Re: certificates

On Wed, Apr 02, 2014 at 08:31:08AM +0200, Gilles Chehade wrote: > On Tue, Apr 01, 2014 at 11:03:18PM -0300, Hugo Osvaldo Barrera wrote: > > On 2014-03-31 10:31, Gilles Chehade wrote: > > > ok, well there's no such thing as https://www.opensmtpd.org, I will > > > m

Re: Reenable archives directory listing, SVP

> Gentoo. Every couple of days or so I'm bored and I run it, and it tells me > if I should put on my Gentoo packager hat and bump the snapshot package. > > ATM, that URL now gives 403 forbidden. Could you fix this? > fixed -- Gilles Chehade https://www.poolp.org

Re: Masquerading

e. It's a work in progress, it kind of works but is not mature enough to be enabled yet so for now it's not usable. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To

Re: Configuring email relays in lan

d there is no way around that ... ... however if you are on your LAN and you know what machines are acting as MX you can use a "relay via" rule instead of a "relay" rule to bypass the MX lookup and perform a direct connection. -- Gilles Chehade https://www.poolp.org

Re: Building snapshots on 5.5-stable?

work as good as on other systems. We don't even know which ones kick in and I would have to go check each one individually just to be sure if I was asked. In theory, it should work, in practice it's not tested and the executables generated from

Re: new privsep for rsa and ca [was: [OpenSMTPD] master snapshot opensmtpd-201405071639 available]

On Thu, May 08, 2014 at 05:08:36AM +0200, Jason A. Donenfeld wrote: > On Wed, May 7, 2014 at 4:43 PM, wrote: > > > > - RSA engine privsep by reyk@ > > - ca process, by reyk > > > Do these require new UIDs/usernames? no, no new UID/username requi

Re: Compile errors compiling opensmtpd-latest on the most recent openbsd -current

1405071639/smtpd/../dns.c:423: error: > dereferencing pointer to incomplete type > *** Error 1 in smtpd (:87 'dns.o') > *** Error 1 in /home/kusuriya/opensmtpd-201405071639 (:48 > 'all') > > any ideas? > > -- > Jason Barbier | jab...@serversave.us -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Problem with simple user authentication scheme

word. The server uses your username to locate the password string. It then extracts the algorithm and random salt, uses them with the password you submitted to generate a hash and compares it with the hash that it has in its user database. -- Gilles Chehade https://www.poolp.org

Re: new privsep for rsa and ca [was: [OpenSMTPD] master snapshot opensmtpd-201405071639 available]

Out of town till tomorrow, I'll explain the benefit tomorrow when back home On May 9, 2014 6:49 PM, "Jason A. Donenfeld" wrote:On Thu, May 8, 2014 at 2:56 PM, Gilles Chehade <gil...@poolp.org> wrote: On Thu, May 08, 2014 at 05:08:36AM +0200, Jason A. Donenfeld wrote: no

DISREGARD LAST SNAPSHOT

we fucked up and forgot to backport a diff, we'll regen a snapshot in a few minutes ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to:

Re: Compile errors compiling opensmtpd-latest on the most recent openbsd -current

took a while longer but here they are ;-) On Thu, May 08, 2014 at 07:31:49PM +0200, Gilles Chehade wrote: > ok, new snapshot will be generated tomorrow, not today > > Gilles > > > On Thu, May 08, 2014 at 06:16:48AM -0700, Barbier, Jason wrote: > > So I have the most rec

Re: new privsep for rsa and ca [was: [OpenSMTPD] master snapshot opensmtpd-201405071639 available]

On Fri, May 09, 2014 at 06:49:50PM +0200, Jason A. Donenfeld wrote: > On Thu, May 8, 2014 at 2:56 PM, Gilles Chehade wrote: > > > On Thu, May 08, 2014 at 05:08:36AM +0200, Jason A. Donenfeld wrote: > > > > no, no new UID/username required > > > > > Cur

Re: Useless and unprofessional process names.

ony express" name because we have failed to find a name that pleased us and captured the essence of what pony does: accept, relay & deliver. you're of course free to suggest names. now, since it bears absolutely no functional impact and only appears on development code,

Re: Experimental manuals

lly* willing to endure a bit of pain when using them. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: 550 message rejected with -latest

0]: smtp-in: Received disconnect from > session 54c8e10f508ce2ba > Eric ? > May 12 18:04:51 mail2 smtpd[21150]: filter: datalen mismatch on session > 54c8e10f508ce2ba: 186/181: No such file or directory This looks similar to something we had already fixed before changing the master branch and

Re: What's the idea behind "not enough disk space" "temporarily rejecting messages"

;s daily output. > I agree with you guys. Eric and I have been against this limit but there's been requests that a limit of some sort be introduced to prevent /var filling from OpenSMTPD. I had an idea that is more sensible than an arbitrary limit, I'll have a chat with a few people and will provide a diff. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: new privsep for rsa and ca [was: [OpenSMTPD] master snapshot opensmtpd-201405071639 available]

On Tue, May 13, 2014 at 07:08:10PM +0200, Jason A. Donenfeld wrote: > On Mon, May 12, 2014 at 5:19 PM, Gilles Chehade wrote: > > > > We have abused the term "privsep", in this particular case it's not > > really privileges separation but really vmem. space sep

Re: 550 message rejected with -latest

new snapshot fixes this On Tue, May 13, 2014 at 09:43:33AM +0200, Eric Faurot wrote: > On Tue, May 13, 2014 at 09:33:08AM +0200, Gilles Chehade wrote: > > On Mon, May 12, 2014 at 11:08:37AM -0700, Barbier, Jason wrote: > > > So now my sqlite tables all work \o/ but the filter

Re: Temporary MTA failure on relaying

but given that they are temporary failures, the MTA will retry them in a more appropriate way if you let them live their life ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to m

Re: postgres and ldap backends

On Mon, Mar 17, 2014 at 07:51:00PM -0300, Hugo Osvaldo Barrera wrote: > On 2014-03-05 02:35, Gilles Chehade wrote: > > Hi, > > > > We have just released a minor stable version and hopefully we should not > > see another minor release before OpenSMTPD 5.5.0 comes out

Re: Resend mails from queue to another relay

mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Resend mails from queue to another relay

On Thu, May 15, 2014 at 09:52:41AM +0200, Ole Jakobsen wrote: > On Thu, May 15, 2014 at 09:23:26AM +0200, Gilles Chehade wrote: > > On Thu, May 15, 2014 at 09:22:36AM +0200, Ole Jakobsen wrote: > > > > > > Another question. How do I edit them? When I open them in vi it&

interested in LDAP ?

love to have some LDAP users around ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: interested in LDAP ?

On Mon, May 19, 2014 at 11:30:52AM +0200, St?phane Guedon wrote: > Le lundi 19 mai 2014, 10:52:52 Gilles Chehade a ?crit : > > ohai, > > > > if you're interested in getting LDAP fixed, I plan a debugging > > session this Thusrday at 7PM (Europe/Paris) on IRC: #open

Re: interested in LDAP ?

On Mon, May 19, 2014 at 11:39:17AM +0200, St?phane Guedon wrote: > Le lundi 19 mai 2014, 11:31:52 Gilles Chehade a ?crit : > > On Mon, May 19, 2014 at 11:30:52AM +0200, St?phane Guedon wrote: > > > Le lundi 19 mai 2014, 10:52:52 Gilles Chehade a ?crit : > > > > oh

Re: [OpenSMTPD] master snapshot opensmtpd-201405142324 available

t)) > debug: mta: connecting with > [connector:10.44.0.3->[relay:azathoth.uphall.net,starttls,pki_name=yidhra.outer.uphall.net,mx,sourcetable=],0x2] > debug: mta: canceling connector timeout > debug: mta: no task for connector > debug: mta: ma_route_unref(): really discarding ro

Re: [OpenSMTPD] master snapshot opensmtpd-201405142324 available

f you want some specific debug I'm happy to try > again. > Yes, I would like to debug this if you have some spare time in an hour Meanwhile please mail me your configuration file so I can try to reproduce @ home -- Gilles Chehade https://www.poolp.org

Re: What's the idea behind "not enough disk space" "temporarily rejecting messages"

success/fail result and you could case or if/else for that result so it > becomes in essence: > Check for unsent queue and try to send > Try to send new mail > if Success exit > if fail count=1 try again > if fail count=2 write mail to disk (maybe pickup directory so it will g

Re: OpenSMTPD Problem

between ':' and '<' This is not about being rfc pedantic but about preventing people from writing broken SMTP code because we're too permissive and tolerant with protocol error. What is the real problem that has prompted you to ask this question ? -- Gilles Chehade htt

Re: OpenSMTPD Problem

foo@bar", so at the very least your local enqueuer is incorrectly configured which probably explains mutt too. > > > On Sat, May 24, 2014 at 01:43:02PM +0200, Gilles Chehade wrote: > > On Fri, May 23, 2014 at 02:17:51PM -0600, Nicholas Janzen wrote: > > > I

Re: Question about auth and auth-optional

d make it so easy to setup that there's no excuse not to have it enabled. We won't accomodate legacy software if it means downgrading security. > > Sorry for bothering, all questions solved > > You're welcome. > Yup, discussions and questions are welcome on this

private keys isolation

wn process. http://insanecoding.blogspot.fr/2014/05/protecting-private-keys.html -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: mis

Re: OpenSMTPd as a backup MX

il is handled by 5 mx1.dom.fr. > dom.fr mail is handled by 10 mx2.backdom.fr. > dom.fr mail is handled by 15 mx3.backdom2.fr. > The configuration file and logs are very important to debug this, there is so much we can guess :-p -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD Problem

syntax issue: RCPT TO: 550 Invalid recipient RCPT TO:<@> 501 5.1.3: Recipient address syntax error I really need configuration file and logs to debug > > this all worked before with the stock mailertable (which points to sendmail). > > On Sat, May 24,

Re: using SPF or DKIM instead of greylisting?

cript that queries their SPF records to whitelist the MX servers that they advertise. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Meaning of "from local"

ki tm auth > > > > Perhaps a successfully authenticated session automatically makes the > > client "local"? > > > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD Problem

0.0.1 but you're using a unix socket, your ruleset says that it will only accept to relay from IP addresses listed in your /etc/mail/relay file, therefore the local enqueuer is rejected. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You receive

Re: Table key-value separator

s association like a Ruby hash. > Yes it is deprecated, i'm amazed we didn't kill it already. You like it becsause it looks like ruby hash, i would have prefered ':' so it looks like python hashes instead of PHP associative arrays, in the end we kill it because it doe

Re: sudden e-mail errors

how to fix them? > without logs, it's impossible to debug -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Is my server hijacked?

Someone knows some password On Jun 5, 2014 1:33 PM, Martin Kropfinger wrote: > > Hi there, > > today I found the following in my daily mails: > > // BEGIN QUOTE // > Mail in local queue: > 5849a0f85ce64c96|local|mta|auth|@|i...@yt1ktrkw.10stats3.ru|i...@yt1ktrkw.10stats3.ru|1401881480|1402227

Re: Is my server hijacked?

ding|9012|Network > > error on destination MXs without configuration file, it's hard to know what happens ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsub

Re: [PATCH] dnsbl: zero getaddrinfo hints

mily = PF_UNSPEC; > hints.ai_socktype = SOCK_STREAM; > aq = getaddrinfo_async(buf, NULL, &hints, NULL); > -- > 1.9.3 > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.

Re: [PATCH] man: tracing the filter is now called mfa

t > -- > 1.9.3 > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You re

Re: Is my server hijacked?

ix is to prevent the first rule from accepting to relay mail for users that do not exist: accept tagged erstes_eintreffen from any for domain recipient # <- here relay via smtp://127.0.0.1:10024 [...] -- Gilles Chehade https://www.poolp.org

latest snapshot from weeks ago

about ten days. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [OpenSMTPD] master snapshot opensmtpd-201405202103 available

Wed, 21 May 2014 01:55:35 -0600 (MDT) > Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) > by shear.ucar.edu (8.14.5/8.14.5) with ESMTP id s4L7slvl029667 > for ; Wed, 21 May 2014 01:54:48 -0600 (MDT) > Received: from list > by plane.gmane.org

Re: can receive mail but can't send

.tcpudp.org],0x8]: errors on connector > debug: mta: draining [relay:mail.tcpudp.org] refcount=2, ntask=1, > nconnector=1, nconn=0 > debug: mta: querying source for [relay:mail.tcpudp.org]... > debug: mta: ... got source for [relay:mail.tcpudp.org]: [] > deb

Re: How to configure encryption ciphers and SSL/TLS protocols

." > This can certainly be improved without adding ssl_ciphers knob > I'm not a mail expert, but my feeling is that secured email hasn't been > widespread until recent years. If any MTAs support encryption, they are > probably using the latest protocols and ciph

Re: How to configure encryption ciphers and SSL/TLS protocols

will hold true forever but at this point in time I would prefer that we dont have ssl_ciphers and that any improvement we do is made to the default until we exhausted all possibilities to do so. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How to configure encryption ciphers and SSL/TLS protocols

he bug unless we can hit it with a version of smtpd that's not altered. On Mon, Jun 09, 2014 at 04:33:13AM -0400, Adam Suhl wrote: > I think at build time you can fine-tune which ciphers you want by editing > ssl.h -- in particular the SSL_CIPHERS define. > --Adam > >

Re: What's the idea behind "not enough disk space" "temporarily rejecting messages"

sed because we > honestly should beable to set when it decides to reject since as some one > pointed out 5% of a 1tb disk is like 50gigs, and no where near full. > > > On Tue, May 20, 2014 at 12:20 PM, Gilles Chehade wrote: > > > This has not been forgotten, the conversation

[MAINTAINERS] please read this mail :-)

D would fail to start after an OpenSSL upgrade. $ smtpd fatal: OpenSSL version mismatch. [...] The check was rewritten slightly differently and works fine with all the version tests I did manually. Please test and let me know if you hit it again. -- Gilles

anyone with an OpenSSL < 1.0.0 ?

time and get rid of the check for good. Any maintainer of a package that runs on a system that still uses <1.0.0 wants to object ? -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtp

Re: [PATCH] table-ldap mailaddr support

case K_DOMAIN: > + case K_MAILADDR: > if (strlcpy(dst, res[0][0], sz) >= sz) > ret = -1; > break; > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mai

Re: ploop.org certificate expired

:) > > Cheers, sorry for the noise! > yup, I get notifications when certs are about to expire but I let the one you mentionned expire as currently the website is being reworked, and distributes no content. i'll renew the cert before i reopen the blog ;) -- Gilles C

attention, attention, changes !

has packaged it as a portable standalone library, distributed by our little github organization. In a couple weeks, our snapshots will no longer ship asr and assume that the standalone library is a requirement so you should really consider to package the lib. Slightly more work but for a good c

Re: Client certificate verification prompt

s just additional > automated security offered by OpenSMTPD? > yup, client certificate validation is output in the headers and will let you known if the client has not presented a cert, presented a cert which couldn't be verified/failed/succeeded. -- Gilles Chehade https://www.poolp.

Re: Client certificate verification prompt

ection dropped. We can technically support authenticating clients using certificates not issued by your CA if we introduced a new kind of table lookups where the client certificate is looked up in a store. It's trivial work that could be wrapped within a couple hours but no one expressed interest

Re: build opensmtpd openbsd 5.5 box

> > > Fritjof > > > >> -- > >> You received this mail because you are subscribed to misc@opensmtpd.org > >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >> > > > I built it from snapshot a couple of days ago on i386

Re: Building on SmartOS/illumos

None On Jun 21, 2014 8:05 PM, John Grasty wrote: > > Hey, > > I saw this thread > https://www.mail-archive.com/misc@opensmtpd.org/msg00866.html on > building openSmtpd on SmartOS. Was any progress made? > > Thanks, > John Grasty > > -- > You received this mail because you are subscribed to

Re: attention, attention, changes !

On Sun, Jun 22, 2014 at 01:02:42AM -0300, Hugo Osvaldo Barrera wrote: > On 2014-06-17 15:37, Gilles Chehade wrote: > > Hi, > > > > We were using my personal github account until today and we decided that > > a bit of cleanup was needed. > > > >

Re: Building on SmartOS/illumos

On Sun, Jun 22, 2014 at 01:55:32AM +0200, Antoine Jacoutot wrote: > On Sat, Jun 21, 2014 at 09:56:40PM +0200, Gilles Chehade wrote: > > None > > I can probably help with that if needed. > Nice thanks :) -- Gilles Chehade htt

Re: What's wrong with this config?

wrong? :( > does it work if you remove "verify" ? -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: What's wrong with this config?

BACKUP STRING relay > accept_params > -> ACCEPT FROM ANY FOR DOMAIN STRING RELAY BACKUP STRING accept_params > I'll have a look, but meanwhile if a ticket could be opened so I don't forget it would be great -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: attention, attention, changes !

On Sun, Jun 29, 2014 at 09:45:11PM +0200, Jason A. Donenfeld wrote: > On Tue, Jun 17, 2014 at 3:37 PM, Gilles Chehade wrote: > > In a couple weeks, our snapshots will no longer ship asr and assume that > > the standalone library is a requirement so you should really consider to

Re: [OpenSMTPD] master snapshot opensmtpd-201406192229 available

mmary of changes since last snapshot (opensmtpd-201406192203): > >------- > > > >- unfuck build on OpenBSD 5.5 ... > > At least on trivial testing this one seems to work :-) > > Many thanks > good n

Re: attention, attention, changes !

On Tue, Jul 01, 2014 at 06:17:43PM +0200, Jason A. Donenfeld wrote: > On Tue, Jul 1, 2014 at 4:51 PM, Gilles Chehade wrote: > > On Sun, Jun 29, 2014 at 09:45:11PM +0200, Jason A. Donenfeld wrote: > >> On Tue, Jun 17, 2014 at 3:37 PM, Gilles Chehade wrote: > >> > In

Re: DSN problems

> Do you provide patches/errata for the release version shipped with > OpenBSD 5.5 (5.4.2)? > Yes, a small errata will be published soon with several minor fixes, I have to prepare the diff, meanwhile you can use the diff from 3038e11c429674a13896ab9bbe393143f9d95f1b which should apply

Re: libasr on linux

r outgoing > mail. I'm wreckless, but not that much! ;) > > Anyway, I though you might care to know it all works on this very bleeding > edge distro. > > Cheers > Nice, Out of curiosity, are you the new Arch Linux maintainer ? -- Gilles Chehade https://www.poolp.org

Re: Does the OpenSMTPD project have any plans to from OpenSSL to LibReSSL?

On Tue, Jul 15, 2014 at 10:15:08AM -0700, Seth wrote: > Just curious if OpenSMTPD has any plans to swap out OpenSSL for LibReSSL > once the latter has been deemed stable enough. > yes -- Gilles Chehade https://www.poolp.org @poolpOrg -- You

Re: LMTP with Dovecot : how to handle tags

> > Absolutely sure. I run OpenSMTPd-5.4.2 on FreeBSD-10.0, and if the folder > doesn?t exist OpenSMTPd creates it. > Yes, this was introduced post-5.4.2 ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail bec

blog post: testing of opensmtpd

http://blog.bronevichok.ru/2014/07/29/testing-of-opensmtpd.html -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: slide 34 resolver not chrooted

rooted for other lookup purposes and it's more convenient to have the resolver code handled by the process. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Can smtps replace starttls and is there any point

re? I guess both can't be run on > port 25 and I guess no-one would use SMTPS if it was running on port > 25 but thought I would ask if anyone knew of an RFC of SMTPS on another > port or replacing STARTTLS or any other tips about this. > Same here. Can you elaborate what is ex

Re: Can smtps replace starttls and is there any point

for > STARTTLS means that an IP supports STARTTLS for a short period? > A good solution to what ? I don't understand your "clear text race" thing -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because y

Re: Can smtps replace starttls and is there any point

On Fri, Aug 08, 2014 at 02:31:35PM +0200, Johannes L??thberg wrote: > On 08/08, Gilles Chehade wrote: > >>With STARTTLS I believe there is a clear text race where an attacker can > >>create a response stating STARTTLS is unsupported resulting in > >>cleartext transmis

Re: Can smtps replace starttls and is there any point

On Fri, Aug 08, 2014 at 02:32:17PM +0200, Gilles Chehade wrote: > On Fri, Aug 08, 2014 at 02:31:35PM +0200, Johannes L??thberg wrote: > > On 08/08, Gilles Chehade wrote: > > >>With STARTTLS I believe there is a clear text race where an attacker can > > >>crea

Re: [OpenBSD] libasr snapshot libasr-201407111828 available

->8--- > I'll fix this today > Also a question, are you guys planning to do releases (major.minor), or just > snapshots ? Context: Should I be creating two FreeBSD ports, or just one ? > Yes there are plans to do releases. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Problem with opensmtp at startup [ARCHLINUX ARM]

started after the others ? > I've thought it may has something to do with system time since at boot time > is set to 01/01/70 until network connection is established but I don't > think that's the cause. > unlikely yes -- Gilles Chehade https://www.poolp.org

Re: smtp fallback is not always working?

mta_connect(s); > + break; > + } > + mta_error(s, "IO Error: %s", io->error); > + mta_free(s); > + break; > + > case IO_DISCONNECTED: > log_debug("debu

Re: and greyscanner

y swamped so I won't do it myself before a while (besides I'll be offline for two weeks starting tonight). If someone writes the feature and does it correctly (hint: it's not just making the DELIM define tunable), I can merge a pull request. -- Gilles Chehade https://www.poolp.org

Re: [Bulk] and greyscanner

f being accepted. We have a filter API that let's you do that kind of thing, you don't even need us to accept anything if you use it ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: No such file or directory/resource temporarily unavailable when delivering mail

tp.mfa > >ramstat: buffer.smtp.mfa: n/a -> n/a > >ramstat: set: buffer.smtp.parent > >ramstat: buffer.smtp.parent: n/a -> n/a > >ramstat: set: buffer.smtp.queue > >ramstat: buffer.smtp.queue: n/a -> n/a > >mproc: mfa -> control : 53 IMSG_STAT_SET > >mproc: mfa -> control : 52 IMSG_STAT_SET > >mproc: mfa -> control : 50 IMSG_STAT_SET > >ramstat: set: buffer.mfa.control > >ramstat: buffer.mfa.control: n/a -> n/a > >ramstat: set: buffer.mfa.parent > >ramstat: buffer.mfa.parent: n/a -> n/a > >ramstat: set: buffer.mfa.smtp > >ramstat: buffer.mfa.smtp: n/a -> n/a > >mproc: queue -> control : 55 IMSG_STAT_SET > >mproc: queue -> control : 51 IMSG_STAT_SET > >mproc: queue -> control : 51 IMSG_STAT_SET > >mproc: queue -> control : 51 IMSG_STAT_SET > >mproc: queue -> control : 54 IMSG_STAT_SET > >mproc: queue -> control : 57 IMSG_STAT_SET > >mproc: queue -> control : 52 IMSG_STAT_SET > >ramstat: set: buffer.queue.control > >ramstat: buffer.queue.control: n/a -> n/a > >ramstat: set: buffer.queue.lka > >ramstat: buffer.queue.lka: n/a -> n/a > >ramstat: set: buffer.queue.mda > >ramstat: buffer.queue.mda: n/a -> n/a > >ramstat: set: buffer.queue.mda > >ramstat: buffer.queue.mda: n/a -> n/a > >ramstat: set: buffer.queue.parent > >ramstat: buffer.queue.parent: n/a -> n/a > >ramstat: set: buffer.queue.scheduler > >ramstat: buffer.queue.scheduler: n/a -> n/a > >ramstat: set: buffer.queue.smtp > >ramstat: buffer.queue.smtp: n/a -> n/a > >mproc: parent -> mda : 28 IMSG_MDA_DONE > >imsg: mda <- parent: IMSG_MDA_DONE (len=28, fd=4) > >mproc: mda -> queue : 69 IMSG_DELIVERY_TEMPFAIL > >delivery: TempFail for 4ff505c9976626c9: from=, > >to=, user=nolan, method=lmtp, delay=4s, stat=Error > >("smtpd: No input received: No such file or directory") > > > > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: dual separator?

be a bare userid, > and putting a "+" in there causes newaliases(8) to fail. Not sure why that > would be intended behaviour, but not sure it's a bug either. > There is currently no way of specifying the delimiter, it can only be + someone opened a ticket on our tracker and

Re: Incomplete error messages from bounced emails?

hen, do we really want to log the entire response ? Every time I will send a mail to one recipient, it will fill your logs with thousands of lines. Without even considering the speed at which I can amplify your logs filling, what worries me is that it can turn log files into

Re: [userbase] email in login field

`mail_forwarding`.`source` > AS > `source`,replace(replace(`mail_forwarding`.`destination`,'@','_'),'\r\n',', > ') AS `destination` from `mail_forwarding` union select `mail_user`.`email` > AS `email`,replace(`mail_user`.`email`,'@','_') AS `replace(email, '@', '_')` > from `mail_user` > character_set_client: utf8 > collation_connection: utf8_general_ci > 1 row in set (0.00 sec) > > MariaDB [dbispconfig]> \q -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: No such file or directory/resource temporarily unavailable when delivering mail

news, thanks! Is there a ticket I can follow for updates? > > > On 9/1/2014 3:31 AM, Gilles Chehade wrote: > > Just got back from vacations ;-) > > > > So, regarding: > > > > delivery: TempFail for 4ff505c9976626c9: > > from=, to=, user=nolan, > &g

Re: What form should query_credentials return?

xpects? > crypt > > Thanks, I'll move on to sharing configs if I'm on the wrong track with > the password format. I wanted to check that first. > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Incomplete error messages from bounced emails?

gt; > Cheers, > Nope, not dead :-) Eric and I are busy for a few more days at work before resuming hacking on OpenSMTPD. I've only started processing bug reports and mails a couple days ago ;) -- Gilles Chehade https://www.poolp.org @poolpOrg

Re: wildcard support?

er so I'm only processing them now ... For the user-part, this is tricky. I'm not saying it's not doable, but it's very tricky because wildcards makes it impossible for a backend to perform a lookup without iterating on all keys ... Maybe there

Re: interested in LDAP ?

internal_query: > filter=(&(objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1 > Segmentation fault > warn: table-proc: pipe closed > fatal: table-proc: exiting > warn: smtp -> lka: pipe closed > warn: parent -> lka: pipe closed > warn: mfa -> smtp: pipe clos

Re: Incomplete error messages from bounced emails?

On Mon, Sep 29, 2014 at 11:50:41AM -0300, Hugo Osvaldo Barrera wrote: > On 2014-09-05 19:22, Giovanni Bechis wrote: > > On 09/01/14 18:53, Hugo Osvaldo Barrera wrote: > > > On 2014-09-01 11:46, Gilles Chehade wrote: > > >> On Sat, Aug 23, 2014 at 12:28:00PM -03

Re: smtp fallback is not always working?

I'll analyze your diff and its impact tomorrow with a clear mind, if sensible it'll be committed tomorrow On Mon, Aug 11, 2014 at 06:41:11PM +0200, Stefan Sieg wrote: > On 11.08.2014 11:33, Gilles Chehade wrote: > > hi, > > > > can you explain this diff better

Re: Can't deliver messages: connection closed unexpectedly

to the next MX. In this case, we detect that the first MX was broken and try to pass to the next MX before reporting a failure on the message. However, we also forget to log th reason why the first MX was broken. This is a bug, not a feature, a ticket has just been opened: https://github.com/

Re: LDAP (mailaddr_filter) feedback

stname mx01.agri.local > > > ### AMAVIS -> EXTERN > accept from local tagged INT_AMAVIS_EXT for any relay hostname > mx01.example.com pki mx01.example.com > > > ########## > # > # -> AMAVIS > # > > ### INTERN -> AMAVIS > accept from source 1.2.3.4 for an

Re: Incomplete error messages from bounced emails?

On Mon, Sep 29, 2014 at 05:26:29PM -0300, Hugo Osvaldo Barrera wrote: > On 2014-09-29 21:35, Gilles Chehade wrote: > > On Mon, Sep 29, 2014 at 11:50:41AM -0300, Hugo Osvaldo Barrera wrote: > > > On 2014-09-05 19:22, Giovanni Bechis wrote: > > > > On 09/01/14 18:

Re: Incomplete error messages from bounced emails?

> > On Mon, Sep 29, 2014 at 1:37 PM, Gilles Chehade wrote: > > > On Mon, Sep 29, 2014 at 05:26:29PM -0300, Hugo Osvaldo Barrera wrote: > > > On 2014-09-29 21:35, Gilles Chehade wrote: > > > > On Mon, Sep 29, 2014 at 11:50:41AM -0300, Hugo Osvaldo Barrera wr

[README] important notes about latest snapshots

g installed libasr before will break the build. EOT -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: opensmtpd equivalent of cat email file into sendmail

n single line as end of input. What MTA were you using ? > Otherwise, is there some small utility that would do this? > I would like to avoid installing sendmail for these resends. > Well, meanwhile you can use pretty much any other MUA including the previ

Re: [OpenSMTPD] portable snapshot opensmtpd-201410131657p1 available

VILY. PLEASE TEST HEAVILY. Oh, and please do test heavily. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

<    1   2   3   4   5   6   7   8   9   10   >