Re: New release libopensmtpd and filter-dkimsign
On Thu, Jun 10, 2021 at 01:13:30PM +0200, Martijn van Duren wrote: > - libopensmtpd and filter-dkimsign should now be able to build on Debian > without problems and should appear in the testing release of Debian > soon(tm). I just uploaded libopensmtpd and filter-dkimsign to the Debian archives. They won't make it into testing any time soon (testing is frozen for the upcoming stable release), but they should be available in Debian unstable as soon as they make it through the NEW queue [0]. Meanwhile, if you are really eager to get the packages, you can build the binaries from the source packages. apt-get install debhelper devscripts mandoc libevent-dev libssl-dev dget https://rak.ac/~tmp/libopensmtpd_0.7-1.dsc && \ cd libopensmtpd-0.7 && \ dch -l '~local' 'local build' && \ dpkg-buildpackage -b && sudo debi dget https://rak.ac/~tmp/opensmtpd-filter-dkimsign_0.5-1.dsc && \ cd opensmtpd-filter-dkimsign-0.5 && \ dch -l '~local' 'local build' && \ dpkg-buildpackage -b && sudo debi Best, Ryan [0] https://ftp-master.debian.org/new.html -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A
Re: New release libopensmtpd and filter-dkimsign
On Thu, 2021-06-10 at 15:23 +0100, Simon Harrison wrote: > On Thu, 10 Jun 2021 13:13:30 +0200 > Martijn van Duren wrote: > > > EHLO, > > > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > > OpenBSD ports tree. These contains the following changes: > > > > libopensmtpd (0.7): > > - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT > > - Fix manpage: 0 is for outgoing connections, not 2. > > From Edgar Pettijohn pettijohn-web com> > > - Fix a spelling mistake. > > From Ryan Kavanagh debian org> > > - Major overhaul of the Makefile.gnu so that things properly build on > > Debian (not relevant for OpenBSD) > > With Ryan Kavanagh debian org> > > > > filter-dkimsign (0.5): > > - Add support for ed25519. This currently requires openssl1.1 > > libcrypto and is thus only enabled in an ed25519 flavor of the > > package. Lots of help from tb@ and sthen@ > > - Fix error handling in a couple of places > > - Fix an initialization issue > > Spotted by Maarten de Vries de-vri es> > > - Fix a couple of signedness warnings > > - Allow filter-dkimsign to be build on Debian (not relevant for > > OpenBSD) With Ryan Kavanagh debian org> > > > > The two major things: > > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have > > ed25519 signing yet it requires building against OpenSSL (I've only > > tested version 1.1). People on OpenBSD wanting to sign with ed25519 > > should intall the ed25519 flavor, which links against openssl's > > libcrypto. Note that in my testing many major mail platforms don't > > support ed25519 verifying, so continuing to sign with RSA in > > addition to ed25519 is still recommended. > > - libopensmtpd and filter-dkimsign should now be able to build on > > Debian without problems and should appear in the testing release of > > Debian soon(tm). This also means that other Linux distros should > > probably be able to compile and package them. If you run into issue > > please contact me so that things can be ironed out. > > > > For people who want to test filter-dkimsign on other platforms, the > > source can be downloaded at: > > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > > > martijn@ > > > > > > Hello again. I've got libopensmtpd and filter-dkimsign compiled and > installed successfully (I think) but something is wrong as no mail is > sent with the below config. According to > > https://dmarcly.com/tools/dkim-record-checker > > everything is fine DNS wise. > > I used the sample from > > https://openports.pl/path/mail/opensmtpd-filters/dkimsign > > Here is my /etc/smtpd.conf: > > # $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $ > > # This is the smtpd server system-wide configuration file. > # See smtpd.conf(5) for more information. > > table aliases file:/etc/aliases > > # To accept external mail, replace with: listen on all > # > listen on localhost > > action "local" maildir alias > action "relay" relay > > # Uncomment the following to accept external mail for domain > "example.org" # > # match from any for domain "example.org" action "local" > match for local action "local" > match from local for any action "relay" > > # Below is for filter-dkimsign > filter "dkimsign" proc-exec "filter-dkimsign -d -s -k Missing domain and selector argument ^^ > /mail/dkim/b0x.key" user _dkimsign group _dkimsign listen on localhost > filter "dkimsign" > > I'm wondered if the user and group might be the issue so commented them > out, but that didn't help. The private key must be readable by the user under which the filter is being executed. So if your permissions on /mail/dkim/b0x.key is not in accordance with the user/group from your filter line it won't work. > > Do I need to create a _dkimsign user and group? Any help appreciated. I > feel so close now. I've tried rspamd and dkimproxy but they both use > about 200MB on my server which seems somewhat heavy. In most cases of misconfiguring the filter smtpd will crash immediately after startup. What does your mail.log say (search for the name of the filter as specified in your smtpd.conf).
Re: New release libopensmtpd and filter-dkimsign
On Thu, 10 Jun 2021 13:13:30 +0200 Martijn van Duren wrote: > EHLO, > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > OpenBSD ports tree. These contains the following changes: > > libopensmtpd (0.7): > - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT > - Fix manpage: 0 is for outgoing connections, not 2. > From Edgar Pettijohn pettijohn-web com> > - Fix a spelling mistake. > From Ryan Kavanagh debian org> > - Major overhaul of the Makefile.gnu so that things properly build on > Debian (not relevant for OpenBSD) > With Ryan Kavanagh debian org> > > filter-dkimsign (0.5): > - Add support for ed25519. This currently requires openssl1.1 > libcrypto and is thus only enabled in an ed25519 flavor of the > package. Lots of help from tb@ and sthen@ > - Fix error handling in a couple of places > - Fix an initialization issue > Spotted by Maarten de Vries de-vri es> > - Fix a couple of signedness warnings > - Allow filter-dkimsign to be build on Debian (not relevant for > OpenBSD) With Ryan Kavanagh debian org> > > The two major things: > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have > ed25519 signing yet it requires building against OpenSSL (I've only > tested version 1.1). People on OpenBSD wanting to sign with ed25519 > should intall the ed25519 flavor, which links against openssl's > libcrypto. Note that in my testing many major mail platforms don't > support ed25519 verifying, so continuing to sign with RSA in > addition to ed25519 is still recommended. > - libopensmtpd and filter-dkimsign should now be able to build on > Debian without problems and should appear in the testing release of > Debian soon(tm). This also means that other Linux distros should > probably be able to compile and package them. If you run into issue > please contact me so that things can be ironed out. > > For people who want to test filter-dkimsign on other platforms, the > source can be downloaded at: > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > martijn@ > > Hello again. I've got libopensmtpd and filter-dkimsign compiled and installed successfully (I think) but something is wrong as no mail is sent with the below config. According to https://dmarcly.com/tools/dkim-record-checker everything is fine DNS wise. I used the sample from https://openports.pl/path/mail/opensmtpd-filters/dkimsign Here is my /etc/smtpd.conf: # $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. table aliases file:/etc/aliases # To accept external mail, replace with: listen on all # listen on localhost action "local" maildir alias action "relay" relay # Uncomment the following to accept external mail for domain "example.org" # # match from any for domain "example.org" action "local" match for local action "local" match from local for any action "relay" # Below is for filter-dkimsign filter "dkimsign" proc-exec "filter-dkimsign -d -s -k /mail/dkim/b0x.key" user _dkimsign group _dkimsign listen on localhost filter "dkimsign" I'm wondered if the user and group might be the issue so commented them out, but that didn't help. Do I need to create a _dkimsign user and group? Any help appreciated. I feel so close now. I've tried rspamd and dkimproxy but they both use about 200MB on my server which seems somewhat heavy. -- Web: https://simonh.uk Email: m...@simonh.uk
Re: New release libopensmtpd and filter-dkimsign
On Thu, 10 Jun 2021 13:52:33 +0200 Martijn van Duren wrote: > On Thu, 2021-06-10 at 12:35 +0100, Simon Harrison wrote: > > On Thu, 10 Jun 2021 13:13:30 +0200 > > Martijn van Duren wrote: > > > > > EHLO, > > > > > > I just pushed a new release of libopensmtpd and filter-dkimsign > > > to the OpenBSD ports tree. These contains the following changes: > > > > > > libopensmtpd (0.7): > > > - Registering OSMTPD_PHASE_LINK_CONNECT should be > > > OSMTPD_TYPE_REPORT > > > - Fix manpage: 0 is for outgoing connections, not 2. > > > From Edgar Pettijohn pettijohn-web com> > > > - Fix a spelling mistake. > > > From Ryan Kavanagh debian org> > > > - Major overhaul of the Makefile.gnu so that things properly > > > build on Debian (not relevant for OpenBSD) > > > With Ryan Kavanagh debian org> > > > > > > filter-dkimsign (0.5): > > > - Add support for ed25519. This currently requires openssl1.1 > > > libcrypto and is thus only enabled in an ed25519 flavor of the > > > package. Lots of help from tb@ and sthen@ > > > - Fix error handling in a couple of places > > > - Fix an initialization issue > > > Spotted by Maarten de Vries de-vri es> > > > - Fix a couple of signedness warnings > > > - Allow filter-dkimsign to be build on Debian (not relevant for > > > OpenBSD) With Ryan Kavanagh debian org> > > > > > > The two major things: > > > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't > > > have ed25519 signing yet it requires building against OpenSSL > > > (I've only tested version 1.1). People on OpenBSD wanting to sign > > > with ed25519 should intall the ed25519 flavor, which links > > > against openssl's libcrypto. Note that in my testing many major > > > mail platforms don't support ed25519 verifying, so continuing to > > > sign with RSA in addition to ed25519 is still recommended. > > > - libopensmtpd and filter-dkimsign should now be able to build on > > > Debian without problems and should appear in the testing release > > > of Debian soon(tm). This also means that other Linux distros > > > should probably be able to compile and package them. If you run > > > into issue please contact me so that things can be ironed out. > > > > > > For people who want to test filter-dkimsign on other platforms, > > > the source can be downloaded at: > > > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > > > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > > > > > martijn@ > > > > > > > > > > Hello. Just tried compiling on MX Linux 19.4 (Debian 10) and get > > this error: > > > > $ make -f Makefile.gnu > > cc -I/home/simon/src/libopensmtpd-0.7/ > > -I/home/simon/src/libopensmtpd-0.7//openbsd-compat/ -Wall > > -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations > > -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare -fPIC > > -DNEED_RECALLOCARRAY=1 -DNEED_STRLCAT=1 -DNEED_STRLCPY=1 > > -DNEED_STRTONUM=1 -c -o opensmtpd.o opensmtpd.c opensmtpd.c:27:10: > > fatal error: event.h: No such file or directory #include > > ^ compilation terminated. make: *** [: opensmtpd.o] > > Error 1 > > > > > > > You're missing the libevent-dev. > > When I get a header missing error I usually go to: > https://packages.debian.org and search via > "Search the contents of packages" for that particular file. > > > That was it. Also need to have libssl-dev installed for filter-dkim. Thanks for the help. -- Web: https://simonh.uk Email: m...@simonh.uk
Re: New release libopensmtpd and filter-dkimsign
On Thu, 2021-06-10 at 12:35 +0100, Simon Harrison wrote: > On Thu, 10 Jun 2021 13:13:30 +0200 > Martijn van Duren wrote: > > > EHLO, > > > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > > OpenBSD ports tree. These contains the following changes: > > > > libopensmtpd (0.7): > > - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT > > - Fix manpage: 0 is for outgoing connections, not 2. > > From Edgar Pettijohn pettijohn-web com> > > - Fix a spelling mistake. > > From Ryan Kavanagh debian org> > > - Major overhaul of the Makefile.gnu so that things properly build on > > Debian (not relevant for OpenBSD) > > With Ryan Kavanagh debian org> > > > > filter-dkimsign (0.5): > > - Add support for ed25519. This currently requires openssl1.1 > > libcrypto and is thus only enabled in an ed25519 flavor of the > > package. Lots of help from tb@ and sthen@ > > - Fix error handling in a couple of places > > - Fix an initialization issue > > Spotted by Maarten de Vries de-vri es> > > - Fix a couple of signedness warnings > > - Allow filter-dkimsign to be build on Debian (not relevant for > > OpenBSD) With Ryan Kavanagh debian org> > > > > The two major things: > > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have > > ed25519 signing yet it requires building against OpenSSL (I've only > > tested version 1.1). People on OpenBSD wanting to sign with ed25519 > > should intall the ed25519 flavor, which links against openssl's > > libcrypto. Note that in my testing many major mail platforms don't > > support ed25519 verifying, so continuing to sign with RSA in > > addition to ed25519 is still recommended. > > - libopensmtpd and filter-dkimsign should now be able to build on > > Debian without problems and should appear in the testing release of > > Debian soon(tm). This also means that other Linux distros should > > probably be able to compile and package them. If you run into issue > > please contact me so that things can be ironed out. > > > > For people who want to test filter-dkimsign on other platforms, the > > source can be downloaded at: > > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > > > martijn@ > > > > > > Hello. Just tried compiling on MX Linux 19.4 (Debian 10) and get this > error: > > $ make -f Makefile.gnu > cc -I/home/simon/src/libopensmtpd-0.7/ > -I/home/simon/src/libopensmtpd-0.7//openbsd-compat/ -Wall > -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations > -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare -fPIC > -DNEED_RECALLOCARRAY=1 -DNEED_STRLCAT=1 -DNEED_STRLCPY=1 > -DNEED_STRTONUM=1 -c -o opensmtpd.o opensmtpd.c opensmtpd.c:27:10: > fatal error: event.h: No such file or directory #include > ^ compilation terminated. make: *** [: opensmtpd.o] > Error 1 > > > You're missing the libevent-dev. When I get a header missing error I usually go to: https://packages.debian.org and search via "Search the contents of packages" for that particular file.
Re: New release libopensmtpd and filter-dkimsign
On 10.06.2021 14:35, Simon Harrison wrote: Hello. Just tried compiling on MX Linux 19.4 (Debian 10) and get this error: $ make -f Makefile.gnu cc -I/home/simon/src/libopensmtpd-0.7/ -I/home/simon/src/libopensmtpd-0.7//openbsd-compat/ -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare -fPIC -DNEED_RECALLOCARRAY=1 -DNEED_STRLCAT=1 -DNEED_STRLCPY=1 -DNEED_STRTONUM=1 -c -o opensmtpd.o opensmtpd.c opensmtpd.c:27:10: fatal error: event.h: No such file or directory #include ^ compilation terminated. make: *** [: opensmtpd.o] Error 1 Hello! I suspect it needs event.h from libevent. Good luck! Reio
Re: New release libopensmtpd and filter-dkimsign
On Thu, 10 Jun 2021 13:13:30 +0200 Martijn van Duren wrote: > EHLO, > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > OpenBSD ports tree. These contains the following changes: > > libopensmtpd (0.7): > - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT > - Fix manpage: 0 is for outgoing connections, not 2. > From Edgar Pettijohn pettijohn-web com> > - Fix a spelling mistake. > From Ryan Kavanagh debian org> > - Major overhaul of the Makefile.gnu so that things properly build on > Debian (not relevant for OpenBSD) > With Ryan Kavanagh debian org> > > filter-dkimsign (0.5): > - Add support for ed25519. This currently requires openssl1.1 > libcrypto and is thus only enabled in an ed25519 flavor of the > package. Lots of help from tb@ and sthen@ > - Fix error handling in a couple of places > - Fix an initialization issue > Spotted by Maarten de Vries de-vri es> > - Fix a couple of signedness warnings > - Allow filter-dkimsign to be build on Debian (not relevant for > OpenBSD) With Ryan Kavanagh debian org> > > The two major things: > - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have > ed25519 signing yet it requires building against OpenSSL (I've only > tested version 1.1). People on OpenBSD wanting to sign with ed25519 > should intall the ed25519 flavor, which links against openssl's > libcrypto. Note that in my testing many major mail platforms don't > support ed25519 verifying, so continuing to sign with RSA in > addition to ed25519 is still recommended. > - libopensmtpd and filter-dkimsign should now be able to build on > Debian without problems and should appear in the testing release of > Debian soon(tm). This also means that other Linux distros should > probably be able to compile and package them. If you run into issue > please contact me so that things can be ironed out. > > For people who want to test filter-dkimsign on other platforms, the > source can be downloaded at: > https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz > https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz > > martijn@ > > Hello. Just tried compiling on MX Linux 19.4 (Debian 10) and get this error: $ make -f Makefile.gnu cc -I/home/simon/src/libopensmtpd-0.7/ -I/home/simon/src/libopensmtpd-0.7//openbsd-compat/ -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare -fPIC -DNEED_RECALLOCARRAY=1 -DNEED_STRLCAT=1 -DNEED_STRLCPY=1 -DNEED_STRTONUM=1 -c -o opensmtpd.o opensmtpd.c opensmtpd.c:27:10: fatal error: event.h: No such file or directory #include ^ compilation terminated. make: *** [: opensmtpd.o] Error 1 -- Web: https://simonh.uk Email: m...@simonh.uk
New release libopensmtpd and filter-dkimsign
EHLO, I just pushed a new release of libopensmtpd and filter-dkimsign to the OpenBSD ports tree. These contains the following changes: libopensmtpd (0.7): - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT - Fix manpage: 0 is for outgoing connections, not 2. From Edgar Pettijohn pettijohn-web com> - Fix a spelling mistake. From Ryan Kavanagh debian org> - Major overhaul of the Makefile.gnu so that things properly build on Debian (not relevant for OpenBSD) With Ryan Kavanagh debian org> filter-dkimsign (0.5): - Add support for ed25519. This currently requires openssl1.1 libcrypto and is thus only enabled in an ed25519 flavor of the package. Lots of help from tb@ and sthen@ - Fix error handling in a couple of places - Fix an initialization issue Spotted by Maarten de Vries de-vri es> - Fix a couple of signedness warnings - Allow filter-dkimsign to be build on Debian (not relevant for OpenBSD) With Ryan Kavanagh debian org> The two major things: - filter-dkimsign now supports ed25519. Since LibreSSL doesn't have ed25519 signing yet it requires building against OpenSSL (I've only tested version 1.1). People on OpenBSD wanting to sign with ed25519 should intall the ed25519 flavor, which links against openssl's libcrypto. Note that in my testing many major mail platforms don't support ed25519 verifying, so continuing to sign with RSA in addition to ed25519 is still recommended. - libopensmtpd and filter-dkimsign should now be able to build on Debian without problems and should appear in the testing release of Debian soon(tm). This also means that other Linux distros should probably be able to compile and package them. If you run into issue please contact me so that things can be ironed out. For people who want to test filter-dkimsign on other platforms, the source can be downloaded at: https://distfiles.sigtrap.nl/libopensmtpd-0.7.tar.gz https://distfiles.sigtrap.nl/filter-dkimsign-0.5.tar.gz martijn@
