MIMEDefang support for OpenSMTPd

2023-01-16 Thread Giovanni Bechis 
Hi,
I've just released the first version of mimedefang-smtpd-filter, an
smtpd filter to use MIMEDefang together with OpenSMTPd.
The filter is a bridge between smtpd(8) protocol and
mimedefang-protocol(7); not all MIMEDefang features are currently
supported but most mimedefang-filter scripts should work without issues.
The filter can be downloaded from https://mimedefang.org/download/, code
is available at
https://github.com/The-McGrail-Foundation/MIMEDefang-smtpd-filter.
 Cheers
  Giovanni


signature.asc
Description: PGP signature

Re: OpenSMTPD ignores the system time zone in mail header and logfile

2022-11-04 Thread Giovanni Bechis 
On Fri, Nov 04, 2022 at 12:51:17PM -0400, Stuart D Gathman wrote:
> On Thu, 3 Nov 2022, Nils wrote:
> 
> > The problem is probably Void Linux specific, since I don't have this
> > problem on a OpenBSD installation.
> 
> > P.S.: This is a cross-post of 
> > https://github.com/void-linux/void-packages/issues/39918
> 
> I did some research and reported on the github issue.
> 
> Summary:
> 
> The Received header field should use -, not + when localtime is
> not actually UTC.  But Received should not necessarily be in localtime.
> 
The following diff creates Received headers with - values.
 Cheers
  Giovanni

Index: to.c
===
RCS file: /cvs/src/usr.sbin/smtpd/to.c,v
retrieving revision 1.48
diff -u -p -r1.48 to.c
--- to.c14 Jun 2021 17:58:16 -  1.48
+++ to.c4 Nov 2022 17:30:11 -
@@ -159,7 +159,7 @@ time_to_text(time_t when)
day[lt->tm_wday], lt->tm_mday, month[lt->tm_mon],
lt->tm_year + 1900,
lt->tm_hour, lt->tm_min, lt->tm_sec,
-   offset >= 0 ? '+' : '-',
+   offset > 0 ? '+' : '-',
abs((int)offset / 3600),
abs((int)offset % 3600) / 60,
tz))


signature.asc
Description: PGP signature

Re: Problem using senders table in listen directive

2019-10-14 Thread Giovanni Bechis 
On 10/12/19 4:46 PM, y38...@protonmail.com wrote:
> SELECT (username||'@'||domain) FROM users WHERE ? LIKE mailbox
I think it should read
SELECT (username||'@'||domain) FROM users WHERE mailbox LIKE ?
typo or error ?
 
 Giovanni

Re: Filters and rctp-to rewrite.

2019-09-10 Thread Giovanni Bechis 
On 9/9/19 7:16 PM, Reio Remma wrote:
> On 09.09.2019 20:03, Giovanni Bechis wrote:
>>> I'm currently using amavisd-new with the quarantine feature, but I'm 
>>> itching to switch to Rspamd (greylisting here I come!).
>>>
>> amavisd-new 2.12 has rspamd support, have you tried it ?
> 
> Curious! I see the project has again switched hands, if you mean this one?
> 
> https://gitlab.com/amavis/amavis
> 
exactly, this is the new official amavis home.

> I'll have a look at it. Then again with Rspamd and filter-rspamd we could cut 
> down a lot of complexity.
>

Re: Filters and rctp-to rewrite.

2019-09-09 Thread Giovanni Bechis 
On 9/9/19 6:48 PM, Reio Remma wrote:
> On 09.09.2019 18:13, Martijn van Duren wrote:
>> On 9/9/19 3:37 PM, Reio Remma wrote:
>>> Hello!
>>>
>>> Slowly digging into filters.
>>>
>>> Now I'm curious if it's possible to modify the recipient after say spam
>>> check in data-line? I get the impression that rewriting rcpt-to at that
>>> stage is impossible, but my goal would be to redirect/quarantine high
>>> scoring spam to a special e-mail address.
>>>
>>> Would it be doable somehow?
>>>
>>> Thanks!
>>> Reio
>>>
>> It is not.
>>
>> What you might be able to do is add an additional header and somehow let
>> an lmtp server make the decision based on the header.
>>
>> I haven't used lmtp myself, no clue if this actually works, but it's
>> worth investigating :-)
>>
>> Please reply to the threat if you managed to make it work.
> 
> Thanks Martijn and Gilles for the confirmation!
> 
> I'm currently using amavisd-new with the quarantine feature, but I'm itching 
> to switch to Rspamd (greylisting here I come!).
> 
amavisd-new 2.12 has rspamd support, have you tried it ?

> I'm using the quarantine to keep an eye on mails with a medium spam score so 
> we won't lose the occasional legit mail with a higher than normal spam score. 
> Additionally I can train these borderline mails correctly as ham/spam.
> 
> I now see Rspamd has a metadata exporter feature I could probably use to copy 
> spammy mails to the quarantine mail address.
> 
> There are also Dovecot's sieve scripts. I'll have to see which work better.
> 
> Thanks,
> Reio
>

Re: RBLs?

2019-07-03 Thread Giovanni Bechis 
On 7/2/19 10:31 PM, mabi wrote:
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, July 2, 2019 11:44 AM, Gilles Chehade  wrote:
> 
>> if you configure rspamd to flag spam mail as reject, smtpd will reject them.
> 
> Glad to hear that this is possible with rspamd! Because with SpamAssassin it 
> is only possible to tag the mail as spam but not to reject it upfront. I want 
> to reject the mail immediately if it detected as spam so that it does not get 
> relayed further (out to another mail server).
> 
I think it could be possible to write a filter-spamassassin, that way smtpd 
could reject based on SpamAssassin tags.
 
 Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How can I integrate opensmtpd with opendkim?

2019-01-30 Thread Giovanni Bechis 
Atm I am using amavisd-new with clamav and spamassassin disabled to sign dkim 
on a send-only
server with opensmtpd.
 Cheers
  Giovanni

On 1/30/19 6:18 PM, Sergey Seacher wrote:
> I use Centos 7. There is packages perl-Mail-DKIM and opendkim in repository, 
> but there is not
> dkimproxy.
> 
> 30.01.2019 19:04, Chris Bennett пишет:
>> On Wed, Jan 30, 2019 at 05:45:35PM +0300, Sergey Seacher wrote:
>>> Hello, All!
>>>
>>> How can I integrate opensmtpd with opendkim?
>>>
>> There is also dkimproxy and a Perl module p5-Mail-DKIM.
>> Which one do you recommend, you hinted that there will be changes from
>> 6.4 to 6.5 for dkimproxy setup when it comes out, if I understood
>> correctly.
>>
>> I've got things working for 6.4 right now, but I will post a couple of
>> questions about using auth and some other stuff I expect/want to use
>> shortly.
>>
>> Thanks, I'm really thrilled to have this massive improvement over
>> sendmail!! All of your time doing this work has been so helpful, I
>> really hated sendmail with that huge book I had for it.
>>
>> Chris Bennett
>>
>>


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: tool-stats

2016-09-06 Thread Giovanni Bechis 
On 09/06/16 18:10, Mischa wrote:
> Hi All,
> 
> Did something else change in 6.0 in regards to logging?
> 
> tool-stats remains very empty.
> 
in OpenBSD 6.0 works file, are you running portable (on Linux) ?

-
tool-stats - smtpd log statistics (c) 2016 Joerg Jung

Thu Sep 06 09:00:02 - Thu Sep 06 18:19:33

Messages:   smtp: 6533 mta: 6509 mda: 0 reject: 0
Throughput: 700.57 mails/hour 44.67 mbytes/hour
-

 Cheers
   Giovanni

> # zcat /var/log/maillog.6.gz | tool-stats  
> tool-stats - smtpd log statistics (c) 2016 Joerg Jung
> 
> Mon Aug 27 15:00:01 - Tue Aug 28 15:00:01
> 
> Messages:   smtp: 0 mta: 0 mda: 0 reject: 4327
> Throughput: 0.00 mails/hour 0.00 bytes/hour
> 
> Filters
> 
>DNSBL:   4327
>Regex:   connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0
>Spam:0
>Virus:   0
> 
> ###
> 
> # tool-stats /var/log/maillog   
> tool-stats - smtpd log statistics (c) 2016 Joerg Jung
> 
> Thu Sep 06 11:00:01 - Thu Sep 06 18:07:10
> 
> Messages:   smtp: 0 mta: 0 mda: 0 reject: 0
> Throughput: 0.00 mails/hour 0.00 bytes/hour
> 
> Filters
> 
>DNSBL:   0
>Regex:   connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0
>Spam:0
>Virus:   0
> 
> 
> 
> I can see mail is coming in still
> 
> # grep -c "550 Invalid recipient" /var/log/maillog
> 754
> 
> Mischa
> 
> 


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filters

2016-01-01 Thread Giovanni Bechis 
Il 1 gennaio 2016 08:09:17 CET, Damian McGuckin <dami...@esi.com.au> ha scritto:
>
>Hi everybody,
>
>New to this list although I have been using OpenBSD thought since 2.1.
>Contributed hardware (long ago) to the OpenBSD project.
>
>I am trying to figure out how to use DNS BLs with OpenSMTPD. Until I
>can 
>do that, I do not want to deploy it.
>
>I can see the API code in the source try but not the instructions on
>how 
>to use it.
>
>I found the document 'opensmtpd-LinuxCon2015.conf' by Giovanni Bechis
>and 
>it seems to imply that filters are operational. In fact, it says
>
>   "there are filters available for dnsbl, regex matching,
>   Spam Assassin, and Clamav integration and much more"
>
>However, except for some limited images in the presentation, I cannot
>find 
>any documentation. Even if I grep 'dnsbl' in the current release,
>nothing 
>is there.
>
>Any pointers as to where I can find this information?
>
>Thanks - Damian
>
>Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW
>2037
>Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted
>here
>Views & opinions here are mine and not those of any past or present
>employer

You should at least pkg_add opensmtpd-extras to start playing with filters.
In base there is only the opensmtpd core implementation.
  Cheers
   Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Configuring opensmtpd to send local mails via smarthost

2015-11-25 Thread Giovanni Bechis 
On 11/25/15 13:41, tomaszdro...@interia.eu wrote:
[...]
I have something like this:

> secrets_for_relay_via:
> tomaszdrozdz_interia_eu:tomaszdrozdz:my_password
> 
label tomaszdro...@interia.eu:password

> makemap secrets_for_relay_via
> 
> smtpd.conf:
> listen on lo
> table secrets_for_relay_via db:/etc/opensmtpd/secrets_for_relay_via.db
> accept from local for any relay via 
> secure+auth://tomaszdrozdz_interia...@poczta.interia.pl auth 
> 
> expire 4h
> 
accept from local for any relay via secure+auth://la...@poczta.interia.pl auth 


 Cheers
   Giovanni


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-11-11 Thread Giovanni Bechis 
On 11/11/15 08:13, Mohammad H. Al Shami wrote:
> What I personally do is have a single server in my network able to send 
> emails to the public, and all other servers just relay via that server.
> 
> Makes handling DKIM/SPF/DMARC easier IMHO
> 
you should correctly setup your hostname and you dns then.
At least your hostname should resolve to something.
 Cheers
  Giovanni 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-11-10 Thread Giovanni Bechis 
On 11/10/15 11:54, tomaszdro...@interia.eu wrote:
> May I have question about smart host ?
> What is it, how does it work, what do I need, how to configure OPENSMTPD ?
> 
> Is it kind of "relay via" ?
> Do I need some mail account elsewhere for my OPENSMTD to log in ?
> It is hard for me to google out the "idea draft" of smart host)
> 
you should use "relay via" and use an account created by your isp if you do not 
want to send emails directly via your server.
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-11-09 Thread Giovanni Bechis 
On 11/09/15 17:22, tomaszdro...@interia.eu wrote:
> So You suggest that for example:
> 
> 1)
> My Linux host <---> router <---> ISP
> a) I should have static IP from my ISP and I should own my won domain ?
> 
not necessarily but your hostname(1) should resolve to something; you can 
always use a smart host to send outbound email if you do not have a static ip.
 
> 2)
> My Linux host <---> my company intranet
> a) my company should "allowed my Linux host in company DNS system" ?
> [[ b) this question only by my curiosity because I guess configuring DNS on 
> my Linux host is to much work for me - am I right ?] - and the question is: I 
> could install DNS on my Linux host and dont care about my company DNS system 
> ?]
> 
if your dns is managed by your company, your company should create at least an 
A record for your linux box.
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-10-30 Thread Giovanni Bechis 
On 10/30/15 12:25, tomaszdro...@interia.eu wrote:
> Giovanni Bechis" <giova...@paclan.it>
>> what is the output of `hostname`, `hostname --fqdn` and `dnsdomainname` ?
>> Your hostname whould be in fqdn format, not just the name of the host.
>>  Cheers
>>Giovanni
>>
> 
> *) hostname
> se-gips
> 
> *) hostname --fqdn
> se-gips
> 
> *) dnsdomainname
> [shows nothing - empty]
> 
As I told you before, set your hostname to something that is resolvable 
(se-gips.interia.eu is in fqdn format but still not resolvable).
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-10-30 Thread Giovanni Bechis 
On 10/30/15 11:49, tomaszdro...@interia.eu wrote:
[...]
> 7) cat /etc/hostname 
> se-gips
> 
> 8) cat /etc/resolv.conf
> 
what is the output of `hostname`, `hostname --fqdn` and `dnsdomainname` ?
Your hostname whould be in fqdn format, not just the name of the host.
 Cheers
   Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Please help greenhorn to send email.

2015-10-29 Thread Giovanni Bechis 
tomaszdro...@interia.eu ha scritto:
>Hallo opensmtpd mail list :-)
>
>I must say that I am "email server" greenhorn.
>I also do not have much experience in net configuration.
>
>I want to have email server that will allow me to send emails from my
>linux.
>I search internet (sendmail, qmail, exim, postfix, ...) and luckily
>found OPENSMTPD :-)
>I have liked it just after seeing one configuration line with: "accept
>from ...".
>Way of configuring opensmtpd seams to me be modern, simple and easiest
>of all smtp servers :-)
>
>As I wrote I am greenhorn and have problem.
>
>
>
>1) My system info:
>
>A) I run:
>Operating System: Fedora 21 (Twenty One)
>CPE OS Name: cpe:/o:fedoraproject:fedora:21
>Kernel: Linux 4.1.8-100.fc21.x86_64
>Architecture: x86-64
>
>on Virtual box.
>
>B) dnf info opensmtpd
>
>Name: opensmtpd
>Arch: x86_64
>Version : 5.7.1p1
>Release : 1.fc21
>
>2)
>A) iptables --list
>
>Chain INPUT (policy ACCEPT)
>target prot opt source   destination 
>
>Chain FORWARD (policy DROP)
>target prot opt source   destination 
>
>Chain OUTPUT (policy ACCEPT)
>target prot opt source   destination
>
>B) ip addr
>
>1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
>group default 
>link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>inet 127.0.0.1/8 scope host lo
>   valid_lft forever preferred_lft forever
>inet6 ::1/128 scope host 
>   valid_lft forever preferred_lft forever
>2: enp0s3:  mtu 1500 qdisc pfifo_fast
>state UP group default qlen 1000
>link/ether 08:00:27:6f:f9:22 brd ff:ff:ff:ff:ff:ff
>inet 172.29.2.101/19 brd 172.29.31.255 scope global dynamic enp0s3
>   valid_lft 570826sec preferred_lft 570826sec
>inet6 fe80::a00:27ff:fe6f:f922/64 scope link 
>   valid_lft forever preferred_lft forever
>6: enp0s11u1:  mtu 1500 qdisc
>pfifo_fast state UNKNOWN group default qlen 1000
>link/ether 0c:5b:8f:27:9a:64 brd ff:ff:ff:ff:ff:ff
> inet 192.168.8.100/24 brd 192.168.8.255 scope global dynamic enp0s11u1
>   valid_lft 52421sec preferred_lft 52421sec
>inet6 fe80::e5b:8fff:fe27:9a64/64 scope link 
>   valid_lft forever preferred_lft forever
>
>3) My opensmtp:
>
>A) /etc/opensmtpd/smtpd.conf
>
>listen on lo
>listen on enp0s3
>listen on enp0s11u1
>
>accept from local for any relay
>
>expire 4h
>
>B) ls -laZ /var/log/maillog 
>-rw---. root root system_u:object_r:var_log_t:s0   /var/log/maillog
>
>C) ps -ef|grep smtpd
>
>root 11410 1  0 11:44 ?00:00:00 smtpd: [priv]
>smtpq11411 11410  0 11:44 ?00:00:00 smtpd: queue
>smtpd11412 11410  0 11:44 ?00:00:00 smtpd: control
>smtpd11413 11410  0 11:44 ?00:00:00 smtpd: lookup
>smtpd11414 11410  0 11:44 ?00:00:00 smtpd: scheduler
>smtpd11415 11410  0 11:44 ?00:00:00 smtpd: pony express
>smtpd11416 11410  0 11:44 ?00:00:00 smtpd: klondike
>
>4) mailx -s "hello" "tomaszdro...@interia.eu"
>
>5) Problems
>
>A) sudo smtpctl show queue
>
>c823c60ac80192be|local|mta|auth|@|tomek@se-gips|tomek@se-gips|1446115579|1446461179|0|8|invalid||Temporary
>failure in MX lookup
>
>B) /var/log/maillog
>is empty
>
>Why I can not send email ?
>Why log file is empty ?
>
>
>Please help if you can.
>If you need more information I will provide it.

Your  server cannot resolve se-gips domain, check your host name and your 
resolver configuration. 
  Cheers
 Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPD big deployments

2015-07-28 Thread Giovanni Bechis 
Hi,
in October I will give a talk at Linuxcon about OpenSMTPD, does anybody have 
some statistics about some big deployments ?
Atm I have statistics only for my servers.
 Cheers  Thanks
  Giovanni  

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Giovanni Bechis 
On 03/12/15 17:42, Gonzalo wrote:
 what are you talking about??
 
 onzalo : /usr/ports sudo pkg_add -vi dkimproxy
 Password:
 Update candidates: quirks-2.54 - quirks-2.54
 quirks-2.54 signed on 2015-03-08T12:33:05Z

on 5.6 there is no package:

revision 1.323
date: 2015/02/16 18:10:21;  author: jasper;  state: Exp;  lines: +2 -1;  
commitid: L4dxY4PfIGmB6s3k;
hookup dkimproxy which seems to have been forgotten when originally imported

ok sthen@


 Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD on OpenBSD 5.6 backend MySQL

2015-02-10 Thread Giovanni Bechis 
On 02/10/15 16:20, Ultramedia Libertad wrote:
 Greetings friends,
 
 I read that OpenSMTPD already have the option of mysql backend,
 I would like to have an example of how to do it,
 As that previously used postfix with 3 virtual domains and 10 virtual users 
 in total.
 by the time my mail server is stopped and l people without post until I learn 
 how to work OpenSMTD with mysql backend.
 
 thank you for advance.
 
 OpenBSD 5.6
 
 OpenSMTPD 5.4.3
 
 Thank you for advance
 
 -- 
 editor de sueños
To be able to connect with MySQL you should install opensmtpd-extras port.
It is available on current, I do not know if the current port will compile on 
5.6 due to netdb.h change.
Attached a couple of config files to start with, in mysql.conf you have to 
write your own sql queries.
 Cheers
  Giovanni

#
# Sample MySQL configuration file
#

hostlocalhost
usernameuser
passwordpass
databasedb

# Alias lookup query
#
# rows   = 0
# fields == 1 (user varchar)
#
query_alias select destination from mail_valias where source=?


# Domain lookup query
#
# rows   == 1
# fields == 1 (domain varchar)
#
query_domainselect domain from mail_domain where domain=?;


# User lookup query
#
# rows   == 1
# fields == 3 (uid int, gid int, directory varchar)
#
query_userinfoselect uid,gid,maildir from mail_user where 
login=?


# Credentials lookup query
#
# rows   == 1
# fields == 2 (username varchar, password varchar)
#
query_credentialsselect login, password from mail_user where login=?;


# Netaddr lookup query
#
# rows   == 1
# fields == 1 (netaddr varchar)
#
#query_netaddrselect value from netaddr where value=$1;
#   $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# To accept external mail, replace with: listen on all
#
listen on lo0

table vusers mysql:/tmp/mysql.conf
table vdomains mysql:/tmp/mysql.conf
table aliases mysql:/tmp/mysql.conf

accept for domain vdomains userbase vusers virtual aliases deliver to 
maildir
accept from local for any relay

Re: OpenSMTPD Extras and libasr

2014-11-13 Thread Giovanni Bechis 
On 11/13/14 15:59, Emmanuel Vadot wrote:
  For 4, I think that for now smtpd uses ${PREFIX}/libexec/opensmtpd/ to look 
 at custom tables/filters which will fail on OpenBSD if the user use the smtpd 
 in base (PREFIX=/usr) and an extra via the packages (PREFIX=/usr/local IIRC).
 
OpenBSD-current does provide extras via packages, just pkg_add opensmtpd-extras.
 Cheers
  Giovanni Bechis


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: What form should query_credentials return?

2014-09-08 Thread Giovanni Bechis 
On 09/08/14 14:08, Nolan Darilek wrote:
 I'm struggling to get OpenSMTPD working with DBMail. Seems I'm almost
 there but not quite. Mail is arriving into my account, but I can't seem
 to authenticate against the database due to authentication failures.
 
 Currently DBMail is storing my password unencrypted, and it occurs to me
 that perhaps OpenSMTPD is expecting an encrypted password from
 query_credentials. Yes, I know this is a bad idea, and I fully intend to
 fix it, but my intent was to minimize moving parts.
 
 I found a link that seems to indicate query_credentials expects a
 password returned in encrypt(3) format. Is this accurate?
 
 If so, given this from DBMail's docs:
 
 -p pwtype
 Password type may be one of the following: plaintext, crypt, md5-hash,
 md5-digest, crypt-raw, md5-hash-raw, md5-digest-raw, md5-base64,
 md5-base64-raw.
 
 Which should I use such that query_credentials returns what OpenSMTPD
 expects?
 
I think crypt would be a good choice since opensmtpd uses crypt(3) to check for 
passwords.
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Postgres?

2014-09-05 Thread Giovanni Bechis 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/05/14 15:19, Hugo Osvaldo Barrera wrote:
 Hi,
 
 For a while now I've been wanting to try the postgres support properly. I've
 finally sat down to do it, but haven't had much luck:
 
 # grep postgres smtpd.conf
 table postgres postgres://postgres.conf
 # smtpd -n
 fatal: table_create: backend postgres does not exist
 
 Do I need to do any special building? Am I using the wrong syntax?
 
 I'm using OpenBSD-current (updated like 2 weeks ago?).
 
 Thanks,
 
This is still work-in-progress on OpenBSD, (see 
http://marc.info/?l=openbsd-portsm=140845596917927w=2), if interested I have 
a quite-working port.
 Cheers
  Giovanni
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJUCfCxAAoJEI7Sc79XDlKKVzwH/1timymhqZvNWuFxr2EvLKMI
jtYXTyVkczE7QkWJQ01MlVPe7OVt0Fi2pZmPFg4eRBdMRauzU8eLIpwl+c3hlGHZ
S600a7Hq1dv6GLnJ2suC5P+1EefUe0jR4t9QMIvbAJF8qcn069gfufgchNVBwl92
F7D/yft1WnwCwOj0dFvGA2ETGjnt6kM5Gp4L1se7CpUBw7ysOtGYlQ3u6yuuWKE/
z0nskJ1w7LVo/LKUxpa3BqBGgmNeG2WKHfj9sA2Qh5K1RL27FIhPM5MTfWGwXJt6
exDGCbaawm9KfB9PsuYF8X7uWI0U1KpBecKLZRlFKmoOhTLXXqyaTopp6w51Qng=
=BKTt
-END PGP SIGNATURE-

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Incomplete error messages from bounced emails?

2014-09-05 Thread Giovanni Bechis 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/01/14 18:53, Hugo Osvaldo Barrera wrote:
 On 2014-09-01 11:46, Gilles Chehade wrote:
 On Sat, Aug 23, 2014 at 12:28:00PM -0300, Hugo Osvaldo Barrera wrote:
 On 2014-08-22 18:32, Giovanni Bechis wrote:
 On 08/22/14 14:30, Hugo Osvaldo Barrera wrote:
 I recently had some messages bounce from gmail.com. I went up to their 
 forums
 to ask what's up, and on the replies, it was pointed out to my that gsmtpd
 actually sends a rather verbose explanation message when it bounces 
 messages
 (eg: if it's spam, invalid return address, blacklisted address, etc).

 Here's the thread were this was pointed to me. I'm guessing that sending 
 an
 email from a non-static IP range is enough to trigger a bounce 
 harmelessly:
 https://productforums.google.com/forum/#!msg/gmail/SQQAbew5tfE/-ue8aO07sf8J

 Can somebody confirm if these explanations are being dropped by smtpd, if
 they're non-standard, or what's going on?

 gmail warnings are splitted in two or more lines and smtpd logs only one 
 of them.
 See https://github.com/OpenSMTPD/OpenSMTPD/issues/365 for details.
  Cheers
   Giovanni

 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org


 Looks like the devs were expecting this to make it to the list and it did 
 not.
 Can we bring that up now? Are there any downsides to implementing this?


 Yes, we were waiting for the discussion to come up.

 There's a downside to implementing this:

 Imagine you create an account for me on your server.
 I then decide to go rogue and setup a remote MX which will reply with
 a HUGE response, say 1000s of lines.

 We need to log atomically so:

 a- log line can't be written until we're done reading response;
 b- session needs to remember every line of the response until done reading;

 
 Can't we not-log all of it, but keep the message and send it to the original
 sender?
 
 The logs could be something like:
 
   550 Error... [25 more lines trimmed]
 
I would like to have at maximum 5/6 lines of response on my log to be able to 
found if a problem is recurring and which could be the original cause.
 Cheers
  Giovanni
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJUCfFIAAoJEI7Sc79XDlKKIOgIAJUFm5US9HxXVPAsB8nGTwGH
t7fDfqqbn+Uuhpnilh/zWznrjqmoA1QeJLdvSo31T/mu2hz3EJ8IauLscYnkvCA3
ZB0PjSGFDec1B6cJ3LoyWscSIn/cn1xn/4cUDDAupsyMelIdmfAL4xNOupm073wC
hkEcFqPpqfnTU5aQMV3H/hG7Xs/1jMqjWtNF3IU+gVUfWfilYnu+QAwJq6YBVGFX
lhJn4Eqj4rAOeQfr0jAY1qvbqBcsCDrpfgrHW4LYiNMjrDcfUQ8tkoWjfM+73FY2
iWVmEFvuyybanHjmTGysue4ssAOmrSmot3tw2pAWIRY9Gk0XlL6M17EvGgKhJPg=
=/Zip
-END PGP SIGNATURE-

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [userbase] email in login field

2014-09-05 Thread Giovanni Bechis 
On 09/01/14 11:56, Gilles Chehade wrote:
 we may want to support email addresses as login, this can be discussed
 it was not designed this way to start with because we didn't support
 !system auth but this has changed and the use case has come up a few
 times
 
at the moment my setup it's working even if a bit hacky from a sql 
point-of-view, I haven't checked the code how difficult would be to support 
email addresses as login.
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Incomplete error messages from bounced emails?

2014-08-22 Thread Giovanni Bechis 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/22/14 14:30, Hugo Osvaldo Barrera wrote:
 I recently had some messages bounce from gmail.com. I went up to their forums
 to ask what's up, and on the replies, it was pointed out to my that gsmtpd
 actually sends a rather verbose explanation message when it bounces messages
 (eg: if it's spam, invalid return address, blacklisted address, etc).
 
 Here's the thread were this was pointed to me. I'm guessing that sending an
 email from a non-static IP range is enough to trigger a bounce harmelessly:
 https://productforums.google.com/forum/#!msg/gmail/SQQAbew5tfE/-ue8aO07sf8J
 
 Can somebody confirm if these explanations are being dropped by smtpd, if
 they're non-standard, or what's going on?
 
gmail warnings are splitted in two or more lines and smtpd logs only one of 
them.
See https://github.com/OpenSMTPD/OpenSMTPD/issues/365 for details.
 Cheers
  Giovanni
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJT93C6AAoJEI7Sc79XDlKKLWkH+we5rr8BJrF86lk81z01wTsf
xNGjo/2lly6zuIwYlknmeRqoJLUNOgj5xJrKIMen3YkveOdcq/aLl3yxBLN4pH9j
cU/60mLohNWAzpbX4KbFDPxlbpn7SMkxxZ3asfWgcRjPt7LX2MBO1l5qw9umk8VZ
v60OCJGsSxv49ps+KyoBh0fDxqXJordR6aCmVix83Kc6rTCKeYcKzAyGSqSI3JqF
DKFQra25z8lR/kvB6vuQmq+cFUejWDc7p0st0Rq4WGRUwq7ZpiEf7IjUSLhxbiYL
736oUdwW9MlRwr+GWPaK3UaCXXE6z2Tj4IxzW4WGbiWsDY0Y02SgcPpODMTp2GY=
=9pqx
-END PGP SIGNATURE-

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Can't deliver messages: connection closed unexpectedly

2014-08-21 Thread Giovanni Bechis 
On 08/21/14 15:59, Fabio Riga wrote:
 Hi list,
 
 I run an OpenBSD 5.5 server on a VPS with OpenSMTPd. I get the message 
 Connection closed unexpectedly and a TempFail for every message sent to 
 every domain of a very big Italian ISP. The TempFail last 4 days, then the 
 message expires. I don't know if the laconic message is an OpenSMTPd issue or 
 a ISP one, but maybe somebody has a clue of the possible causes.
 
 I tryed as well to ask to the ISP, maybe I'll get an answer...
 
 Here it is a part of maillog:
 
I think it could a network problem on their side, from Italy (OpenBSD 5.6) I 
cannot deliver (see log file), from outside Italy there are no problems.
 Cheers
  Giovanni

Script started on Thu Aug 21 17:28:16 2014
$ sm  sudo smtpd -dv

debug: init ssl-tree
info: OpenSMTPD 5.4.3 starting
debug: bounce warning after 4h
debug: using fs queue backend
debug: using ramqueue scheduler backend
debug: using ram stat backend
info: startup [debug mode]
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: parent_send_config: configuring ca process
debug: init ssl-tree
debug: ca_engine_init: using RSAX engine support
debug: smtp: listen on 127.0.0.1 port 25 flags 0x400 pki 
debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x400 pki 
debug: smtp: listen on IPv6:::1 port 25 flags 0x400 pki 
debug: smtp: will accept at most 2037 clients
debug: init private ssl-tree
debug: queue: done loading queue into scheduler
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x4536b769300
smtp: 0x4565257e000: STATE_NEW - STATE_CONNECTED
smtp-in: New session aa25a6d9509a520a from host 1000@localhost [local]
smtp: 0x4565257e000:  220 localhost ESMTP OpenSMTPD
smtp: 0x4565257e000:  EHLO localhost
smtp: 0x4565257e000: STATE_CONNECTED - STATE_HELO
smtp: 0x4565257e000:  250-localhost Hello localhost [local], pleased to meet you
smtp: 0x4565257e000:  250-8BITMIME
smtp: 0x4565257e000:  250-ENHANCEDSTATUSCODES
smtp: 0x4565257e000:  250-SIZE 36700160
smtp: 0x4565257e000:  250 HELP
smtp: 0x4565257e000:  MAIL FROM:giova...@bigio.paclan.it  
smtp: 0x4565257e000:  250 2.0.0: Ok
smtp: 0x4565257e000:  RCPT TO:t...@staff.aruba.it 
smtp: 0x4565257e000:  250 2.1.5 Destination address valid: Recipient ok
smtp: 0x4565257e000:  DATA
smtp: 0x4565257e000: STATE_HELO - STATE_BODY
smtp: 0x4565257e000:  354 Enter mail, end with . on a line by itself
 [MSG] From: Giovanni Bechis giova...@bigio.paclan.it
 [MSG] Date: Thu, 21 Aug 2014 17:28:35 +0200 (CEST)
 [MSG] Message-Id: 5588509546345635123.enqu...@bigio.paclan.it
 [MSG] To: t...@staff.aruba.it
 [MSG] Subject: test
 [MSG] 
 [MSG] test
debug: 0x4565257e000: end of message, msgflags=0x
smtp: 0x4565257e000:  250 2.0.0: e8eb560f Message accepted for delivery
smtp-in: Accepted message e8eb560f on session aa25a6d9509a520a: from=giova...@bigio.paclan.it, to=t...@staff.aruba.it, size=196, ndest=1, proto=ESMTP
debug: scheduler: evp:e8eb560f60257862 scheduled (mta)
smtp: 0x4565257e000: STATE_BODY - STATE_HELO
smtp: 0x4565257e000:  QUIT
smtp: 0x4565257e000:  221 2.0.0: Bye
smtp: 0x4565257e000: STATE_HELO - STATE_QUIT
smtp-in: Closing session aa25a6d9509a520a
debug: smtp: 0x4565257e000: deleting session: done
debug: mta: received evp:e8eb560f60257862 for t...@staff.aruba.it
debug: mta: draining [relay:staff.aruba.it] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying MX for [relay:staff.aruba.it]...
debug: mta: [relay:staff.aruba.it] waiting for MX
debug: MXs for domain staff.aruba.it:
	62.149.157.49 preference 10
debug: mta: ... got mx (0x45611e38220, staff.aruba.it, [relay:staff.aruba.it])
debug: mta: draining [relay:staff.aruba.it] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying source for [relay:staff.aruba.it]...
debug: mta: ... got source for [relay:staff.aruba.it]: []
debug: mta: new [connector:[]-[relay:staff.aruba.it],0x1]
debug: mta: connecting with [connector:[]-[relay:staff.aruba.it],0x0]
debug: mta-routing: searching new route for [connector:[]-[relay:staff.aruba.it],0x0]...
debug: mta-routing: selecting candidate route [] - 62.149.157.49
debug: mta-routing: spawning new connection on [] - 62.149.157.49
debug: mta: 0x45666484000: spawned for relay [relay:staff.aruba.it]
debug: mta: connecting with [connector:[]-[relay:staff.aruba.it],0x0]
debug: mta: cannot use [relay:staff.aruba.it] before 2s
debug: mta-routing: no route available for [connector:[]-[relay:staff.aruba.it],0x0]: must wait a bit
debug: mta: retrying to connect on [connector:[]-[relay:staff.aruba.it],0x0] in 2s...
debug: mta: draining [relay:staff.aruba.it] refcount=3, ntask=1, nconnector=1, nconn=1
debug: mta: scheduling relay [relay:staff.aruba.it] in 1s...
smtp-out: Connecting to smtp+tls://62.149.157.49:25 (staff.aruba.it) on session aa25a6dc79081475...
smtp-out: Connected on session aa25a6dc79081475
debug: mta: ... timeout for [relay:staff.aruba.it]
debug: mta: draining

Re: Can't deliver messages: connection closed unexpectedly

2014-08-21 Thread Giovanni Bechis 
On 08/21/14 17:33, Giovanni Bechis wrote:
 On 08/21/14 15:59, Fabio Riga wrote:
 Hi list,

 I run an OpenBSD 5.5 server on a VPS with OpenSMTPd. I get the message 
 Connection closed unexpectedly and a TempFail for every message sent to 
 every domain of a very big Italian ISP. The TempFail last 4 days, then the 
 message expires. I don't know if the laconic message is an OpenSMTPd issue 
 or a ISP one, but maybe somebody has a clue of the possible causes.

 I tryed as well to ask to the ISP, maybe I'll get an answer...

 Here it is a part of maillog:

 I think it could a network problem on their side, from Italy (OpenBSD 5.6) I 
 cannot deliver (see log file), from outside Italy there are no problems.
  Cheers
   Giovanni
 
Discard the message, my connection is in Spamhaus, from outside Italy I can 
confirm I can deliver to aruba.it.
 Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

[userbase] email in login field

2014-08-20 Thread Giovanni Bechis 
Hi,
I am trying to configure an smtpd server with mysql as userbase, on my database 
the mailbox schema is the following (simplified):
id  1
login   giova...@paclan.it
email   giova...@paclan.it
uid 5000
gid 5000
maildir /var/vmail/paclan.it/giovanni

With the following conf the table_lookup tries to find a record with 
login=giovanni instead of login=giova...@paclan.it, is there a way to tell that 
the login field contains an email ?
 Thanks
  Giovanni
#
# Sample PostgreSQL configuration file
#
# This is an example configuration file for using OpenSMTPD with the PostgreSQL
# backend for lookups. OpenSMTPD does not have hardcoded tables and you may
#
#

hostlocalhost
usernameuser
passwordpass
databasedb

# Alias lookup query
#
# rows   = 0
# fields == 1 (user varchar)
#
query_aliasselect destination from mail_forwarding where 
source=?;


# Domain lookup query
#
# rows   == 1
# fields == 1 (domain varchar)
#
query_domainselect domain from mail_domain where domain=?;


# User lookup query
#
# rows   == 1
# fields == 3 (uid int, gid int, directory varchar)
#
query_userinfoselect uid,gid,maildir from mail_user where 
login=? and server_id=6;


# Credentials lookup query
#
# rows   == 1
# fields == 2 (username varchar, password varchar)
#
query_credentialsselect login, password from mail_user where login=?;


# Netaddr lookup query
#
# rows   == 1
# fields == 1 (netaddr varchar)
#
#query_netaddrselect value from netaddr where value=$1;
#   $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# To accept external mail, replace with: listen on all
#
listen on lo0

table vusers mysql:/tmp/mysql.conf
table vdomains mysql:/tmp/mysql.conf
table aliases mysql:/tmp/mysql.conf

accept for domain vdomains userbase vusers alias aliases deliver to 
maildir
accept from local for any relay
smtp-in: New session fa16849c56bf0dd1 from host localhost [127.0.0.1]
lookup: check 127.0.0.1 as NETADDR in table static:localhost - found
lookup: check paclan.it as DOMAIN in table proc:vdomains - found
lookup: lookup giovanni as ALIAS in table proc:aliases - 0
lookup: lookup giovanni as USERINFO in table proc:vusers - 0
smtp-in: Failed command on session fa16849c56bf0dd1: RCPT TO: giova...@paclan.it = 550 Invalid recipient

Re: [userbase] email in login field

2014-08-20 Thread Giovanni Bechis 
On 08/20/14 11:27, Martijn van Duren wrote:
 Hello Giovanni,
 
 When doing a login the username is always stripped from its domain part.
 For my setup (sqlite-based) I worked around this in the following manner
 (only important sections):
I have to think if it is possible for me, I want to switch to opensmtpd only 
one node of my postfix cluster for the moment; my user database must be 
postfix-compatible for some time. 
 Cheers  Thanks
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [userbase] email in login field

2014-08-20 Thread Giovanni Bechis 
On 08/20/14 14:16, Martijn van Duren wrote:
 
 query_alias select COALESCE(destination, REPLACE(maddr, '@',
 '_')), ? as maddr from mail_forwarding where source=maddr;
 
 And of course I was a bit too fast with this one (column aliases can't
 be used in other columns), so if something should work it would be:
 
 query_alias SET @maddr = ?; SELECT COALESCE(destination,
 REPLACE(@maddr, '@', '_')) from mail_forwarding where source=@maddr;
 
 I've tested this one as a proof of concept, yet not in an
 table_mysql.conf setup.
 
 I am curious if this works, so keep me posted. :)
 
nope, syntax error in query alias, anyway in my alias table I haven't all 
users, just real aliases, so the query won't match.
 Thanks  Cheers
  Giovanni

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org