Re: Docker build is failing
Kinda curious what the config.h looks like after you run configure. On Oct 10, 2019 2:04 PM, Ihor Antonov wrote: > > On Thu, 2019-10-10 at 14:46 -0400, Ihor Antonov wrote: > > Docker build of portable branch is broken, and has been for a while > > now. I discovered this while trying to test out Gilles' rspamd > > plugin, > > which requires latest 6.6 version > > > > I am not a C developer, but from the error it a bit of googling it > > looks like stuff from openbsd-compat/ is conflicting with some system > > libraries. > > > > I did some bisecting and last good commit (in regards of Dockerfile > > ) > > which was a while ago. > > > > > Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707 > > > Author: Arthur Moore > > > Date: Wed Feb 20 22:20:56 2019 -0500 > > > > > > Add an automated test to check if TLS certificates work > > > > > > This should allow Docker Hub to act as a CI platform. > > > > Github Actions CI seems to be working fine, but it uses ubuntu, not > > alpine. I am happy to help fix/troubleshoot this but I > > need guidance > > from someone who knows C. I am also interested in building it for > > Alpine as I need this for my future work. > > > > --- > > Ihor Antonov > > > > Forgot to include the link to github issue > https://github.com/OpenSMTPD/OpenSMTPD/issues/944 > >
Re: Docker build is failing
On Thu, 2019-10-10 at 14:46 -0400, Ihor Antonov wrote: > Docker build of portable branch is broken, and has been for a while > now. I discovered this while trying to test out Gilles' rspamd > plugin, > which requires latest 6.6 version > > I am not a C developer, but from the error it a bit of googling it > looks like stuff from openbsd-compat/ is conflicting with some system > libraries. > > I did some bisecting and last good commit (in regards of Dockerfile > ) > which was a while ago. > > > Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707 > > Author: Arthur Moore > > Date: Wed Feb 20 22:20:56 2019 -0500 > > > >Add an automated test to check if TLS certificates work > > > >This should allow Docker Hub to act as a CI platform. > > Github Actions CI seems to be working fine, but it uses ubuntu, not > alpine. I am happy to help fix/troubleshoot this but I > need guidance > from someone who knows C. I am also interested in building it for > Alpine as I need this for my future work. > > --- > Ihor Antonov > Forgot to include the link to github issue https://github.com/OpenSMTPD/OpenSMTPD/issues/944
Docker build is failing
Docker build of portable branch is broken, and has been for a while now. I discovered this while trying to test out Gilles' rspamd plugin, which requires latest 6.6 version I am not a C developer, but from the error it a bit of googling it looks like stuff from openbsd-compat/ is conflicting with some system libraries. I did some bisecting and last good commit (in regards of Dockerfile ) which was a while ago. > Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707 > Author: Arthur Moore > Date: Wed Feb 20 22:20:56 2019 -0500 > >Add an automated test to check if TLS certificates work > >This should allow Docker Hub to act as a CI platform. Github Actions CI seems to be working fine, but it uses ubuntu, not alpine. I am happy to help fix/troubleshoot this but I need guidance from someone who knows C. I am also interested in building it for Alpine as I need this for my future work. --- Ihor Antonov
Re: How can I integrate opensmtpd with opendkim?
On Thu, 2019-10-10 at 18:14 +0200, Martijn van Duren wrote: > Hello Ihor, > > I'm not sure if you want to sign or verify signatures. Ideally I want both: sign my own outgoing emails and verify incoming mails signatures too. Former is probably higher on my priority list. > At the moment we have an API which allows us to write custom plugins Is there a good place to read the docs about the API? > and > I have written a dkim signer myself[0][1], but it's written > specifically > for OpenBSD and I haven't tested it on Linux (probably needs a few > tweaks for that). > > If you want something that does spamfiltering (including dkim verify) > see Gilles' rspamd plugin[2] or Joerg's spamassassin plugin[3]. I will most certainly give it a try. > If you're lazy just wait a few weeks for OpenBSD 6.6 to be released, > which will contain these filters in the package managers. If you > want to stay on Linux see how far you get with compiling these > codebases > yourself and contact me once you need help (at least the dkimsign > one). Thanks a lot. I use Docker (+ Kubernetes) a lot in my setup and I am not sure if OpanBSD has good alternatives, so for now I'd have to stick with Linux. > > [0] http://imperialat.at/dev/libopensmtpd/ > [1] http://imperialat.at/dev/filter-dkimsign/ > [2] https://github.com/poolpOrg/filter-rspamd/ > [3] https://www.umaxx.net
Re: How can I integrate opensmtpd with opendkim?
Hello Ihor, On 10/10/19 5:39 PM, Ihor Antonov wrote: > Hello everyone, > > I am seriously thinking about replacing Postfix with OpenSMTPD on my > Linux box (I am very attracted by configuration simplicity and > security-mindedness of the project) > Good. > > So I found this issue on github where Gilles is redirecting a user's > question to mailing list. > > https://github.com/OpenSMTPD/OpenSMTPD/issues/733 > > Unfortunately I did not find any follow-ups on the subject. Is > opensmtpd + opendkim possible? I know that there is new filter API > released recently, is it something that can be used to achieve this> > Or maybe it is possible to write some sort of C plugin? (akin to table > lookup API) > > I am not looking for any other DKIM solutions (dkimproxy is abandoned, > and as for p5-Mail-DKIM I don't want to introduce Perl into my setup) > > I am very new to OpenSMTPD so I apologize for possibly stupid > questions. I'm not sure if you want to sign or verify signatures. At the moment we have an API which allows us to write custom plugins and I have written a dkim signer myself[0][1], but it's written specifically for OpenBSD and I haven't tested it on Linux (probably needs a few tweaks for that). If you want something that does spamfiltering (including dkim verify) see Gilles' rspamd plugin[2] or Joerg's spamassassin plugin[3]. If you're lazy just wait a few weeks for OpenBSD 6.6 to be released, which will contain these filters in the package managers. If you want to stay on Linux see how far you get with compiling these codebases yourself and contact me once you need help (at least the dkimsign one). > > > Thanks > > --- > Ihor Antonov > > martijn@ [0] http://imperialat.at/dev/libopensmtpd/ [1] http://imperialat.at/dev/filter-dkimsign/ [2] https://github.com/poolpOrg/filter-rspamd/ [3] https://www.umaxx.net
Disable greylisting on rspamd
Just a quick FYI on disabling rspamd's greylisting module. This is something you will want to go if you run OpenBSD's spamd because it is still the king of first line of defense against spam. # /etc/rspamd/local.d/greylist.conf enabled = false; Then restart rspamd.
RE: How can I integrate opensmtpd with opendkim?
Hello everyone, I am seriously thinking about replacing Postfix with OpenSMTPD on my Linux box (I am very attracted by configuration simplicity and security-mindedness of the project) So I found this issue on github where Gilles is redirecting a user's question to mailing list. https://github.com/OpenSMTPD/OpenSMTPD/issues/733 Unfortunately I did not find any follow-ups on the subject. Is opensmtpd + opendkim possible? I know that there is new filter API released recently, is it something that can be used to achieve this Or maybe it is possible to write some sort of C plugin? (akin to table lookup API) I am not looking for any other DKIM solutions (dkimproxy is abandoned, and as for p5-Mail-DKIM I don't want to introduce Perl into my setup) I am very new to OpenSMTPD so I apologize for possibly stupid questions. Thanks --- Ihor Antonov
Re: Repeated 421 try again later erros
definitely rspamd given the message October 9, 2019 10:41 PM, "Reio Remma" mailto:r...@mrstuudio.ee?to=%22Reio%20Remma%22%20)> wrote: On 09.10.2019 23:13, Matt Schwartz wrote: Hello List, I am getting a lot of repeated 421 try again later errors from various lists that I am a member of. There is one in particular that is coming from outbound.foodtecsolutions.com (http://outbound.foodtecsolutions.com). Here is an excerpt from my /var/log/maillog. I am running OpenBSD 6.6-current #344. Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp connected address=52.201.148.113 host=outbound.foodtecsolutions.com (http://outbound.foodtecsolutions.com) Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp failed-command command="DATA" result="421 try again later" Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp disconnected reason=quit Below is my smtpd.conf file: pki "mail" cert "/etc/ssl/mail.crt" pki "mail" key "/etc/ssl/private/mail.key" table aliases file:/etc/mail/aliases (javascript:false) table credentials passwd:/etc/mail/credentials table extras file:/etc/mail/extras (javascript:false) table relays file:/etc/mail/relays (javascript:false) table rejects file:/etc/mail/rejects (javascript:false) table virtuals file:/etc/mail/virtuals (javascript:false) filter check_rejects phase connect match rdns regex disconnect "554 Forbidden" filter check_rdns phase connect match !rdns disconnect "554 No Reverse DNS Configured" filter rspamd proc-exec "filter-rspamd" listen on lo filter rspamd listen on egress tls pki "mail" hostname "mail.goblackcat.com (http://mail.goblackcat.com)" filter {check_rejects, check_rdns, rspamd} listen on egress port submission tls-require pki "mail" hostname "mail.goblackcat.com (http://mail.goblackcat.com)" auth filter {check_rejects, check_rdns, rspamd} action "local_mail" mbox alias action "virtual_mail" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk virtual action "outbound" relay match for local action "local_mail" match !from src mail-from "@goblackcat.com (http://goblackcat.com)" reject match from any for domain "goblackcat.com (http://goblackcat.com)" action "virtual_mail" match auth from any for any action "outbound" match for any action "outbound" I am out of ideas with which to troubleshoot. I am already running smtpd with -v switch for more verbosity. Thanks, Matt Greylisting at work? Good luck, Reio
Re: Repeated 421 try again later erros
October 9, 2019 10:13 PM, "Matt Schwartz" wrote: > Hello List, > > I am getting a lot of repeated 421 try again later errors from various lists > that I am a member of. > There is one in particular that is coming from outbound.foodtecsolutions.com. > Here is an excerpt > from my /var/log/maillog. I am running OpenBSD 6.6-current #344. > > [...] > > filter rspamd proc-exec "filter-rspamd" > filter rspamd does greylisting