Re: Docker build is failing

2019-10-10 Thread Edgar Pettijohn 
Kinda curious what the config.h looks like after you run configure.
On Oct 10, 2019 2:04 PM, Ihor Antonov  wrote:
>
> On Thu, 2019-10-10 at 14:46 -0400, Ihor Antonov wrote:
> > Docker build of portable branch is broken, and has been for a while
> > now. I discovered this while trying to test out Gilles' rspamd
> > plugin,
> > which requires latest 6.6 version
> > 
> > I am not a C developer, but from the error it a bit of googling it
> > looks like stuff from openbsd-compat/ is conflicting with some system
> > libraries. 
> > 
> > I did some bisecting and last good commit (in regards of Dockerfile
> > ) 
> > which was a while ago.
> > 
> > > Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707
> > > Author: Arthur Moore 
> > > Date:   Wed Feb 20 22:20:56 2019 -0500
> > > 
> > >    Add an automated test to check if TLS certificates work
> > > 
> > >    This should allow Docker Hub to act as a CI platform.
> > 
> > Github Actions CI seems to be working fine, but it uses ubuntu, not
> > alpine.  I am happy to help fix/troubleshoot this but I
> > need  guidance
> > from someone who knows C. I am also interested in building it for
> > Alpine as I need this for my future work.
> > 
> > ---
> > Ihor Antonov
> > 
>
> Forgot to include the link to github issue
> https://github.com/OpenSMTPD/OpenSMTPD/issues/944
>
>

Re: Docker build is failing

2019-10-10 Thread Ihor Antonov 
On Thu, 2019-10-10 at 14:46 -0400, Ihor Antonov wrote:
> Docker build of portable branch is broken, and has been for a while
> now. I discovered this while trying to test out Gilles' rspamd
> plugin,
> which requires latest 6.6 version
> 
> I am not a C developer, but from the error it a bit of googling it
> looks like stuff from openbsd-compat/ is conflicting with some system
> libraries. 
> 
> I did some bisecting and last good commit (in regards of Dockerfile
> ) 
> which was a while ago.
> 
> > Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707
> > Author: Arthur Moore 
> > Date:   Wed Feb 20 22:20:56 2019 -0500
> > 
> >Add an automated test to check if TLS certificates work
> > 
> >This should allow Docker Hub to act as a CI platform.
> 
> Github Actions CI seems to be working fine, but it uses ubuntu, not
> alpine.  I am happy to help fix/troubleshoot this but I
> need  guidance
> from someone who knows C. I am also interested in building it for
> Alpine as I need this for my future work.
> 
> ---
> Ihor Antonov
> 

Forgot to include the link to github issue
https://github.com/OpenSMTPD/OpenSMTPD/issues/944

Docker build is failing

2019-10-10 Thread Ihor Antonov 
Docker build of portable branch is broken, and has been for a while
now. I discovered this while trying to test out Gilles' rspamd plugin,
which requires latest 6.6 version

I am not a C developer, but from the error it a bit of googling it
looks like stuff from openbsd-compat/ is conflicting with some system
libraries. 

I did some bisecting and last good commit (in regards of Dockerfile ) 
which was a while ago.

> Commit 9f6b7cc1b14624f919a6a9d7ac5a2ded002b2707
> Author: Arthur Moore 
> Date:   Wed Feb 20 22:20:56 2019 -0500
>
>Add an automated test to check if TLS certificates work
>
>This should allow Docker Hub to act as a CI platform.

Github Actions CI seems to be working fine, but it uses ubuntu, not
alpine.  I am happy to help fix/troubleshoot this but I need  guidance
from someone who knows C. I am also interested in building it for
Alpine as I need this for my future work.

---
Ihor Antonov

Re: How can I integrate opensmtpd with opendkim?

2019-10-10 Thread Ihor Antonov 
On Thu, 2019-10-10 at 18:14 +0200, Martijn van Duren wrote:
> Hello Ihor,
> 
> I'm not sure if you want to sign or verify signatures.

Ideally I want both: sign my own outgoing emails and verify incoming
mails signatures too. Former is probably higher on my priority list.

> At the moment we have an API which allows us to write custom plugins 

Is there a good place to read the docs about the API?

> and
> I have written a dkim signer myself[0][1], but it's written
> specifically
> for OpenBSD and I haven't tested it on Linux (probably needs a few
> tweaks for that).
> 
> If you want something that does spamfiltering (including dkim verify)
> see Gilles' rspamd plugin[2] or Joerg's spamassassin plugin[3].

I will most certainly give it a try. 

> If you're lazy just wait a few weeks for OpenBSD 6.6 to be released,
> which will contain these filters in the package managers. If you
> want to stay on Linux see how far you get with compiling these
> codebases
> yourself and contact me once you need help (at least the dkimsign
> one).

Thanks a lot. I use Docker (+ Kubernetes) a lot in my setup and I am
not sure if OpanBSD has good alternatives, so for now I'd have to stick
with Linux.


> 
> [0] http://imperialat.at/dev/libopensmtpd/
> [1] http://imperialat.at/dev/filter-dkimsign/
> [2] https://github.com/poolpOrg/filter-rspamd/
> [3] https://www.umaxx.net

Re: How can I integrate opensmtpd with opendkim?

2019-10-10 Thread Martijn van Duren 
Hello Ihor,

On 10/10/19 5:39 PM, Ihor Antonov wrote:
> Hello everyone,
> 
> I am seriously thinking about replacing Postfix with OpenSMTPD on my
> Linux box (I am very attracted by configuration simplicity and
> security-mindedness of the project)
> 
Good.
> 
> So I found this issue on github where Gilles is redirecting a user's
> question to mailing list.
> 
> https://github.com/OpenSMTPD/OpenSMTPD/issues/733
> 
> Unfortunately I did not find any follow-ups on the subject. Is
> opensmtpd + opendkim possible? I know that there is new filter API
> released recently, is it something that can be used to achieve this> 
> Or maybe it is possible to write some sort of C plugin? (akin to table
> lookup API)
> 
> I am not looking for any other DKIM solutions (dkimproxy is abandoned,
> and as for p5-Mail-DKIM I don't want to introduce Perl into my setup)
> 
> I am very new to OpenSMTPD so I apologize for possibly  stupid
> questions.

I'm not sure if you want to sign or verify signatures.
At the moment we have an API which allows us to write custom plugins and
I have written a dkim signer myself[0][1], but it's written specifically
for OpenBSD and I haven't tested it on Linux (probably needs a few
tweaks for that).

If you want something that does spamfiltering (including dkim verify)
see Gilles' rspamd plugin[2] or Joerg's spamassassin plugin[3].

If you're lazy just wait a few weeks for OpenBSD 6.6 to be released,
which will contain these filters in the package managers. If you
want to stay on Linux see how far you get with compiling these codebases
yourself and contact me once you need help (at least the dkimsign one).
> 
> 
> Thanks
> 
> ---
> Ihor Antonov
> 
> 
martijn@

[0] http://imperialat.at/dev/libopensmtpd/
[1] http://imperialat.at/dev/filter-dkimsign/
[2] https://github.com/poolpOrg/filter-rspamd/
[3] https://www.umaxx.net

Disable greylisting on rspamd

2019-10-10 Thread Matt Schwartz 
Just a quick FYI on disabling rspamd's greylisting module. This is
something you will want to go if you run OpenBSD's spamd because it is
still the king of first line of defense against spam.

# /etc/rspamd/local.d/greylist.conf
enabled = false;

Then restart rspamd.

RE: How can I integrate opensmtpd with opendkim?

2019-10-10 Thread Ihor Antonov 
Hello everyone,

I am seriously thinking about replacing Postfix with OpenSMTPD on my
Linux box (I am very attracted by configuration simplicity and
security-mindedness of the project)


So I found this issue on github where Gilles is redirecting a user's
question to mailing list.

https://github.com/OpenSMTPD/OpenSMTPD/issues/733

Unfortunately I did not find any follow-ups on the subject. Is
opensmtpd + opendkim possible? I know that there is new filter API
released recently, is it something that can be used to achieve this

Or maybe it is possible to write some sort of C plugin? (akin to table
lookup API)

I am not looking for any other DKIM solutions (dkimproxy is abandoned,
and as for p5-Mail-DKIM I don't want to introduce Perl into my setup)

I am very new to OpenSMTPD so I apologize for possibly  stupid
questions.


Thanks

---
Ihor Antonov

Re: Repeated 421 try again later erros

2019-10-10 Thread gilles 
definitely rspamd given the message

October 9, 2019 10:41 PM, "Reio Remma" mailto:r...@mrstuudio.ee?to=%22Reio%20Remma%22%20)> wrote:
On 09.10.2019 23:13, Matt Schwartz wrote: Hello List,
I am getting a lot of repeated 421 try again later errors from various lists 
that I am a member of. There is one in particular that is coming from 
outbound.foodtecsolutions.com (http://outbound.foodtecsolutions.com). Here is 
an excerpt from my /var/log/maillog. I am running OpenBSD 6.6-current #344. 
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp connected 
address=52.201.148.113 host=outbound.foodtecsolutions.com 
(http://outbound.foodtecsolutions.com)
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp failed-command 
command="DATA" result="421 try again later"
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp disconnected 
reason=quit 
Below is my smtpd.conf file: 
pki "mail" cert "/etc/ssl/mail.crt" 
pki "mail" key "/etc/ssl/private/mail.key"

table aliases file:/etc/mail/aliases (javascript:false)
table credentials passwd:/etc/mail/credentials
table extras file:/etc/mail/extras (javascript:false)
table relays file:/etc/mail/relays (javascript:false)
table rejects file:/etc/mail/rejects (javascript:false)
table virtuals file:/etc/mail/virtuals (javascript:false)

filter check_rejects phase connect match rdns regex  
disconnect "554 Forbidden"
filter check_rdns phase connect match !rdns 
disconnect "554 No Reverse DNS Configured"
filter rspamd proc-exec "filter-rspamd"

listen on lo filter rspamd
listen on egress tls pki "mail" hostname "mail.goblackcat.com 
(http://mail.goblackcat.com)" 
filter {check_rejects, check_rdns, rspamd}
listen on egress port submission tls-require pki "mail" hostname 
"mail.goblackcat.com (http://mail.goblackcat.com)" 
auth  filter {check_rejects, check_rdns, rspamd}

action "local_mail" mbox alias 
action "virtual_mail" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk 
virtual 
action "outbound" relay

match for local action "local_mail"
match !from src  mail-from "@goblackcat.com (http://goblackcat.com)" 
reject
match from any for domain "goblackcat.com (http://goblackcat.com)" action 
"virtual_mail"
match auth from any for any action "outbound"
match for any action "outbound" 
I am out of ideas with which to troubleshoot. I am already running smtpd with 
-v switch for more verbosity. 
Thanks, 
Matt  
Greylisting at work?

Good luck,
Reio

Re: Repeated 421 try again later erros

2019-10-10 Thread gilles 
October 9, 2019 10:13 PM, "Matt Schwartz"  wrote:

> Hello List,
> 
> I am getting a lot of repeated 421 try again later errors from various lists 
> that I am a member of.
> There is one in particular that is coming from outbound.foodtecsolutions.com. 
> Here is an excerpt
> from my /var/log/maillog. I am running OpenBSD 6.6-current #344.
> 
> [...]
>
> filter rspamd proc-exec "filter-rspamd"
> 

filter rspamd does greylisting