Confused about results of changing hostname of server on delivery works or rejected

2020-10-16 Thread Chris Bennett
Hi!

I've made changes to work off of virtual users with IMAP to dovecot.
All of that works great.

But I haven't been able to get auth to work yet, so I'm just sending
through smtpd from the server that contains the mail or mx domains and
also some of the regular domains also.

Delivery is sorta working.
I have been able to get delivery to work properly now only by changing
to a mail. hostname and the same in /etc/myname. The server's primary IP
is a non mail IP, the rest are IP aliases.

However, something strange is happening that I don't understand.
My subscription to neomutt-users wasn't working all of a sudden.
After changing the email and contacting the list owner, he was able to
approve the current situation and sending and receiving from the list
worked.
Then I changed the hostname to a different mail. and delivery was once
again blocked by policy of the mailing list.

(I'll also mention that using the shithole table totally failed until I
moved the match for it way up to where it is now, so I think I'm really
having problems also with ordering match rules.)

What is happening here? How can I see what is going on?
I can send anything else helpful, just ask.
Thanks for any help.
Chris Bennett

The main IP address here is:


172.107.198.226 cowboyup.xyz
172.107.198.227 no-seas-necio.ninja
172.107.198.228 consulting-diy-construction.com
172.107.198.229 mail.consulting-diy-construction.com
172.107.198.230 mx.no-seas-necio.ninja
172.107.198.231 mail.freedomforlife.rocks
172.107.198.232 mail.bennettconstruction.us
172.107.198.233 bennettconstruction.us
172.107.198.234 capuchado.com
172.107.198.235 strengthcouragewisdom.rocks

/etc/hosts


127.0.0.1   localhost
::1 localhost

172.107.198.226 cowboyup.xyz cowboyup
172.107.198.227 no-seas-necio.ninja no-seas-necio
172.107.198.228 consulting-diy-construction.com
172.107.198.229 mail.consulting-diy-construction.com
172.107.198.230 mx.no-seas-necio.ninja
172.107.198.231 mail.freedomforlife.rocks
172.107.198.232 mail.bennettconstruction.us
172.107.198.233 bennettconstruction.us
172.107.198.234 capuchado.com
172.107.198.235 strengthcouragewisdom.rocks

/etc/mail/smtpd.conf


#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# TABLES ##

table aliases file:/etc/mail/aliases
table vdomains file:/etc/mail/vdomains
table vusers file:/etc/mail/vusers
table passwd file:/etc/mail/passwd
table vaddr file:/etc/mail/vaddr
table addrnames file:/etc/mail/addrnames
table shithole { "@your.riteaid.com", "@abacusnext.com", "@immo-eden.com", 
"@cofferman.net", \
  "@cmitsolutions.com", "@mail-seruices.cf", "@advantrack.com", 
"@e.officedepot.com", \
  "@bts-tx.com", "@protectivesupplyplus.com", "@cointelegraph.com", 
"@jets.com", \
  "@digitalluxuryagency.com", "@abbeywealth-news.com", 
"@findrussianbuyers.ru", \
  "@summitshirts.net", "@bookkeepingandfinancials.com", 
"@phsmobilesolutions.com", \
  "@inquiry.haizol.com", "@info.geappliances.com", "@planhub.com", 
"@refundguide.io" }

## PKI 

pki mail.consulting-diy-construction.com cert 
"/etc/ssl/mail.consulting-diy-construction.com.fullchain.pem"
pki mail.consulting-diy-construction.com key 
"/etc/ssl/private/mail.consulting-diy-construction.com.key"

pki mx.no-seas-necio.ninja cert "/etc/ssl/mx.no-seas-necio.ninja.fullchain.pem"
pki mx.no-seas-necio.ninja key "/etc/ssl/private/mx.no-seas-necio.ninja.key"

pki mail.freedomforlife.rocks cert 
"/etc/ssl/mail.freedomforlife.rocks.fullchain.pem"
pki mail.freedomforlife.rocks key 
"/etc/ssl/private/mail.freedomforlife.rocks.key"

pki mail.bennettconstruction.us cert "/etc/ssl/mail.bennettconstruction.us.crt"
pki mail.bennettconstruction.us key 
"/etc/ssl/private/mail.bennettconstruction.us.key"


# FILTERS AND FILTER CHAINS ###

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', 
'.*\.dsl\..*' } \
 disconnect "550 no residential connections"

filter check_rdns phase connect match !rdns \
 disconnect "550 no rDNS is so 80s"

filter check_fcrdns phase connect match !fcrdns \
 disconnect "550 no FCrDNS is so 80s"

filter senderscore \
 proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 
5000"

filter c01 chain { che

Re: Single PR or many smaller PRs?

2020-10-15 Thread Chris Bennett
On Thu, Oct 15, 2020 at 01:14:00PM -0400, Demi M. Obenour wrote:
> On 10/15/20 12:05 PM, Joerg Jung wrote:
> > As mentioned by Gilles earlier, please send them as unified diffs 
> > to t...@openbsd.org <mailto:t...@openbsd.org> if you want to have them 
> > reviewed.
> 
> My branch is based on the portable branch.  Do I need to rebase off
> of the OpenBSD repository first?
> 
> Demi

Your diff's must come off of src for OpenBSD -current and you must also
be running the latest and constantly moving -current.
See the FAQ on https://www.openbsd.org

Git is not relevant for this work.

Thanks for your work.

Chris Bennett





Re: Unable to remove mail from queue

2020-05-31 Thread Chris Bennett
On Sun, May 31, 2020 at 05:24:18PM +0200, Mischa Peters wrote:
> Hi All,
> 
> I just noticed something strange on one of my mailservers running OpenSMTPd 
> 6.7.0p1  (OpenBSD 6.7).
> The mailserver was trying to deliver a spam mailbounce to fedex, it kept 
> failing so I removed it from the queue.
> The logs kept showing it was being delivered, eventhough nothing was showing 
> in the queue.
> After a restart of smtpd the message did show up in the queue again. 
> 
> root@smtp1:~ # smtpctl show queue
> cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937323|0|inflight|99|
> 
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove 
> cd9b0933db878954
> 1 envelope removed
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove 
> cd9b0933db878954
> 0 envelope removed
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la
> total 52
> drwx--  2 _smtpq  wheel512 May 28 16:26 .
> drwx--  3 _smtpq  wheel512 May 30 20:49 ..
> -rw---  1 _smtpq  wheel316 May 28 16:26 cd9b0933db878954
> -rw---  1 _smtpq  wheel  19296 May 28 16:26 message
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # rcctl restart smtpd
> smtpd(ok)
> smtpd(ok)
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue
> cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937456|0|inflight|1|
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la
> total 52
> drwx--  2 _smtpq  wheel512 May 28 16:26 .
> drwx--  3 _smtpq  wheel512 May 30 20:49 ..
> -rw---  1 _smtpq  wheel316 May 28 16:26 cd9b0933db878954
> -rw---  1 _smtpq  wheel  19296 May 28 16:26 message
> 
> I assume this is not the expected result. :)
> What else can I collect to pinpoint what is going on, before I rm the files?
> 
> Mischa
> 
> 

I also had this same problem. I rm'd the files.
However, what is the right solution?
(I was in a big rush and had to quickly solve the problem.)

Chris Bennett





New Server, looking for some general advice

2020-05-10 Thread Chris Bennett
Hi,
I just added a new /27 server. So I haven't started anything except
local for right now. It's using amd64 -current.
I'm using A records for domain and mail.domain. No problem there.

It has one mail. address assigned right now. Different than domain IP.

What I want to achieve:
1. Use Maildir

2. Use dkimproxy. I will add more domains after getting one setup right.

3. Retrieve mail both locally and remotely. I am using neomutt over SSH
right now, but I'm just not getting the conf file exactly right. Perhaps
using IMAP address instead of the local directories would work better?
Right now it recognizes mailboxes only partially correctly.
This question might be better to ask on neomutt mailing list?

I'm guessing that dovecot will be best for remotely and locally. I
previously used it for mbox quite a while ago over POP3.

4. Use both local and virtual users. So I would like to prepare for the
virtual users part at the start if possible. One step at a time is fine.

As far as DKIM, should I add the signature to the domain or mail.domain?
I have already successfully added to mail.domain elsewhere, but is that
right? dkimproxy man pages suggest just domain part

5. Should I use lmtp?
6. Should I start with files first and move over to postgresql or
straight to postgresql?

I have infinite (almost :-}) patience on this server since not a single
important email will be going to it anytime soon.
I haven't setup spamd yet and I'm unsure that I want to. It seems to
cause me more grief than help. I'm using the opensmtpd filters elsewhere
and they are fantastic!

I also don't have a problem reading code for answers as best as I can.
I also have some filter code from others I need to look at (Thanks
Edgar!)

I'm off to read the latest man pages.

Thanks so much for having such excellent software freeing me from the
sendmail nightmare! Tons of work and I love it.

Thanks, 
Chris Bennett





Re: OpenSMTPD::Password perl module now supports openbsd

2020-03-19 Thread Chris Bennett
Thanks, I'll give them a try and if nothing else, learn more about
writing filters.
Perl is my language of choice.

Much Apppreciated,
Chris Bennett





Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Chris Bennett
On Thu, Oct 03, 2019 at 09:31:08AM +0200, Peter N. M. Hansteen wrote:
> 
> Also,
> 
> [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
> Host example.app not found: 3(NXDOMAIN)
> [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
> Host mx.example.app not found: 3(NXDOMAIN)
> 

I was randomly getting this error myself, I think there was or is some
other, non-related prpblem causing this error.

I'm also having some problems myself, but I'm camping right now.
I'll post something when I'm not typing from a phone.

Chris Bennett





Re: need help

2019-09-30 Thread Chris Bennett
./spf no-seas-necio.ninja 162.255.139.10: pass
./spf no-seas-necio.ninja 162.255.139.11: soft-fail

Which matches my spf entry. v=spf1 mx ~all.
Is that the correct response?

Chris Bennett





Re: Virtual users with Dovecot/Neomutt/OpenSMTPD

2019-07-17 Thread Chris Bennett
So, hazarding a guess, OpenSMTPD handles outgoing mail. It then hands
off incoming mail directly to dovecot?
Then I just need to get .neomuttrc correct to pull from dovecot.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Virtual users with Dovecot/Neomutt/OpenSMTPD

2019-07-16 Thread Chris Bennett
Hi,

I'm pretty confused on what I need to do to make all of this work. I
want to use IMAP.

So far, my attempts to use Maildir with just OpenSMTPD and neomutt
haven't worked correctly (no dovecot yet). This is just using regular
users and their home folders with Maildir. Mail gets delivered and sent
correctly, but the mailboxes aren't working right.

Dovecot says to use virtual users and Maildir like this:

Ways to set up home directory

The directory layouts for home and mail directories could look like
one of these (in the preferred order):

Mail directory under home, for example:
home=/var/vmail/domain/user/ mail=/var/vmail/domain/user/mail/

Completely distinct home and mail directories:
home=/home/virtual/domain/user/ mail=/var/vmail/domain/user/

Home directory under mail, for example:

 Maildir: home=/var/vmail/domain/user/home/ mail=/var/vmail/domain/user/
 mbox: There's really no good and safe way to do it. 
The home directory is the same as the mail directory. 

If for example:
home=/var/vmail/domain/user/
mail=/var/vmail/domain/user/mail/, set:

mail_home = /var/vmail/%d/%n
mail_location = maildir:~/mail


OK. I've got regular users each getting mail from many sources under
aliases, i.e. from root, webmaster, etc. to one user.
I don't really have any experience with IMAP.
So will a single user be using the IMAP requests to get each one of the
sources that right now are in aliases?

I am having trouble seeing how to pull all three of these pieces of
software together.
I am getting all my mail over SSH right now, but I would prefer to be
able to get it with neomutt directly to my laptop.

I've also seen many references to getting certificates from
Let's Encrypt for mail for both Dovecot and OpenSMTPD using the
same one. How do I do that?

I'm just not sure what documentation I should be using to guide the
process along.
I've got a server setup without any critical email, so I'm not in a
rush to get things working.

Any help apreciated,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Using Maildir and IMAP, I am losing my older threads

2019-05-21 Thread Chris Bennett
I did not receive any of the reply's before this one. Could you send
them again for me if there are any. Thanks. I've fixed the problem now.
Off-list is probably best.


On Tue, May 21, 2019 at 06:53:12AM +0100, Raf Czlonka wrote:
> On Mon, May 20, 2019 at 03:30:18PM BST, Chris Bennett wrote:
> > I was planning on using IMAP with dovecot (not setup yet), but when
> > using Maildir and neomutt, the mail gets moved to cur and I can't access
> > it from neomutt. Thus I have been losing access to my mailing list older
> > parts of threads I really want to see.
> 
> Hi Chris,
> 
> Not sure if I understand the above correctly but you do *not* access
> 'cur' - you access the directory where 'cur' resides in. As long
> as the MUA supports MAildir properly, you should see your emails.
> 

Should getting Dovecot setup fix this problem? Maybe?

> > Am I setting up neomutt incorrectly?
> 
> Impossible to tell without seeing the config file.

That is a temporary problem. I had to upgrade that server and everything
went completely fine (6.3 -> 6.4) until the final reboot, and then it
failed to finish rebooting. That company uses a newer version of Java
than I have under 6.4 at home. I'm hoping that 6.5 fixes that problem.
If not, any advice for that problem? I should have access to Windows in
a library Thursday since we are going camping Wednesday.
I don't know how to use Linux.
All of those config files are on that server.
Otherwise I'll ask support to help me work that out.

> 
> > Do I need to use a script to move the thread entries back to new?
> 
> Unless I'm missing something, you shouldn't need to.
> 
> > I have searched about this, but it seems that few people want to move in
> > this direction, but it can be done with a script.
> > I'm thinking I have messed up something in configuration.
> > Apparently mutt/neomutt can be set to access cur too.
> > 
> > Any help appreciated,
> > Chris Bennett
> 
> My guess is that you are simply not looking in the right place.

I've had a consistent problem with getting almost most of my problems
when searching under DuckDuckGo or Google or marc.info.
Most likely I'm just not thinking of the right searches.

Thanks,
Chris Bennett


> 
> Regards,
> 
> Raf
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: How to setup a "clean MTA" in 2019?

2019-04-03 Thread Chris Bennett
On Wed, Apr 03, 2019 at 11:36:22AM +0200, Gilles Chehade wrote:
> My very own minimal would be:
> - have a dedicated IP address for mail with correct rDNS and fc-rDNS

Right now I am using the same IP as the websites I have for each.
Should I use a different IP just for email? This is not a problem to do.

> - setup the mta to support TLS (if needed, not the case on OpenSMTPD)

Got this

> - setup the mta to use a EHLO name matching DNS for the IP

I continually get that the two do not match using the various email
testers. Yet the domain names do indeed match.
I don't know what to make of this. I have no problems sending or
receiving email at all.
Godaddy is where I have my domains registered, but they specifically say
that they do not support DNS for sites not hosted on their servers.
That has led me down the path of learning to be my own hostmaster.
I have finally found a page that explains the strange setup I need to
request for only a small range of IP addresses. Hurrah!
But I'm not quite ready to venture out into that myself. But learning
this has been fun so far.
Do you think that being hostmaster will solve that problem?


> - setup SPF

Good here

> - setup DKIM

Not yet, given above problems

> 
> That would be my very very very very minimum requirements.
> 

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: How can I integrate opensmtpd with opendkim?

2019-01-30 Thread Chris Bennett
On Wed, Jan 30, 2019 at 05:45:35PM +0300, Sergey Seacher wrote:
> Hello, All!
> 
> How can I integrate opensmtpd with opendkim?
> 

There is also dkimproxy and a Perl module p5-Mail-DKIM.
Which one do you recommend, you hinted that there will be changes from
6.4 to 6.5 for dkimproxy setup when it comes out, if I understood
correctly. 

I've got things working for 6.4 right now, but I will post a couple of
questions about using auth and some other stuff I expect/want to use
shortly.

Thanks, I'm really thrilled to have this massive improvement over
sendmail!! All of your time doing this work has been so helpful, I
really hated sendmail with that huge book I had for it.

Chris Bennett


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



6.3 not coming from proper domains

2018-12-26 Thread Chris Bennett
Oops, I forgot to su -l first.
Send back to ch...@bennettconstruction.us

To: misc@opensmtpd.org
Subject: 6.3 not coming from proper domains

I am also working on 6.4 syntax to be used shortly, but after doing testing.
Right now, with 6.3amd64-stable,
I am not getting any emails sent from any domains except bennettconstruction.us.

6.3 files soon to be gone, but this is the set of files I have in production.
I can also send my 6.4 files, which may be much better, but I want to fix this
now, vs later.
I appreciate any help. I think I included everything. mail-to address is 
designed to fail
in order to get good log messages.

Thanks,
Chris Bennett

gory ~ # dig -tANY bennettconstruction.us

; <<>> DiG 9.4.2-P2 <<>> -tANY bennettconstruction.us
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42993
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bennettconstruction.us.IN  ANY

;; ANSWER SECTION:
bennettconstruction.us. 833 IN  A   104.217.196.250
bennettconstruction.us. 833 IN  NS  ns65.domaincontrol.com.
bennettconstruction.us. 833 IN  NS  ns66.domaincontrol.com.

;; Query time: 459 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:47:25 2018
;; MSG SIZE  rcvd: 111

gory ~ # dig -tANY capuchado.com  

; <<>> DiG 9.4.2-P2 <<>> -tANY capuchado.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24176
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;capuchado.com. IN  ANY

;; ANSWER SECTION:
capuchado.com.  3600IN  TXT "v=spf1 a mx:capuchado.com 
ip4:104.217.196.251 ~all"
capuchado.com.  3600IN  MX  10 capuchado.com.
capuchado.com.  600 IN  SOA ns65.domaincontrol.com. 
dns.jomax.net. 2018121317 28800 7200 604800 600
capuchado.com.  3600IN  A   104.217.196.251
capuchado.com.  3600IN  NS  ns66.domaincontrol.com.
capuchado.com.  3600IN  NS  ns65.domaincontrol.com.

;; Query time: 847 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:47:58 2018
;; MSG SIZE  rcvd: 227

gory ~ # dig -tANY line-printer-daemon.net

; <<>> DiG 9.4.2-P2 <<>> -tANY line-printer-daemon.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40266
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;line-printer-daemon.net.   IN  ANY

;; ANSWER SECTION:
line-printer-daemon.net. 3600   IN  TXT "v=spf1 a 
mx:line-printer-daemon.net ip4:104.217.196.252 ~all"
line-printer-daemon.net. 3600   IN  MX  10 line-printer-daemon.net.
line-printer-daemon.net. 600IN  SOA ns63.domaincontrol.com. 
dns.jomax.net. 2018122000 28800 7200 604800 600
line-printer-daemon.net. 3600   IN  A   104.217.196.252
line-printer-daemon.net. 3600   IN  NS  ns64.domaincontrol.com.
line-printer-daemon.net. 3600   IN  NS  ns63.domaincontrol.com.

;; Query time: 710 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:48:54 2018
;; MSG SIZE  rcvd: 247


maillog:

Dec 26 19:27:36 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:27:36 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=5a4d097a06f98d40 from= 
to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s 
result="TempFail" stat="No MX found for domain"
Dec 26 19:32:13 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:32:13 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=6d1d125a0d253a0b from= 
to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s 
result="TempFail" stat="No MX found for domain"

Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=connected address=local host=bennettconstruction.us
Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=message address=local host=bennettconstruction.us msgid=5a4d097a 
from= to= size=509 ndest=1 
proto=ESMTP
Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=closed address=local host=bennettconstruction.us reason=quit
Dec 26 19:20:56 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:20:56 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=5a4d097a06f98d40 from= 
to= rcpt=<-> source=&q

Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote:
> Poke vultr about it , if its not good, just switch provider ( openbsd 
> amsterdam?))
> 

They say it's my fault and that they have spent a tremendous amount of
time trying to get me off of the blacklist. (exaggeration included on
purpose).

As you can see below, I guess it is all my fault.
I'm just going to put the DNS records back to where they were before.
What's the website for OpenBSD Amsterdam?

Looks like I may just have to move my server from the USA to the not
USA. Why is such a simple thing as a server so hard to get???

Fun Fun Fun entered below:
---
Information about 108.61.242.230

Below is the information we have on record about 108.61.242.230
Standards Compliance

Does IP Address resolve to a reverse hostname... Passed!

Does IP Address comply with reverse hostname naming convention... Passed!
List Status

RATS-Dyna - On the list. Worst Offender Alert.

RATS-NoPtr - Not on the list.

RATS-Spam - Not on the list.

RATS-Auth - Not on the list.
Alert: Your IP is part of a network listed as a Worst Offender

This is a Worst Offender Alert and this means that not only this IP address,
but the whole class 'C' is also on the indicated SpamRats List.
Usually this means the whole range has the same issue of naming conventions or
no reverse DNS AND that many IP's from this Class C have been used in Spam 
Attacks,
Dictionary attacks or other forms of attacks, as detected by Mail Servers in the
Data Collection Grid. You will NOT be able to use the removal form to remove 
your
IP Addresses. If you have recently been assigned the IP Addresses, or have 
changed
what these IP Addresses are used for, you can use the contact form and ask for a
reclassification, but you will have to provide full disclosure, including whois 
for
the ip addresses, your affiliation with the company that owns them, and a 
description
of what the IP's were previously used for, and what they will be used for, in 
order
for a Spam Auditor to consider reclassification. Remember, the majority of the 
IP's
in this space WERE detected as being involved in some form of attack or abusive
behaviour, so you had better have a good reason to ask for removal, and you 
need to
own or control the IP addresses, as evidenced by ARIN whois.

-
2nd IP is blacklisted on 7 lists.

I'm sure they can quickly fix this too!

Chris



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 09:58:54PM +, Charles Collicutt wrote:
> On Wed, Dec 19, 2018 at 01:41:40PM -0800, Chris Bennett wrote:
> > On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> > > I’ve just checked mine and it’s 100% non-blacklisted, according to 
> > > mxtoolbox.
> > > And, so far, I don’t have any issues sending/receiving mail.
> > 
> > I really must have workable email and baremetal
> 
> Maybe it is a baremetal versus VPS thing? Like others here, I have been
> running a mail server on Vultr VPS for years without problems.
> 

I was wondering the same thing. Baremetal for them is new and maybe they
haven't worked out the bugs and procedures for that yet?

If that's the case, any suggestions on a good way to word the
conversation? I tend to come across as a bit rude by accident.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 04:46:17PM -0500, Implausibility wrote:
> Vultr specifically blocks mail-specific ports in an attempt to keep their 
> network free of spam.  You can ask them to enable eMail ports on your VMs, 
> 

Yes, I spoke to them about the problem before grabbing an additional IP
address. They said they would try to get the original IP un-blacklisted.
That did not happen, unfortunately.

They now also offer one model of bare metal, which is not a VM. I
specifically need a single dedicated server for what I am doing.
The work I'm doing is all situated inside of the USA, so something
locally oriented is a better choice for me.

My email ports are open, as I can send mail back and forth with my other
server.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
> And, so far, I don’t have any issues sending/receiving mail.
> 

I really must have workable email and baremetal
 
Right now the second IP I requested is 45.76.27.230
This is much worse than the first one I also have which is
108.61.242.230

I am using a server in Chicago. Where is yours located?
Maybe the location is related?

Other than this problem, I am quite happy. If I can solve this, I will
move off of my other server, which is stuck on crappy Java KVM.
I don't have any problem with another location.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Vultr has all blacklisted IP's for email

2018-12-19 Thread Chris Bennett
I was very happy with what I got for a baremetal server at Vultr.
Unfortunately, even after getting a second IP that was not from the same
range as the first one, all of these IP ranges, not single IP's, are
blacklisted in the worst category.
If you want a web/etc server, great.
If you want anything to do with email, forget them.
Shame. I need another baremetal that doesn't have Java KVM.
Any recommendations?

Thanks. Looks like anything related to Cloud may be a problem???

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: FAQ gone?

2018-12-12 Thread Chris Bennett
On Wed, Dec 12, 2018 at 10:35:21PM +0100, Gilles Chehade wrote:
> 
> The FAQ has been removed from the website twice for the same reason, and
> if you work on it but it then goes unmaintained and people start mailing
> me that I should fix the FAQ, I'll have to remove it again a third time.
> 
> I'm all for having an FAQ but it must come from people willing to become
> maintainers and not release a version of it and leave.

Yes, I was very disappointed when the previous FAQ didn't have accurate
information. I would much rather see you working on OpenSMTPD itself
rather than a FAQ, which is a lot of work just to make, much less
maintain.

I have found various FAQ's all over the place that just don't have
accurate information and throw in anti-spam programs I just don't want
to use. Of course, not enough information to understand how to skip one
of those unwanted ones. So I have essentially found all of them
basically useless, which is sad but true.

I'm in a bit of a conundrum. I'm trying to pull together a bunch of
things besides just email all at once.

I grabbed a baremetal at Vultr in addition to the one I am actually
using elsewhere. I'm trying to get everything running as I need it to at
Vultr before moving everything onto it officially. Having two baremetals
gives me a great way to bounce things back and forth until everything is
really truly working correctly.

But I have lots of questions about things I have never done before.
I'm very puzzled by how to correctly set up DKIM and DMARC.
Which programs should I be using and why? I looked at opendkim and the
manual pages are so long and convoluted with so many options that it
leaves me throwing up my hands in frustration. I know that once I
understand all of it, it will probably be completely clear, but not yet.
So which program(s) for DKIM to use? Is this something for example that
would be reasonable to add as a port like opensmtpd-dkim?

I'm perfectly happy to use postgresql with OpenSMTPD and Dovecot.
I have yet to find any example SQL tables anywhere for either.
This would work great for me to integrate certain customers with in a
larger database set up.

Maildir, mbox, dovecot's own mailboxes. I seem to find arguments for and
against each choice. Right now I can make a choice, but which one?

I also have found a probable need to use auth to allow only special
users to relay mail.

Right now, I have two servers. IP addresses which can get burned if I
screw up and two domains that can also get burned since I'm not using
them.
I'm 100% willing to run through all kinds of different configurations
and I have lot's of questions that would probably be great ones for a
FAQ. So I volunteer for guinea pig. I'll try it all for the FAQ.

BUT, if there is a FAQ, it's going to need to be set up with tests to
see when previous advice fails. Otherwise, I just don't see anyone even
knowing when and what to fix. "Oh, that didn't work. I'll do this other
way instead." isn't going to get anything maintained.

I'm happy (and needful) to try all the different ways. I can't commit to
writing the FAQ myself.

So, if I see this correctly, someone needs to grab two or three servers
every six months, run though all the options, see what fails and report
back, drop the servers?

I'll help,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Tables syntax in new config

2018-11-27 Thread Chris Bennett
Thanks!

This was a good thread. And of course I didn't notice man table.
I'm getting really important emails right now, but I want to upgrade to
6.4 from 6.3, so I'm being really cautious about making a mess.

Server company is using IPMI with Java, so that's been a problem since I
can't get OpenBSD's version to work. Which was really hard to get to
even work with someone's old windows version when I first installed.

Chris Bennett

Thanks for the great work!



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: OpenSMTP as mx backup

2018-11-26 Thread Chris Bennett
+2 on that! Sorry +1 is just not enough!

I have a backup, but that's only IF I know there's a problem.
If I have any net access, if I'm not traveling. If .

Most of my email is unimportant. But when it is, it's $$ or some
emergency.

Chris



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Forced to stay at 6.3 but I want 6.4.0

2018-10-28 Thread Chris Bennett
I have a problem with OBSD 6.4 release and so far cannot get the display
to work properly.
I would like to use the 6.4.0 on 6.3.
I haven't look over the source at all yet, I will.

Will I have any problems getting this to work on OBSD 6.3?
As much as possible, I would like to bring my server closer to OBSD 6.4
but I want my laptop and server working with the same software.

Thanks,
Chris Bennett

PS, I'll explain in my next email why this matters a bit to me.



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: moving to 6.4, want to be sure that one domain can't be "traced" back?

2018-10-24 Thread Chris Bennett
I've received some good advice to not pursue this right now.
I'm not myself with this medication. So I'm not going to move forward
with this. I am just not thinking clearly enough to make decisions about
such important things. My apologies.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



moving to 6.4, want to be sure that one domain can't be "traced" back?

2018-10-23 Thread Chris Bennett
Hi,
I am about to manually update 6.3 to 6.4 and update new configurations.
I realize that getting the IP address is not concealable. The domain has
private registration.
It is likely that certain people will assume that I am behind the site,
but I would like keep from having any actions taken against the site.

My concern is that the site will bring up a very negative viewpoint and
also some good suggestions about fixing the problems. The site does not
deal with anything illegal or violent or anything like that. It will
just make some controversy. I am still making sure I really want to do
this site into production.

My hip is being replaced December 3rd. I'm taking a lot of Morphine and
Oxycodone right now, so I am probably going to ask some stupid RTFM
questions out of need.

Thank you so much for making OpenSMTPD! I love it. 
If you need any help testing, let me know.
I'd love to help with catching errors or the lack of an error message
when something is wrong.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: very confused on userbase parameter

2018-09-01 Thread Chris Bennett
On Sat, Sep 01, 2018 at 05:50:27PM +, Gilles Chehade wrote:
> 
> I'll describe how things work in this mail so it serves as reference for
> future questions regarding aliases, virtual and userbase:
> 
> Aliases and virtuals are mutually exclusive features that operate at the
> same level, converting an e-mail address into a local user.
> 
> Userbases operate at a lower level, allowing to lookup system details of
> a local user such as uid, gid and home directory.
> 
> You don't have to have aliases or virtuals, but you MUST have a userbase
> which defaults to the system user database when you don't specify one.
> 
> Aliases and virtuals can be seen as functions that take an e-mail as the
> input and produce usernames that _MUST_ exist in the underlying userbase
> as the output, otherwise the recipient will be rejected.
> 
> The difference between aliases and virtuals is subtle but simple:
> 
> - aliases assume that all users on the system are allowed to get e-mails
>   and that the user-part of recipient e-mail addresses are the usernames
>   on the system. the mechanism allows you to provide an OPTIONAL list of
>   transformations in case some recipients have user-parts that are not a
>   system user, and it assumes that if no alias is found, then user-parts
>   must be looked up as real usernames.
> 
> - virtuals assume that users are NOT allowed to get e-mails, unless they
>   are EXPLICITELY allowed on a list. either a transform is found and the
>   recipient is converted into a username, or the recipient is rejected.
> 
> 
> You can receive e-mail if you're not in the aliases list, if you have an
> account on the system with a username matching the user-part.
> 
> You can't receive e-mail if you're not in the virtuals list, EVEN if you
> have an account matching the user-part.
> 
> 
> Now with that being said, converting a recipient into a username doesn't
> help us much if that username doesn't exist for real. We need a uid, gid
> and a home directory, so no matter if you used aliases, virtuals or none
> of them, the username behind a recipient must be found in the user base.
> 

Thanks, this helps a lot

Just one more question.

You reply sounds like I should choose either aliases or virtual, but not
both. Is this correct?

What about programs such as femail? Do they work fine with just
virtuals?

Thanks
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Problem with OpenSMTPD/Amavisd and mails with multiple recipients.

2018-04-02 Thread Chris Bennett
On Mon, Apr 02, 2018 at 05:25:29PM +, Vijay Sankar wrote:
> Hi Reio,
> 
> It may be better to continue this discussion on the list. That will allow
> people more knowledgeable than I to help you out.
> 
> Re. configuration, I actually use the defaults. Amavisd and OpenSMTPD always
> use SMTP in my case. Re. versions, it is just OpenBSD 6.1 -stable.


Yes, please put everything up. Now that 6.3 is out I want to know how to
get all of this working for my mail. What is wrong is every bit as
helpful as what is right.

For example, should I continue using mbox or change to maildir.
It seems that IMAP may be a better choice.

I currently use neomutt and want to turn on Dovecot for using remote
email readers, but not sure what steps are best.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Help setting up anti-spam using Dovecot and whatever with 6.3

2018-03-27 Thread Chris Bennett
I'd love some help setting up some spam filtering before I turn on
spamd.
I've seen lots of guides, but I really don't know what configuration
would be best. The guides, of course, don't give enough detail that I
can follow. I'm fine using dovecot with postgresql, but I don't know
how to setup the neccesary tables.

I have a very low volume of email, but I'd like to be good should the
volume change (which it possibly might).

Right now, I've only had the server I'm using up for a short period of
time, so I'm fine with any type of changes.

If there is any archive with useful info, where would that be? marc.info
doesn't have anything recent.

Oh yeah, as asked, Hi!
This is so much nicer than the sendmail monster!

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org