from:"Frank Timmers"

smtpd recipient rule not matched

2017-04-06 Thread Frank Timmers

Hi,

I’ve got a  rule based on recipients, however for some reason it’s not matched 
and therefor the mail bounced. Can anyone tell me if I’m doing something wrong?

Thanks and kind regards,
/Frank.

—
smtpd.conf rule:
table recipient_whitelist file:/etc/opensmtpd/recipient_whitelist
accept recipient  relay via smtp://127.0.0.1:10027 

—

—
/etc/opensmtpd/recipient_whitelist:
# accept all mails to these recipients
mon...@example.com 
ban...@example.com 
—

—
Output from “smtpd -dv -T lookup -T rules”:
debug: smtp: new client on listener: 0xe253a0
13e045ff1aa2603d smtp event=connected address=192.168.0.10 
host=client.example.com 
debug: smtp: SIZE in MAIL FROM command
lookup: check “192.168.0.10" as NETADDR in table static: -> 0
no rule matched
13e045ff1aa2603d smtp event=failed-command command="RCPT TO:> ORCPT=rfc822;mon...@example.com 
" result="550 Invalid recipient"
13e045ff1aa2603d smtp event=closed reason=quit
debug: smtp: 0xe1d3f0: deleting session: done
—

OpenSMTPd authentication failed

2017-04-24 Thread Frank Timmers

Hi,

I’m trying to get authentication to work with opensmtpd, however I get the 
message “authentication failed”. Below you can find the content of smtpd.conf, 
smtp_users and /var/log/messages. The password has been encrypted with the 
“smtpctl encrypt” command.

Can the issue be that the smtp_user table is read as "type=HASH” and the lookup 
is done as “type=CREDENTIALS”?

Greetings,
Frank.

— smtpd.conf —
pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
pki mail.example.com key "/etc/opensmtpd/ssl.key"

# Interface to listen on any address (needed for failover)
listen on 0.0.0.0 secure auth smtp_users pki mail.example.com

# Userlist
table smtp_users file:/etc/opensmtpd/smtp_users
— smtp.conf —

— smtp_users—
test
$6$F1n7ZnzRfkPbGLjV$qBw5kvTo0dnJOA5dR7OCiF94gGK5yLOxtH9D2T4/.AAVGgfyyjdunh.RaXS6O0VHPPKriWurP/WgESa/dpfij1
— smtpd_users—

— /var/log/maillog—
Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp event=connected 
address=192.168.50.1 host=192.168.50.1
Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp event=starttls 
ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256"
Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp 
event=authentication user=test result=permfail
Apr 24 13:02:09 localhost smtpd[17028]: smtp-in: Failed command on session 
e3f09084856c63f5: "AUTH PLAIN (...)" => 535 Authentication failed
Apr 24 13:02:09 localhost smtpd[17028]: e3f09084856c63f5 smtp 
event=authentication user=test result=permfail
Apr 24 13:02:10 localhost smtpd[17028]: smtp-in: Failed command on session 
e3f09084856c63f5: "AUTH PLAIN (...)" => 535 Authentication failed
Apr 24 13:02:10 localhost smtpd[17028]: e3f09084856c63f5 smtp 
event=authentication user=test result=permfail
Apr 24 13:02:11 localhost smtpd[17028]: smtp-in: Failed command on session 
e3f09084856c63f5: "AUTH LOGIN (password)" => 535 Authentication failed
Apr 24 13:02:11 localhost smtpd[17028]: e3f09084856c63f5 smtp 
event=authentication user=test result=permfail
Apr 24 13:02:11 localhost smtpd[17028]: smtp-in: Failed command on session 
e3f09084856c63f5: "AUTH LOGIN (password)" => 535 Authentication failed
Apr 24 13:02:11 localhost smtpd[17028]: e3f09084856c63f5 smtp event=closed 
reason=quit
— /var/log/maillog —

— smtp -dv -T all —
TABLE "smtp_users" type=HASH config="/etc/opensmtpd/tables/smtp_users"
"test" -> 
"$6$F1n7ZnzRfkPbGLjV$qBw5kvTo0dnJOA5dR7OCiF94gGK5yLOxtH9D2T4/.AAVGgfyyjdunh.RaXS6O0VHPPKriWurP/WgESa/dpfij1"
mproc: lka -> pony: enabled
imsg: pony <- parent: IMSG_CONF_START (len=0)
imsg: pony <- parent: IMSG_CONF_END (len=0)
debug: smtp: listen on 127.0.0.1 port 10028 flags 0x400 pki "" ca ""
debug: smtp: listen on 0.0.0.0 port 25 flags 0x449 pki “mail.example.com" ca ""
debug: smtp: listen on 0.0.0.0 port 465 flags 0x44a pki “mail.example.com" ca ""
debug: pony: rsae_init
debug: pony: rsae_init
debug: smtp: will accept at most 2043 clients
imsg: ca <- parent: IMSG_CONF_START (len=0)
imsg: ca <- parent: IMSG_CONF_END (len=0)
debug: init private ssl-tree
mproc: ca -> pony: enabled
queue-backend: queue_envelope_walk() -> -1 ()
debug: queue: done loading queue into scheduler
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x23ca250
smtp: 0x23bbf60: connected to listener 0x23ca250 [hostname=mail.example.com, 
port=25, tag=]
mproc: pony -> lka: allocating 128
mproc: pony -> lka : 34 IMSG_SMTP_DNS_PTR
mproc: pony -> control: allocating 128
mproc: pony -> control : 47 IMSG_STAT_INCREMENT
mproc: pony -> control : 53 IMSG_STAT_INCREMENT
imsg: lka <- pony: IMSG_SMTP_DNS_PTR (len=34)
imsg: control <- pony: IMSG_STAT_INCREMENT (len=47)
ramstat: increment: smtp.session
ramstat: smtp.session (0x9fc641): 0 -> 1
imsg: control <- pony: IMSG_STAT_INCREMENT (len=53)
ramstat: increment: smtp.session.inet4
ramstat: smtp.session.inet4 (0x9fc641): 0 -> 1
mproc: lka -> pony: allocating 128
mproc: lka -> pony : 28 IMSG_SMTP_DNS_PTR
imsg: pony <- lka: IMSG_SMTP_DNS_PTR (len=28)
smtp: 0x23bbf60: STATE_NEW -> STATE_CONNECTED
89080c4f60136a5e smtp event=connected address=192.168.50.1 host=192.168.50.1
filter: new query QUERY_CONNECT
filter: filter_drain_query 89080c5060380f52[QUERY_CONNECT=192.168.50.221 <-> 
192.168.50.1(192.168.50.1),filter_session@0x23bbba0[datalen=0,eom=(nil),ofile=(nil)]]
filter: filter_end_query 89080c5060380f52[QUERY_CONNECT=192.168.50.221 <-> 
192.168.50.1(192.168.50.1),filter_session@0x23bbba0[datalen=0,eom=(nil),ofile=(nil)]]
filter: query 89080c5060380f52 done: status=FILTER_OK code=0 response="(null)"
smtp: 0x23bbf60: >>> 220 mail.example.com ESMTP OpenSMTPD
smtp: 0x23bbf60: IO_LOWAT 
smtp: 0x23bbf60: IO_DATAIN 
smtp: 0x23bbf60: <<< EHLO [192.168.50.1]
filter: new query QUERY_HELO
filter: filter_drain_query 
89080c511256b740[QUERY_HELO=[192.168.50.1],filter_session@0x23bbba0[datalen=0,eom=(nil),ofile=(nil)]]
filter: filter_end_query

Re: OpenSMTPd authentication failed

2017-04-25 Thread Frank Timmers

Hi Tim,

Thanks for the response. Placing the table name between <> solved the issue. 
After that smtpd indeed complained about the table not being found, which was 
solved by moving the table definitions before the listen statement.

Greetings,
Frank.

—
Apr 25 08:01:47 localhost smtpd[15911]: 1c75134ee470d49d smtp 
event=authentication user=test result=ok
—

> Op 24 apr. 2017, om 16:47 heeft Tim Kuijsten <i...@netsend.nl> het volgende 
> geschreven:
> 
> On Mon, Apr 24, 2017 at 04:30:34PM +0200, Frank Timmers wrote:
>> ...
>> — smtpd.conf —
>> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
>> pki mail.example.com key "/etc/opensmtpd/ssl.key"
>> 
>> # Interface to listen on any address (needed for failover)
>> listen on 0.0.0.0 secure auth smtp_users pki mail.example.com
> 
> surround smtp_users with a < and > like:
> listen on 0.0.0.0 secure auth  pki mail.example.com
> 
>> # Userlist
>> table smtp_users file:/etc/opensmtpd/smtp_users
> 
> and try defining the smtp_users table before your "listen on" line although I 
> would expect smtpd -n should have complained about that.
> 
> -Tim
> 
>> — smtp.conf —
>> 
>> — smtp_users—
>> test 
>> $6$F1n7ZnzRfkPbGLjV$qBw5kvTo0dnJOA5dR7OCiF94gGK5yLOxtH9D2T4/.AAVGgfyyjdunh.RaXS6O0VHPPKriWurP/WgESa/dpfij1
>> — smtpd_users—
>> 
>> — /var/log/maillog—
>> Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp 
>> event=connected address=192.168.50.1 host=192.168.50.1
>> Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp event=starttls 
>> ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256"
>> Apr 24 13:02:08 localhost smtpd[17028]: e3f09084856c63f5 smtp 
>> event=authentication user=test result=permfail
>> Apr 24 13:02:09 localhost smtpd[17028]: smtp-in: Failed command on session 
>> e3f09084856c63f5: "AUTH PLAIN (...)" => 535 Authentication failed
>> Apr 24 13:02:09 localhost smtpd[17028]: e3f09084856c63f5 smtp 
>> event=authentication user=test result=permfail
>> Apr 24 13:02:10 localhost smtpd[17028]: smtp-in: Failed command on session 
>> e3f09084856c63f5: "AUTH PLAIN (...)" => 535 Authentication failed
>> Apr 24 13:02:10 localhost smtpd[17028]: e3f09084856c63f5 smtp 
>> event=authentication user=test result=permfail
>> Apr 24 13:02:11 localhost smtpd[17028]: smtp-in: Failed command on session 
>> e3f09084856c63f5: "AUTH LOGIN (password)" => 535 Authentication failed
>> Apr 24 13:02:11 localhost smtpd[17028]: e3f09084856c63f5 smtp 
>> event=authentication user=test result=permfail
>> Apr 24 13:02:11 localhost smtpd[17028]: smtp-in: Failed command on session 
>> e3f09084856c63f5: "AUTH LOGIN (password)" => 535 Authentication failed
>> Apr 24 13:02:11 localhost smtpd[17028]: e3f09084856c63f5 smtp event=closed 
>> reason=quit
>> — /var/log/maillog —
>> 
>> — smtp -dv -T all —
>> TABLE "smtp_users" type=HASH config="/etc/opensmtpd/tables/smtp_users"
>>  "test" -> 
>> "$6$F1n7ZnzRfkPbGLjV$qBw5kvTo0dnJOA5dR7OCiF94gGK5yLOxtH9D2T4/.AAVGgfyyjdunh.RaXS6O0VHPPKriWurP/WgESa/dpfij1"
>> mproc: lka -> pony: enabled
>> imsg: pony <- parent: IMSG_CONF_START (len=0)
>> imsg: pony <- parent: IMSG_CONF_END (len=0)
>> debug: smtp: listen on 127.0.0.1 port 10028 flags 0x400 pki "" ca ""
>> debug: smtp: listen on 0.0.0.0 port 25 flags 0x449 pki “mail.example.com" ca 
>> ""
>> debug: smtp: listen on 0.0.0.0 port 465 flags 0x44a pki “mail.example.com" 
>> ca ""
>> debug: pony: rsae_init
>> debug: pony: rsae_init
>> debug: smtp: will accept at most 2043 clients
>> imsg: ca <- parent: IMSG_CONF_START (len=0)
>> imsg: ca <- parent: IMSG_CONF_END (len=0)
>> debug: init private ssl-tree
>> mproc: ca -> pony: enabled
>> queue-backend: queue_envelope_walk() -> -1 ()
>> debug: queue: done loading queue into scheduler
>> debug: smtpd: scanning offline queue...
>> debug: smtpd: offline scanning done
>> debug: smtp: new client on listener: 0x23ca250
>> smtp: 0x23bbf60: connected to listener 0x23ca250 [hostname=mail.example.com, 
>> port=25, tag=]
>> mproc: pony -> lka: allocating 128
>> mproc: pony -> lka : 34 IMSG_SMTP_DNS_PTR
>> mproc: pony -> control: allocating 128
>> mproc: pony -> control : 47 IMSG_STAT_INCREMENT
>> mproc: pony -> control : 53 IMSG_STAT_INCREMENT
>> imsg: lka <- pony: IMSG_SMTP_DNS_PTR (len=34)
>&

Relay for authenticated users

2017-05-03 Thread Frank Timmers

Hi,

I’m trying to allow relay for authenticated users, however “smtpd -n” gives a 
syntax error on the last line (with the authenticated) keyword. As far as I 
understand the documentation [1], this should be the correct syntax. I’ve 
included my config below. Any hints on why this isn’t working? I’m using 
OpenSMTPD version 6.0.2p1.

In the config below, i differentiate between hosts which can only mail to 
internal domains and hosts which can relay to any domain. It would be great to 
be able to do the same for authenticated users. For example with “accept from 
any user  for domain ”. I don’t 
see how I would be able to do that with the current options.

Thanks and Kind regards,
Frank.



1: http://man.openbsd.org/smtpd.conf

—
# PKI
pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
pki mail.example.com key "/etc/opensmtpd/ssl.key"

# If you edit the file, you have to run "smtpctl update table "
table internal_domains file:/etc/opensmtpd/tables/internal_domains
table sender_domains file:/etc/opensmtpd/tables/sender_domains
table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally
table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally
table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist
table smtp_users file:/etc/opensmtpd/tables/smtp_users

# Interface to listen on any address (needed for failover)
listen on 0.0.0.0 secure auth-optional  pki mail.example.com

# Listen on localhost for DKIM signed mail
listen on 127.0.0.1 port 10028 tag DKIM

# Relay all DKIM signed mails
accept tagged DKIM for any relay

# accept all mail for whitelisted recipients and relay to dkimproxy
accept from any for any recipient  relay via 
smtp://127.0.0.1:10027

# Hosts in table  are allowed to relay to any from 
approved sender domains
accept from source  sender  for any relay 
via smtp://127.0.0.1:10027

# Hosts in table  are allowed to relay to any from 
approved sender domains
accept from source  sender  for domain 
 relay via smtp://127.0.0.1:10027

# Authenticated users are allowed to relay
accept authenticated from any relay
—


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay for authenticated users

2017-05-03 Thread Frank Timmers

Hi Edgar,

> Op 3 mei 2017, om 23:04 heeft Edgar Pettijohn <ed...@pettijohn-web.com> het 
> volgende geschreven:
> 
> 
> 
> On 05/03/17 08:05, Frank Timmers wrote:
>> Hi,
>> 
>> I’m trying to allow relay for authenticated users, however “smtpd -n” gives 
>> a syntax error on the last line (with the authenticated) keyword. As far as 
>> I understand the documentation [1], this should be the correct syntax. I’ve 
>> included my config below. Any hints on why this isn’t working? I’m using 
>> OpenSMTPD version 6.0.2p1.
>> 
>> In the config below, i differentiate between hosts which can only mail to 
>> internal domains and hosts which can relay to any domain. It would be great 
>> to be able to do the same for authenticated users. For example with “accept 
>> from any user  for domain ”. 
>> I don’t see how I would be able to do that with the current options.
>> 
>> Thanks and Kind regards,
>> Frank.
>> 
>> 
>> 
>> 1: http://man.openbsd.org/smtpd.conf
>> 
>> —
>> # PKI
>> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
>> pki mail.example.com key "/etc/opensmtpd/ssl.key"
>> 
>> # If you edit the file, you have to run "smtpctl update table "
>> table internal_domains file:/etc/opensmtpd/tables/internal_domains
>> table sender_domains file:/etc/opensmtpd/tables/sender_domains
>> table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally
>> table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally
>> table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist
>> table smtp_users file:/etc/opensmtpd/tables/smtp_users
>> 
>> # Interface to listen on any address (needed for failover)
>> listen on 0.0.0.0 secure auth-optional  pki mail.example.com
>> 
>> # Listen on localhost for DKIM signed mail
>> listen on 127.0.0.1 port 10028 tag DKIM
>> 
>> # Relay all DKIM signed mails
>> accept tagged DKIM for any relay
>> 
>> # accept all mail for whitelisted recipients and relay to dkimproxy
>> accept from any for any recipient  relay via 
>> smtp://127.0.0.1:10027
>> 
>> # Hosts in table  are allowed to relay to any from 
>> approved sender domains
>> accept from source  sender  for any 
>> relay via smtp://127.0.0.1:10027
>> 
>> # Hosts in table  are allowed to relay to any from 
>> approved sender domains
>> accept from source  sender  for domain 
>>  relay via smtp://127.0.0.1:10027
>> 
>> # Authenticated users are allowed to relay
>> accept authenticated from any relay
>> —
>> 
>> 
> try:
> accept authenticated for any relay

Thanks for the response. This also produces a syntax error message.

Regards,
Frank


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay for authenticated users

2017-05-05 Thread Frank Timmers

Hi Jourg,

> Op 4 mei 2017, om 10:02 heeft Joerg Jung <m...@umaxx.net> het volgende 
> geschreven:
> 
> 
>> On 3. May 2017, at 15:05, Frank Timmers <opensm...@geen-reclame.nl> wrote:
>> 
>> Hi,
>> 
>> I’m trying to allow relay for authenticated users, however “smtpd -n” gives 
>> a syntax error on the last line (with the authenticated) keyword. As far as 
>> I understand the documentation [1], this should be the correct syntax. I’ve 
>> included my config below. Any hints on why this isn’t working? I’m using 
>> OpenSMTPD version 6.0.2p1.
>> 
>> In the config below, i differentiate between hosts which can only mail to 
>> internal domains and hosts which can relay to any domain. It would be great 
>> to be able to do the same for authenticated users. For example with “accept 
>> from any user  for domain ”. 
>> I don’t see how I would be able to do that with the current options.
>> 
>> Thanks and Kind regards,
>> Frank.
>> 
>> 
>> 
>> 1: http://man.openbsd.org/smtpd.conf
>> 
>> —
>> # PKI
>> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
>> pki mail.example.com key "/etc/opensmtpd/ssl.key"
>> 
>> # If you edit the file, you have to run "smtpctl update table "
>> table internal_domains file:/etc/opensmtpd/tables/internal_domains
>> table sender_domains file:/etc/opensmtpd/tables/sender_domains
>> table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally
>> table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally
>> table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist
>> table smtp_users file:/etc/opensmtpd/tables/smtp_users
>> 
>> # Interface to listen on any address (needed for failover)
>> listen on 0.0.0.0 secure auth-optional  pki mail.example.com
>> 
>> # Listen on localhost for DKIM signed mail
>> listen on 127.0.0.1 port 10028 tag DKIM
>> 
>> # Relay all DKIM signed mails
>> accept tagged DKIM for any relay
>> 
>> # accept all mail for whitelisted recipients and relay to dkimproxy
>> accept from any for any recipient  relay via 
>> smtp://127.0.0.1:10027
>> 
>> # Hosts in table  are allowed to relay to any from 
>> approved sender domains
>> accept from source  sender  for any 
>> relay via smtp://127.0.0.1:10027
>> 
>> # Hosts in table  are allowed to relay to any from 
>> approved sender domains
>> accept from source  sender  for domain 
>>  relay via smtp://127.0.0.1:10027
>> 
>> # Authenticated users are allowed to relay
>> accept authenticated from any relay
>> —
> 
> If I remember correctly, authenticated users are treated like “local” users, 
> so
>   accept rom local for any relay
> might work.

"accept from local for any relay” does seem to work. However this is for my 
situation not sufficient.

In the config above, I differentiate between hosts which are allowed to relay 
and hosts which are allowed only to relay to a limited set of destination 
domains. I’d like to do this for authenticated users as well.

with the authenticated keyword as mentioned in the documentation, I could 
construct something like:
accept authenticated from source 10.1.0.0/24 for any relay
accept authenticated from source 10.2.0.0/24 for domain  relay

As far I understand the documentation (http://man.openbsd.org/smtpd.conf), the 
above two lines should work.


Ideally I’d prefer the ruleset below, could this be considered a feature 
request?

—
# PKI
pki mail.example.com certificate "/etc/opensmtpd/ssl.crt"
pki mail.example.com key "/etc/opensmtpd/ssl.key"

# Tables 
table domain_list file:/etc/opensmtpd/tables/domain_list
table restricted_users file:/etc/opensmtpd/tables/restricted_users
table relay_users file:/etc/opensmtpd/tables/relay_users

# Interface to listen on.
listen on 0.0.0.0 secure auth-optional  pki mail.example.com

# Ruleset
accept authenticated user  from any for any relay
accept authenticated user  from any for domain  
relay
—


Kind regards,
Frank.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

smtpd recipient rule not matched

OpenSMTPd authentication failed

Re: OpenSMTPd authentication failed

Relay for authenticated users

Re: Relay for authenticated users

Re: Relay for authenticated users

6 matches

Site Navigation

Mail list logo

Footer information