cfde067f673885a81211ae8f630ec88e4d70c81cad49a406
> >>> 
> >>> 
> >>> Verify:
> >>> ===
> >>> 
> >>> Starting with version 5.7.1, releases are signed with signify(1).
> >>> 
> >>> You can obtain the public key from our website, check with our community
> >>> that it has not been altered on its way to your machine.
> >>> 
> >>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub
> >>> 
> >>> Once you are confident the key is correct, you can verify the release as
> >>> described below:
> >>> 
> >>> 1- download both release tarball and matching signature file to same
> >>> directory:
> >>> 
> >>>   for OpenBSD version:
> >>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.sum.sig
> >>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.tar.gz
> >>> 
> >>>   for portable version:
> >>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.sum.sig
> >>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.tar.gz
> >>> 
> >>> 
> >>> 2- use `signify` to verify that signature file is properly signed and that
> >>> the
> >>>   checksum matches the release tarball you downloaded:
> >>> 
> >>>   for OpenBSD version:
> >>>   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1.sum.sig
> >>>   Signature Verified
> >>>   opensmtpd-6.4.1.tar.gz: OK
> >>> 
> >>>   for portable version:
> >>>   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1p1.sum.sig
> >>>   Signature Verified
> >>>   opensmtpd-6.4.1p1.tar.gz: OK
> >>> 
> >>> 
> >>> If you don't get an OK message, then something is not right and you should
> >>> not
> >>> install without first understanding why it failed.
> >>> 
> >>> 
> >>> Support:
> >>> 
> >>> 
> >>> You are encouraged to register to our general purpose mailing-list:
> >>>http://www.opensmtpd.org/list.html
> >>> 
> >>> The "Official" IRC channel for the project is at:
> >>>#OpenSMTPD @ irc.freenode.net
> >>> 
> >>> 
> >>> Reporting Bugs:
> >>> ===
> >>> 
> >>> Please read http://www.opensmtpd.org/report.html
> >>> Security bugs should be reported directly to secur...@opensmtpd.org
> >>> Other bugs may be reported to b...@opensmtpd.org
> >>> 
> >>> --
> >>> Gilles Chehade

Re: Rule to prevent spam from my domain

2018-12-19 Thread Mik J
 Hello Edgar,

I don't relay without authentication except for local networks

Here's my configuration for incomming mails
##
# INCOMING MAILS #
##
listen on 127.0.0.1 port 10024 tag CLAM_IN # From Clamav
listen on 127.0.0.1 port 10028 tag DKIM_IN # From dkimproxy
# Reject some domains considered as spam
reject sender  for any

accept tagged CLAM_IN for domain  virtual  deliver to 
maildir "/home/mail/%{dest.domain:lowercase}/%{dest.user:lowercase}/Maildir"
accept tagged CLAM_IN for local alias  deliver to maildir 
"/home/mail/%{rcpt.domain:lowercase}/%{dest.user:lowercase}/Maildir"
accept tagged DKIM_IN for any relay via smtp://127.0.0.1:10023
# No authentication for local networks
accept from source  for domain  relay via 
smtp://127.0.0.1:10027
# Accept and relay only if the domain is explicitly specified (file courriels = 
@mydomain.org)
accept from any sender ! for domain  relay via 
smtp://127.0.0.1:10027


The mail header looks like that
Return-Path: aaron552sm...@yahoo.jp
...
From: i...@mydomain.org
X-Accept-Language: en-us
MIME-Version: 1.0
To: 

The logs like that

Dec 12 23:34:26 ovhegravmx63 smtpd[76185]: e216cee5c463851f mta event=closed 
reason=quit messages=0
Dec 12 23:35:52 ovhegravmx63 smtpd[76185]: e216cee6e1356908 smtp 
event=connected address=185.48.39.65 host=185.48.39.65
Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee6e1356908 smtp event=message 
address=185.48.39.65 host=185.48.39.65 msgid=e00cc59e 
from= to= size=4393 ndest=1 
proto=SMTP
Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee9561b88cc mta 
event=connecting address=smtp://127.0.0.1:10027 host=localhost
Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee9561b88cc mta event=connected
Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216ceea49112188 smtp 
event=connected address=127.0.0.1 host=localhost
Dec 12 23:35:55 ovhegravmx63 dkimproxy.in[9548]: DKIM verify - none; 
message-id=, from=
Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216ceea49112188 smtp event=message 
address=127.0.0.1 host=localhost msgid=47085653 from= 
to= size=4687 ndest=1 proto=ESMTP


Le jeudi 20 décembre 2018 à 04:04:10 UTC+1, Edgar Pettijohn 
 a écrit :  
 
 On Wed, Dec 19, 2018 at 11:37:31PM +, Mik J wrote:
> Hello,
> 
> I have wrote rules for my opensmtpd but some spams are passing through.
> 
> The ones that I go through have a source like em...@mydomain.org and are sent 
> to i...@mydomain.org
> I'm wondering if some of you have written this kind of rule ?
> 
> reject from source ! sender  for domain 
> 
> 
> Regards

Please provide your /etc/mail/smtpd.conf

And perhaps some logs where the spammers are getting through.

You shouldn't allow your server to be used as a relay without authentication.

Edgar

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

  

Re: FAQ gone?

2018-12-19 Thread Antonino Sidoti
HI,

I agree with a user base option as well. If people from this mailing list would 
be willing to volunteer their setup/configuration into a wiki then I think it 
would be good way to share the knowledge about OpenSMTPD. I struggled quite a 
bit getting the information to put together my setup and I ended up grabbing 
snippets of information from various sites along with a lot of reading too, 
i.e. ‘man’ pages. Though ‘man’ pages can be daunting at first and takes time 
getting your head around the many options, switches and order of syntax.

I built my lab a few times before I got it right. Having a central place for 
information and seeing examples I think will be very helpful.   

> On 13 Dec 2018, at 9:48 am, Edgar Pettijohn  wrote:
> 
> I feel the manual pages are really enough. However, somesort of wiki that
> the userbase could keep updated without intervention may work out.
> 
> Edgar
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Announce: OpenSMTPD 6.4.1 released

2018-12-19 Thread Antonino Sidoti
HI,

I am on OpenBSD 6.4 and I have checked in the past few days for the new update 
via “syspatch”. So far nothing has come through for OpenSmtpd.

> On 17 Dec 2018, at 3:15 am, Gilles Chehade  wrote:
> 
> On Sun, Dec 16, 2018 at 11:11:23AM -0500, Matt Schwartz wrote:
>> Hi Gilles,
>> 
>> Stupid question but did these minor fixes come via a syspatch or do I need
>> to download and compile the tarball?
>> 
> 
> If you're on OpenBSD 6.4 and run syspatch, you will be fine.
> 
> 
>> On Sun, Dec 16, 2018, 11:05 AM Gilles Chehade > 
>>> Subject: Announce: OpenSMTPD 6.4.1 released
>>> 
>>> OpenSMTPD 6.4.1 has just been released.
>>> 
>>> OpenSMTPD is a FREE implementation of the SMTP protocol with some common
>>> extensions. It allows ordinary machines to exchange e-mails with systems
>>> speaking the SMTP protocol. It implements a fairly large part of RFC5321
>>> and can already cover a large range of use-cases.
>>> 
>>> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD and Linux.
>>> 
>>> The archives are now available from the main site at www.OpenSMTPD.org
>>> 
>>> We would like to thank the OpenSMTPD community for their help in testing
>>> the snapshots, reporting bugs, contributing code and packaging for other
>>> systems.
>>> 
>>> This is a minor release with critical and portability fixes.
>>> 
>>> Changes in this release (since 6.4.0):
>>> ==
>>> 
>>> - MDA exit status was improperly handled causing some temporary failures
>>>  to be treated as permanent failures.
>>> - fix hardcoded libexec paths preventing proper packaging [1]
>>> - fix install of smtpctl to allow build/install as non-root
>>> 
>>> 
>>> [1] Author: Michael Figiel 
>>> 
>>> 
>>> Checksums:
>>> ==
>>> 
>>>  SHA256 (opensmtpd-6.4.1.tar.gz) =
>>>  755580753b36a4072bffac4993d1db82129352a087830e125e257c3ce8c5921f
>>> 
>>>  SHA256 (opensmtpd-6.4.1p1.tar.gz) =
>>>  1b5dabe822a0e0b2cfde067f673885a81211ae8f630ec88e4d70c81cad49a406
>>> 
>>> 
>>> Verify:
>>> ===
>>> 
>>> Starting with version 5.7.1, releases are signed with signify(1).
>>> 
>>> You can obtain the public key from our website, check with our community
>>> that it has not been altered on its way to your machine.
>>> 
>>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub
>>> 
>>> Once you are confident the key is correct, you can verify the release as
>>> described below:
>>> 
>>> 1- download both release tarball and matching signature file to same
>>> directory:
>>> 
>>>   for OpenBSD version:
>>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.sum.sig
>>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.tar.gz
>>> 
>>>   for portable version:
>>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.sum.sig
>>>   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.tar.gz
>>> 
>>> 
>>> 2- use `signify` to verify that signature file is properly signed and that
>>> the
>>>   checksum matches the release tarball you downloaded:
>>> 
>>>   for OpenBSD version:
>>>   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1.sum.sig
>>>   Signature Verified
>>>   opensmtpd-6.4.1.tar.gz: OK
>>> 
>>>   for portable version:
>>>   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1p1.sum.sig
>>>   Signature Verified
>>>   opensmtpd-6.4.1p1.tar.gz: OK
>>> 
>>> 
>>> If you don't get an OK message, then something is not right and you should
>>> not
>>> install without first understanding why it failed.
>>> 
>>> 
>>> Support:
>>> 
>>> 
>>> You are encouraged to register to our general purpose mailing-list:
>>>http://www.opensmtpd.org/list.html
>>> 
>>> The "Official" IRC channel for the project is at:
>>>#OpenSMTPD @ irc.freenode.net
>>> 
>>> 
>>> Reporting Bugs:
>>> ===
>>> 
>>> Please read http://www.opensmtpd.org/report.html
>>> Security bugs should be reported directly to secur...@opensmtpd.org
>>> Other bugs may be reported to b...@opensmtpd.org
>>> 
>>> --
>>> Gilles Chehade @poolpOrg
>>> 
>>> https://www.poolp.org tip me: https://paypal.me/poolpOrg
>>> 
>>> --
>>> You received this mail because you are subscribed to misc@opensmtpd.org
>>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>>> 
>>> 
> 
> -- 
> Gilles Chehade   @poolpOrg
> 
> https://www.poolp.org  tip me: 
> https://paypal.me/poolpOrg 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org 
> 
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org 
> 


Re: Rule to prevent spam from my domain

2018-12-19 Thread Edgar Pettijohn
On Wed, Dec 19, 2018 at 11:37:31PM +, Mik J wrote:
> Hello,
> 
> I have wrote rules for my opensmtpd but some spams are passing through.
> 
> The ones that I go through have a source like em...@mydomain.org and are sent 
> to i...@mydomain.org
> I'm wondering if some of you have written this kind of rule ?
> 
> reject from source ! sender  for domain 
> 
> 
> Regards

Please provide your /etc/mail/smtpd.conf

And perhaps some logs where the spammers are getting through.

You shouldn't allow your server to be used as a relay without authentication.

Edgar

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Flipchan
the site is: openbsd.amsterdam

On December 20, 2018 3:33:42 AM GMT+02:00, Chris Bennett 
 wrote:
>On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote:
>> Poke vultr about it , if its not good, just switch provider ( openbsd
>amsterdam?))
>> 
>
>They say it's my fault and that they have spent a tremendous amount of
>time trying to get me off of the blacklist. (exaggeration included on
>purpose).
>
>As you can see below, I guess it is all my fault.
>I'm just going to put the DNS records back to where they were before.
>What's the website for OpenBSD Amsterdam?
>
>Looks like I may just have to move my server from the USA to the not
>USA. Why is such a simple thing as a server so hard to get???
>
>Fun Fun Fun entered below:
>---
>Information about 108.61.242.230
>
>Below is the information we have on record about 108.61.242.230
>Standards Compliance
>
>Does IP Address resolve to a reverse hostname... Passed!
>
>Does IP Address comply with reverse hostname naming convention...
>Passed!
>List Status
>
>RATS-Dyna - On the list. Worst Offender Alert.
>
>RATS-NoPtr - Not on the list.
>
>RATS-Spam - Not on the list.
>
>RATS-Auth - Not on the list.
>Alert: Your IP is part of a network listed as a Worst Offender
>
>This is a Worst Offender Alert and this means that not only this IP
>address,
>but the whole class 'C' is also on the indicated SpamRats List.
>Usually this means the whole range has the same issue of naming
>conventions or
>no reverse DNS AND that many IP's from this Class C have been used in
>Spam Attacks,
>Dictionary attacks or other forms of attacks, as detected by Mail
>Servers in the
>Data Collection Grid. You will NOT be able to use the removal form to
>remove your
>IP Addresses. If you have recently been assigned the IP Addresses, or
>have changed
>what these IP Addresses are used for, you can use the contact form and
>ask for a
>reclassification, but you will have to provide full disclosure,
>including whois for
>the ip addresses, your affiliation with the company that owns them, and
>a description
>of what the IP's were previously used for, and what they will be used
>for, in order
>for a Spam Auditor to consider reclassification. Remember, the majority
>of the IP's
>in this space WERE detected as being involved in some form of attack or
>abusive
>behaviour, so you had better have a good reason to ask for removal, and
>you need to
>own or control the IP addresses, as evidenced by ARIN whois.
>
>-
>2nd IP is blacklisted on 7 lists.
>
>I'm sure they can quickly fix this too!
>
>Chris
>
>
>
>-- 
>You received this mail because you are subscribed to misc@opensmtpd.org
>To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Matt Schwartz
I'll say this, man. I really don't like Vultr. I just have a 150.00
credit to burn with them. Once that's done, I'll be making other
arrangements. My guess is you really did nothing wrong and Vultr's sys
admins are just lame.

On Wed, Dec 19, 2018 at 8:34 PM Chris Bennett
 wrote:
>
> On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote:
> > Poke vultr about it , if its not good, just switch provider ( openbsd 
> > amsterdam?))
> >
>
> They say it's my fault and that they have spent a tremendous amount of
> time trying to get me off of the blacklist. (exaggeration included on
> purpose).
>
> As you can see below, I guess it is all my fault.
> I'm just going to put the DNS records back to where they were before.
> What's the website for OpenBSD Amsterdam?
>
> Looks like I may just have to move my server from the USA to the not
> USA. Why is such a simple thing as a server so hard to get???
>
> Fun Fun Fun entered below:
> ---
> Information about 108.61.242.230
>
> Below is the information we have on record about 108.61.242.230
> Standards Compliance
>
> Does IP Address resolve to a reverse hostname... Passed!
>
> Does IP Address comply with reverse hostname naming convention... Passed!
> List Status
>
> RATS-Dyna - On the list. Worst Offender Alert.
>
> RATS-NoPtr - Not on the list.
>
> RATS-Spam - Not on the list.
>
> RATS-Auth - Not on the list.
> Alert: Your IP is part of a network listed as a Worst Offender
>
> This is a Worst Offender Alert and this means that not only this IP address,
> but the whole class 'C' is also on the indicated SpamRats List.
> Usually this means the whole range has the same issue of naming conventions or
> no reverse DNS AND that many IP's from this Class C have been used in Spam 
> Attacks,
> Dictionary attacks or other forms of attacks, as detected by Mail Servers in 
> the
> Data Collection Grid. You will NOT be able to use the removal form to remove 
> your
> IP Addresses. If you have recently been assigned the IP Addresses, or have 
> changed
> what these IP Addresses are used for, you can use the contact form and ask 
> for a
> reclassification, but you will have to provide full disclosure, including 
> whois for
> the ip addresses, your affiliation with the company that owns them, and a 
> description
> of what the IP's were previously used for, and what they will be used for, in 
> order
> for a Spam Auditor to consider reclassification. Remember, the majority of 
> the IP's
> in this space WERE detected as being involved in some form of attack or 
> abusive
> behaviour, so you had better have a good reason to ask for removal, and you 
> need to
> own or control the IP addresses, as evidenced by ARIN whois.
>
> -
> 2nd IP is blacklisted on 7 lists.
>
> I'm sure they can quickly fix this too!
>
> Chris
>
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote:
> Poke vultr about it , if its not good, just switch provider ( openbsd 
> amsterdam?))
> 

They say it's my fault and that they have spent a tremendous amount of
time trying to get me off of the blacklist. (exaggeration included on
purpose).

As you can see below, I guess it is all my fault.
I'm just going to put the DNS records back to where they were before.
What's the website for OpenBSD Amsterdam?

Looks like I may just have to move my server from the USA to the not
USA. Why is such a simple thing as a server so hard to get???

Fun Fun Fun entered below:
---
Information about 108.61.242.230

Below is the information we have on record about 108.61.242.230
Standards Compliance

Does IP Address resolve to a reverse hostname... Passed!

Does IP Address comply with reverse hostname naming convention... Passed!
List Status

RATS-Dyna - On the list. Worst Offender Alert.

RATS-NoPtr - Not on the list.

RATS-Spam - Not on the list.

RATS-Auth - Not on the list.
Alert: Your IP is part of a network listed as a Worst Offender

This is a Worst Offender Alert and this means that not only this IP address,
but the whole class 'C' is also on the indicated SpamRats List.
Usually this means the whole range has the same issue of naming conventions or
no reverse DNS AND that many IP's from this Class C have been used in Spam 
Attacks,
Dictionary attacks or other forms of attacks, as detected by Mail Servers in the
Data Collection Grid. You will NOT be able to use the removal form to remove 
your
IP Addresses. If you have recently been assigned the IP Addresses, or have 
changed
what these IP Addresses are used for, you can use the contact form and ask for a
reclassification, but you will have to provide full disclosure, including whois 
for
the ip addresses, your affiliation with the company that owns them, and a 
description
of what the IP's were previously used for, and what they will be used for, in 
order
for a Spam Auditor to consider reclassification. Remember, the majority of the 
IP's
in this space WERE detected as being involved in some form of attack or abusive
behaviour, so you had better have a good reason to ask for removal, and you 
need to
own or control the IP addresses, as evidenced by ARIN whois.

-
2nd IP is blacklisted on 7 lists.

I'm sure they can quickly fix this too!

Chris



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Flipchan
Poke vultr about it , if its not good, just switch provider ( openbsd 
amsterdam?))

On December 19, 2018 11:09:16 PM GMT+02:00, Chris Bennett 
 wrote:
>I was very happy with what I got for a baremetal server at Vultr.
>Unfortunately, even after getting a second IP that was not from the
>same
>range as the first one, all of these IP ranges, not single IP's, are
>blacklisted in the worst category.
>If you want a web/etc server, great.
>If you want anything to do with email, forget them.
>Shame. I need another baremetal that doesn't have Java KVM.
>Any recommendations?
>
>Thanks. Looks like anything related to Cloud may be a problem???
>
>Chris Bennett
>
>
>
>-- 
>You received this mail because you are subscribed to misc@opensmtpd.org
>To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Rule to prevent spam from my domain

2018-12-19 Thread Mik J
Hello,

I have wrote rules for my opensmtpd but some spams are passing through.

The ones that I go through have a source like em...@mydomain.org and are sent 
to i...@mydomain.org
I'm wondering if some of you have written this kind of rule ?

reject from source ! sender  for domain 

Regards


root privileges for smtpctl show stats

2018-12-19 Thread Mik J
Hello,

I can see that retriving the statistics requires root privileges

$ /usr/sbin/smtpctl show stats
smtpctl: need root privileges

But in my opinion some users should be able to retrieve these stats.
In my context, it's the snmpd process which tries to retrieve the stats.

Regards
  

Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 09:58:54PM +, Charles Collicutt wrote:
> On Wed, Dec 19, 2018 at 01:41:40PM -0800, Chris Bennett wrote:
> > On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> > > I’ve just checked mine and it’s 100% non-blacklisted, according to 
> > > mxtoolbox.
> > > And, so far, I don’t have any issues sending/receiving mail.
> > 
> > I really must have workable email and baremetal
> 
> Maybe it is a baremetal versus VPS thing? Like others here, I have been
> running a mail server on Vultr VPS for years without problems.
> 

I was wondering the same thing. Baremetal for them is new and maybe they
haven't worked out the bugs and procedures for that yet?

If that's the case, any suggestions on a good way to word the
conversation? I tend to come across as a bit rude by accident.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 04:46:17PM -0500, Implausibility wrote:
> Vultr specifically blocks mail-specific ports in an attempt to keep their 
> network free of spam.  You can ask them to enable eMail ports on your VMs, 
> 

Yes, I spoke to them about the problem before grabbing an additional IP
address. They said they would try to get the original IP un-blacklisted.
That did not happen, unfortunately.

They now also offer one model of bare metal, which is not a VM. I
specifically need a single dedicated server for what I am doing.
The work I'm doing is all situated inside of the USA, so something
locally oriented is a better choice for me.

My email ports are open, as I can send mail back and forth with my other
server.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Charles Collicutt
On Wed, Dec 19, 2018 at 01:41:40PM -0800, Chris Bennett wrote:
> On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> > I’ve just checked mine and it’s 100% non-blacklisted, according to 
> > mxtoolbox.
> > And, so far, I don’t have any issues sending/receiving mail.
> 
> I really must have workable email and baremetal

Maybe it is a baremetal versus VPS thing? Like others here, I have been
running a mail server on Vultr VPS for years without problems.

-- 
Charles

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Joel Carnat
I own a VPS located in France.

> Le 19 déc. 2018 à 22:41, Chris Bennett  a écrit 
> :
> 
> On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
>> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
>> And, so far, I don’t have any issues sending/receiving mail.
>> 
> 
> I really must have workable email and baremetal
> 
> Right now the second IP I requested is 45.76.27.230
> This is much worse than the first one I also have which is
> 108.61.242.230
> 
> I am using a server in Chicago. Where is yours located?
> Maybe the location is related?
> 
> Other than this problem, I am quite happy. If I can solve this, I will
> move off of my other server, which is stuck on crappy Java KVM.
> I don't have any problem with another location.
> 
> Chris Bennett
> 
> 



smime.p7s
Description: S/MIME cryptographic signature


Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Implausibility
Vultr specifically blocks mail-specific ports in an attempt to keep their 
network free of spam.  You can ask them to enable eMail ports on your VMs, 

> On Dec 19, 2018, at 4:09 PM, Chris Bennett  
> wrote:
> 
> I was very happy with what I got for a baremetal server at Vultr.
> Unfortunately, even after getting a second IP that was not from the same
> range as the first one, all of these IP ranges, not single IP's, are
> blacklisted in the worst category.
> If you want a web/etc server, great.
> If you want anything to do with email, forget them.
> Shame. I need another baremetal that doesn't have Java KVM.
> Any recommendations?
> 
> Thanks. Looks like anything related to Cloud may be a problem???
> 
> Chris Bennett
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
> And, so far, I don’t have any issues sending/receiving mail.
> 

I really must have workable email and baremetal
 
Right now the second IP I requested is 45.76.27.230
This is much worse than the first one I also have which is
108.61.242.230

I am using a server in Chicago. Where is yours located?
Maybe the location is related?

Other than this problem, I am quite happy. If I can solve this, I will
move off of my other server, which is stuck on crappy Java KVM.
I don't have any problem with another location.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Matt Schwartz
I don't have any issue either. One thing you could do is use a mail relay
service like Mailjet. I do this because they offer dkim and spf for free.

On Wed, Dec 19, 2018, 4:16 PM Joel Carnat  I’ve just checked mine and it’s 100% non-blacklisted, according to
> mxtoolbox.
> And, so far, I don’t have any issues sending/receiving mail.
>
> > Le 19 déc. 2018 à 22:09, Chris Bennett  a
> écrit :
> >
> > I was very happy with what I got for a baremetal server at Vultr.
> > Unfortunately, even after getting a second IP that was not from the same
> > range as the first one, all of these IP ranges, not single IP's, are
> > blacklisted in the worst category.
> > If you want a web/etc server, great.
> > If you want anything to do with email, forget them.
> > Shame. I need another baremetal that doesn't have Java KVM.
> > Any recommendations?
> >
> > Thanks. Looks like anything related to Cloud may be a problem???
> >
> > Chris Bennett
> >
> >
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
>


Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Joel Carnat
I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
And, so far, I don’t have any issues sending/receiving mail.

> Le 19 déc. 2018 à 22:09, Chris Bennett  a écrit 
> :
> 
> I was very happy with what I got for a baremetal server at Vultr.
> Unfortunately, even after getting a second IP that was not from the same
> range as the first one, all of these IP ranges, not single IP's, are
> blacklisted in the worst category.
> If you want a web/etc server, great.
> If you want anything to do with email, forget them.
> Shame. I need another baremetal that doesn't have Java KVM.
> Any recommendations?
> 
> Thanks. Looks like anything related to Cloud may be a problem???
> 
> Chris Bennett
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 



smime.p7s
Description: S/MIME cryptographic signature


Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
I was very happy with what I got for a baremetal server at Vultr.
Unfortunately, even after getting a second IP that was not from the same
range as the first one, all of these IP ranges, not single IP's, are
blacklisted in the worst category.
If you want a web/etc server, great.
If you want anything to do with email, forget them.
Shame. I need another baremetal that doesn't have Java KVM.
Any recommendations?

Thanks. Looks like anything related to Cloud may be a problem???

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: FAQ gone?

2018-12-19 Thread Gilles Chehade
On Wed, Dec 19, 2018 at 09:05:52AM +0100, Aham Brahmasmi wrote:
> Hi Gilles,
> 
> > On Wed, Dec 12, 2018 at 06:39:59PM +, mabi wrote:
> > > Hi,
> > > 
> > > I was wondering where did the FAQ section on the opensmtpd.org website 
> > > disappear?
> > > 
> > > It had useful setup examples with LMTP and Dovecot if I remember 
> > > correctly...
> > > 
> > 
> > The FAQ was inaccurate and no one step and committed to maintain it.
> > 
> > This resulted in people mailing me in private all the time to ask why an
> > example from the FAQ was not working for them.
> > 
> > Not opposed to having a FAQ but I can't be the one maintaining it and it
> > needs to be _actively_ maintained up-to-date, not just created once then
> > forgotten, otherwise this means additional work for me.
> 
> Would it be correct to say that the reason for the FAQ going out of
> sync with the code is the set of changes to the grammar?
> 

nope, the FAQ was removed before the grammar change.

grammar changes cause the FAQ to be out of sync but add-ons also cause
the FAQ to go out of sync, same for examples relying on other software
which may also have changes by themselves.

there was example of plugging with dkim-proxy, starting with 6.5 there
will be a better way to do it, if the FAQ isn't updated users will get
the old way of doing it. there was also an example of using a tool for
analyzing logs but log format changes, the example no longer works and
if FAQ is unmaintained, users get a broken setup.

an FAQ needs to be maintained, disregarding of how many changes happen
in smtpd, it is a living project by itself.


> If that is the case, I propose the following OpenSMTPD operating
> procedure:
> When the grammar changes start, hide the FAQ.
> Once the grammar changes are stabilized, update FAQ, unhide FAQ.
> 
> If I am not wrong, the new grammar is likely to persist for the
> foreseeable future. As such, once the new grammar stabilizes, the need
> for maintaining/rewriting the FAQ would be minimal.
> 
> To generalize even more:
> When wholesale breaking changes start, hide FAQ.
> When changes are stable, update FAQ, unhide FAQ.
> 
> An analogy would be svn lock and svn unlock once changes are committed.
> 

so who would do that ?
who would maintain the FAQ and take care of updating it ?


> This would balance the need to constantly update the FAQ with the
> usefulness of the FAQ in helping volks in getting started with
> OpenSMTPD.
> 

again, i'm not opposed to an FAQ, far from it.

i'm opposed to doing it myself because I don't have much spare time, and
i'd rather work on the code and man pages. i'm also opposed to having an
FAQ if we don't have an _active_ volunteer willing to maintain it, since
an inacurate FAQ lead users to ask me to troubleshoot their setup and it
distracts me from code.

if someone steps up to do the work, I will happily welcome the FAQ again
but it needs to be someone who commits to that work, not someone that'll
write the pages dump them once and disappear.


-- 
Gilles Chehade @poolpOrg

https://www.poolp.org tip me: https://paypal.me/poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: FAQ gone?

2018-12-19 Thread Aham Brahmasmi
Hi Gilles,

> On Wed, Dec 12, 2018 at 06:39:59PM +, mabi wrote:
> > Hi,
> > 
> > I was wondering where did the FAQ section on the opensmtpd.org website 
> > disappear?
> > 
> > It had useful setup examples with LMTP and Dovecot if I remember 
> > correctly...
> > 
> 
> The FAQ was inaccurate and no one step and committed to maintain it.
> 
> This resulted in people mailing me in private all the time to ask why an
> example from the FAQ was not working for them.
> 
> Not opposed to having a FAQ but I can't be the one maintaining it and it
> needs to be _actively_ maintained up-to-date, not just created once then
> forgotten, otherwise this means additional work for me.

Would it be correct to say that the reason for the FAQ going out of
sync with the code is the set of changes to the grammar?

If that is the case, I propose the following OpenSMTPD operating
procedure:
When the grammar changes start, hide the FAQ.
Once the grammar changes are stabilized, update FAQ, unhide FAQ.

If I am not wrong, the new grammar is likely to persist for the
foreseeable future. As such, once the new grammar stabilizes, the need
for maintaining/rewriting the FAQ would be minimal.

To generalize even more:
When wholesale breaking changes start, hide FAQ.
When changes are stable, update FAQ, unhide FAQ.

An analogy would be svn lock and svn unlock once changes are committed.

This would balance the need to constantly update the FAQ with the
usefulness of the FAQ in helping volks in getting started with
OpenSMTPD.

Dhanyavaad.

Regards,
ab
-|-|-|-|-|-|-|--

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org