Re: Wrote a blogpost on OpenSMTPD mailrelay - feedback appreciated
I keep a couple of notes here: https://www.tumfatig.net/tags/opensmtpd/ Le 11/03/2024 à 14:59, gil...@poolp.org a écrit : I created a Wiki page on the public repository for OpenSMTPD: https://github.com/OpenSMTPD/OpenSMTPD/wiki/OpenSMTPD-articles-and-posts List to be completed ;-)
Re: Remove the first Received header
Le 26/01/2023 à 23:15, Pete Long a écrit : On Thu, Jan 26, 2023 at 10:58:18PM +0100, Joel Carnat wrote: Hi, When using smtpd as a mail gateway and authenticating from various desktop/mobile clients, the first Received header always references the client host, ip, fqdn, etc. Some (maybe stupid) SMTP servers seem to consider these information when doing SPAM checks so you end getting blacklisted because the mail comes from a user IP-range and IP is not referenced in SPF... Not sure it even makes sense and/or break SMTP RFCs but, is there a way to tell smtpd to not include that first "user connection" in the mail headers? Hi Joel, listen on bge0 port submission tls-require pki mydomain.tld auth \ hostname mydomain.tld mask-src The mask-src option does the trick for me. Pete. Ah yes, that does not remove the whole header but the mobile information are gone now. I've tested this with a bunch of Big Tech test accounts and they keep getting my email. So I'll go for this trick. Thanks a lot.
Remove the first Received header
Hi, When using smtpd as a mail gateway and authenticating from various desktop/mobile clients, the first Received header always references the client host, ip, fqdn, etc. Some (maybe stupid) SMTP servers seem to consider these information when doing SPAM checks so you end getting blacklisted because the mail comes from a user IP-range and IP is not referenced in SPF... Not sure it even makes sense and/or break SMTP RFCs but, is there a way to tell smtpd to not include that first "user connection" in the mail headers? Thanks, Joel
Re: need help
Le 30/09/2019 15:55, gil...@poolp.org a écrit : Hello, I'd like to bring native support for SPF in OpenSMTPD in a future release, but for this I need a bit of help to make sure my SPF resolver works fine. I have created a repository with a standalone executable that performs the SPF lookup and checks if an IP address is allowed to send on behalf of the sending domain: https://github.com/poolpOrg/spf https://github.com/poolpOrg/spf/blob/master/README.md If you could test and report issues, it would be nice, As much as I can understand it, recursion seem to not work. Working example: # dig -t TXT carnat.net carnat.net. 14314 IN TXT "v=spf1 mx -all" # ./spf carnat.net 108.61.176.54 checking if 108.61.176.54 can send for carnat.net: pass # ./spf carnat.net 157.55.9.128 checking if 157.55.9.128 can send for carnat.net: fail Not fully working example: # dig -t TXT outlook.com outlook.com.600 IN TXT "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all" # ./spf outlook.com 157.55.9.128 checking if 157.55.9.128 can send for outlook.com: EXISTS: 0 EXISTS: 0 pass # dig -t TXT spf-a.hotmail.com spf-a.hotmail.com. 3600IN TXT "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" # ./spf outlook.com 65.54.190.5 checking if 65.54.190.5 can send for outlook.com: EXISTS: 0 EXISTS: 0 EXISTS: 0 EXISTS: 0 EXISTS: 0 EXISTS: 0 soft-fail
Re: How to setup a "clean MTA" in 2019?
On Wed 03/04 11:36, Gilles Chehade wrote: > On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote: > > Hi, > > > > Hi, > > > Reading the Internet and looking at actual public DNS records and email > > headers, there seem to be disagreements regarding the usage of things > > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and > > have not been rediscussed recently. > > > > So far, I identified the followings: > > - MUST: have a proper Reverse DNS > > - MUST: have a proper HELO/EHLO value (matching DNS) > > - MAY: have SPF configured to announce official MTA > > - MAY: have DKIM configured to sign outgoing emails > > - MAY: have DMARC set with p=none // many MTA won't check > > - DONT: have DMARC set with p=(quarantine|reject) // may break things > > > > What would be the recommandations from the OpenSMTPD project as of 2019 > > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are > > there more things to add to this checklist? > > > > Thank you. > > > > No wonder there is no consensus: there's no "right" list, it depends for > the most part on the reputation of the sender (reputation being trickier > than just "IP reputation" as most people think) so different people will > have different experience of what works and what doesn't. > > I will write an in-depth article describing my way of modeling this, but > in the mean time I'll tell you the following: > > Today, SMTP exchanges rely on a proof of work. > > Some recipient domains require a lot of work from senders, others won't, > and with that in mind your list of things to setup may differ on who you > are sending from, who you are sending to, the volumes of mails you send, > the type of mails you send, etc... > > My very own minimal would be: > - have a dedicated IP address for mail with correct rDNS and fc-rDNS > - setup the mta to support TLS (if needed, not the case on OpenSMTPD) > - setup the mta to use a EHLO name matching DNS for the IP > - setup SPF > - setup DKIM > > That would be my very very very very minimum requirements. Great. Thanks! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
How to setup a "clean MTA" in 2019?
Hi, Reading the Internet and looking at actual public DNS records and email headers, there seem to be disagreements regarding the usage of things like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and have not been rediscussed recently. So far, I identified the followings: - MUST: have a proper Reverse DNS - MUST: have a proper HELO/EHLO value (matching DNS) - MAY: have SPF configured to announce official MTA - MAY: have DKIM configured to sign outgoing emails - MAY: have DMARC set with p=none // many MTA won't check - DONT: have DMARC set with p=(quarantine|reject) // may break things What would be the recommandations from the OpenSMTPD project as of 2019 when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are there more things to add to this checklist? Thank you. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Vultr has all blacklisted IP's for email
I own a VPS located in France. > Le 19 déc. 2018 à 22:41, Chris Bennett a écrit > : > > On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote: >> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox. >> And, so far, I don’t have any issues sending/receiving mail. >> > > I really must have workable email and baremetal > > Right now the second IP I requested is 45.76.27.230 > This is much worse than the first one I also have which is > 108.61.242.230 > > I am using a server in Chicago. Where is yours located? > Maybe the location is related? > > Other than this problem, I am quite happy. If I can solve this, I will > move off of my other server, which is stuck on crappy Java KVM. > I don't have any problem with another location. > > Chris Bennett > > smime.p7s Description: S/MIME cryptographic signature
Re: Vultr has all blacklisted IP's for email
I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox. And, so far, I don’t have any issues sending/receiving mail. > Le 19 déc. 2018 à 22:09, Chris Bennett a écrit > : > > I was very happy with what I got for a baremetal server at Vultr. > Unfortunately, even after getting a second IP that was not from the same > range as the first one, all of these IP ranges, not single IP's, are > blacklisted in the worst category. > If you want a web/etc server, great. > If you want anything to do with email, forget them. > Shame. I need another baremetal that doesn't have Java KVM. > Any recommendations? > > Thanks. Looks like anything related to Cloud may be a problem??? > > Chris Bennett > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > smime.p7s Description: S/MIME cryptographic signature
Re: people using elk / grafana ?
Le 09/11/2018 17:16, Gilles Chehade a écrit : HELO, I'm looking for people that are regular users of ELK / Grafana or alike. I'd like to discuss improvements that can be made to the event reporting mechanism to ease integration with monitoring and alerting tools. If creating dashboards and alerts is part of your daily routing, ping me so we can talk. I did experiment quit a few. Recently I've switched to using syslog-ng+influx ; because ELS+Logstash eat too much mem on my tiny CLoud instance. @+ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Grabing release from www.opensmtpd.org
Yep. I ended grabing a tarball from GitHub. Which worked. My new (simple) conf seem to be ready :) Thanks. Le 22/10/2018 20:11, Gilles Chehade a écrit : We're not ready for the portable release yet so I didn't build the master release, it is however tagged on GitHub already so you can download a tarball for tag opensmtpd-6.4.0 there Gilles Le 22 oct. 2018 14:18, Matt Schwartz a écrit : I think it's best if you get the sources from OpenBSD CVS. On Mon, Oct 22, 2018, 8:06 AM Joel Carnat wrote: Hi, On my way to move from 6.0.x to 6.4, I went to www.opensmtpd.org [1] and hoped I could get the 6.4 release, build it and test my new configuration file (before doing the whole obsd 6.3 to 6.4 upgrade). But... the osmtpd website seem to only offer sources for the 6.0.3 release. Will the website be updated or should I grab the sources from openbsd repo ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org Links: -- [1] http://www.opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Grabing release from www.opensmtpd.org
Hi, On my way to move from 6.0.x to 6.4, I went to www.opensmtpd.org and hoped I could get the 6.4 release, build it and test my new configuration file (before doing the whole obsd 6.3 to 6.4 upgrade). But... the osmtpd website seem to only offer sources for the 6.0.3 release. Will the website be updated or should I grab the sources from openbsd repo ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: smtpctl: need root privileges
Le 25/09/2018 14:27, Gilles Chehade a écrit : On Tue, Sep 25, 2018 at 11:23:59AM +0200, Joel Carnat wrote: Hi, (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. But I still get: # doas -u _telegraf /usr/sbin/smtpctl show stats smtpctl: need root privileges Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still relevant ? Is the only way to get stats is to use doas to execute as root ? Thanks. Hi, The thread you're mentionning is no longer relevant, however as of today it is true that statistics are not exposed to users. I don't know if we should, it requires at least a bit of thinking and of discussion which I think should target the 6.5 release. In particular, a lot of people are using the smtpctl stats command as an input to reporting utilities and maybe we should provide a better way to do that, and maybe I already have diffs heading in that direction ;) Gilles Ok. I've tried using the _smtpq group too but that explains why it still failed. Telegraf seem to be close-linked to `sudo`. I'll see how to fool it to use `doas` Thank you. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
smtpctl: need root privileges
Hi, (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. But I still get: # doas -u _telegraf /usr/sbin/smtpctl show stats smtpctl: need root privileges Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still relevant ? Is the only way to get stats is to use doas to execute as root ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Can you explain AUTH process using LDAP
Hi, I'm setting up smtpd with virtual LDAP users (on OpenBSD 6.0 / OpenSMTPD 6.0.0) and the SMTP authentication fails. Relevant smtpd.conf part is: table vusers ldap:/etc/mail/tumfatig-QNAP.conf listen on egress tls pki www.tumfatig.net auth-optional The LDAP configuration is: # LDAP server url ldap://qnap.tumfatig.net basedn dc=tumfatig,dc=net usernameuid=service,ou=people,dc=tumfatig,dc=net passwordsecret # SMTP submission / authentication credentials_filter (&(objectClass=posixAccount)(uid=%s)) credentials_attributes uid,userPassword LDAP lookups for RCPT works. So I know url/basedn/username/password are correct. Only SMTP AUTH fails. The daemon says: debug: smtp: new client on listener: 0x138c683ec000 ba71f1a249ecc401 smtp event=connected address=192.168.0.60 host=openbsd.tumfatig.net debug: lka: looking up pki "www.tumfatig.net" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc ba71f1a249ecc401 smtp event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256" debug: lka: authenticating for vusers:ptijo vusers[89674]: debug: table_ldap: ldap_query: filter=(&(objectClass=posixAccount)(uid=ptijo)), ret=1 ba71f1a249ecc401 smtp event=authentication user=ptijo result=permfail smtp-in: Failed command on session ba71f1a249ecc401: "AUTH PLAIN (...)" => 535 Authentication failed ba71f1a249ecc401 smtp event=closed reason=disconnect debug: smtp: 0x138bc897b000: deleting session: disconnected If I manually run ldapsearch using url/basedn/username/password/credentials_filter, I can find the user and see its attrs. I also tried using the "admin" LDAP user as username/password but it still fails. So AFIAK, it's not a matter of getting userPassword or not. Using the same url/basedn/username/password, Dovecot can authenticate users for IMAPS connections. How does OpenSMTPd authenticates users using LDAP ? Does it connects using username/password and do some HASH comparison with credentials given in the SMTP/TLS session or does it try to connect to LDAP using the provided SMTP AUTH credentials ? Does userPassword format (SHA/SSHA/CRYPT) matters ? Thanks, Jo -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
LDAP and listen on (...) auth
Hi, I’ve just discovered than my smtpd/ldapd configuration is not 100% working. The submission part seem to not do the whole LDAP process to verify password. I have OpenSMTPD 5.4.4 running on OpenBSD 5.7 amd64. Here’s my smtpd.conf # OpenSMTPD configuration # table vusers ldap:/etc/mail/ldap.conf table vdomains ldap:/etc/mail/ldap.conf pki www.tumfatig.net certificate "/etc/ssl/gandi.crt" pki www.tumfatig.net key "/etc/ssl/private/gandi.key" listen on lo0 listen on egress tls pki www.tumfatig.net auth-optional #listen on egress port submission tls-require pki www.tumfatig.net auth listen on egress port submission tls-require pki www.tumfatig.net auth accept from any for domain virtual deliver to lmtp "/var/dovecot/lmtp" accept from local for any relay Here’s the ldap.con table # Mail domains # domain_filter (&(objectClass=domain)(dc=%s)) domain_attributes dc # SMTP submission / authentication # credentials_filter (&(objectClass=posixAccount)(uid=%s)) credentials_attributes uid,userPassword # SMTP delivery / IMAP authentication # userinfo_filter (&(objectClass=posixAccount)(uid=%s)) userinfo_attributes uid,uidNumber,gidNumber,homeDirectory # SMTP aliases # alias_filter(&(objectClass=nisMailAlias)(cn=%s)) alias_attributesrfc822MailMember Here’s the error part smtp-in: Started TLS on session 1d599982ae8ff186: version=TLSv1/SSLv3, cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256 debug: lka: authenticating for vusers:ptijo debug: table_ldap: ldap_query: filter=(&(objectClass=posixAccount)(uid=ptijo)), ret=1 smtp-in: Authentication failed for user ptijo on session 1d599982ae8ff186 smtp-in: Failed command on session 1d599982ae8ff186: "AUTH [...]" => 535 Authentication failed smtp-in: Received disconnect from session 1d599982ae8ff186 Here’s the LDAP debug session log Aug 2 09:42:01.415 [606] consumed 126 bytes Aug 2 09:42:01.415 [606] got request type 3, id 13 Aug 2 09:42:01.415 [606] base dn = dc=tumfatig,dc=net, scope = 2 Aug 2 09:42:01.415 [606] requesting 01 access to dc=tumfatig,dc=net by cn=service,dc=tumfatig,dc=net, in namespace dc=tumfatig,dc=net Aug 2 09:42:01.415 [606] init index scan on [objectclass=posixaccount,] Aug 2 09:42:01.415 [606] found index objectclass=posixaccount,uid=ptijo,ou=users, Aug 2 09:42:01.415 [606] lookup indexed key [uid=ptijo,ou=users,dc=tumfatig,dc=net] Aug 2 09:42:01.415 [606] found dn uid=ptijo,ou=users,dc=tumfatig,dc=net Aug 2 09:42:01.415 [606] requesting 01 access to uid=ptijo,ou=users,dc=tumfatig,dc=net by cn=service,dc=tumfatig,dc=net, in namespace dc=tumfatig,dc=net Aug 2 09:42:01.416 [606] found index objectclass=top,cn=service, Aug 2 09:42:01.416 [606] scanned past index prefix [objectclass=posixaccount,] Aug 2 09:42:01.416 [606] 3 scanned, 1 matched, 0 dups Aug 2 09:42:01.416 [606] sending response 5 with result 0 Aug 2 09:42:01.416 [606] finished search on msgid 13 Aug 2 09:42:02.818 [606] accepted connection from 192.168.0.50 on fd 17 Aug 2 09:42:02.818 [606] ssl_session_init: switching to SSL Aug 2 09:42:02.818 [606] ssl_session_accept: accepting client Aug 2 09:42:02.822 [606] ssl_session_accept: accepting client Aug 2 09:42:02.824 [606] ssl_session_accept: accepted ssl client Aug 2 09:42:02.824 [606] consumed 14 bytes Aug 2 09:42:02.824 [606] got request type 0, id 0 Aug 2 09:42:02.824 [606] bind dn = Aug 2 09:42:02.824 [606] anonymous bind Aug 2 09:42:02.824 [606] sending response 1 with result 0 Aug 2 09:42:02.824 [606] consumed 7 bytes Aug 2 09:42:02.824 [606] got request type 2, id 1 Aug 2 09:42:02.824 [606] current bind dn = (null) Aug 2 09:42:02.824 [606] end-of-file on connection 17 Aug 2 09:42:02.824 [606] closing connection 17 Aug 2 09:42:02.824 [606] accepted connection from 127.0.0.1 on fd 17 Aug 2 09:42:02.824 [606] consumed 14 bytes Aug 2 09:42:02.824 [606] got request type 0, id 0 Aug 2 09:42:02.824 [606] bind dn = Aug 2 09:42:02.824 [606] anonymous bind Aug 2 09:42:02.824 [606] sending response 1 with result 0 Aug 2 09:42:02.824 [606] consumed 7 bytes Aug 2 09:42:02.824 [606] got request type 2, id 1 Aug 2 09:42:02.824 [606] current bind dn = (null) Aug 2 09:42:02.824 [606] closing connection 17 Seems to me that the lookup is done but not the password check. I would expect another bind with the found DN and the password provided by session ; or at least a password comparison. Any idea ? TIA, Jo
Re: Virtual users need to exist in /etc/passwd ?
> Le 16 juil. 2015 à 20:26, Joerg Jung a écrit : > > On Thu, Jul 16, 2015 at 08:09:41PM +0200, Joel Carnat wrote: >> Hi, >> >> I have configured OpenSMTPD 5.4.4 (from OpenBSD 5.7) with virtual LDAP users >> and LMTP to Dovecot. >> >> table vusers ldap:/etc/mail/ldap.conf >> table vdomains ldap:/etc/mail/ldap.conf >> >> accept from any for domain virtual deliver to lmtp >> "/var/dovecot/lmtp" >> >> If the user id exists in /etc/passwd, the mail is accepted by OpenSMTPD and >> delivered to dovecot. >> Dovecot only uses LDAP so it doesn???t care about users not being in >> /etc/passwd since they exist un LDAP ; tested using direct telnet on LMTP >> port. >> >> If the user id does not exist in /etc/passwd (but exists in LDAP), the mail >> gets rejected by OpenSMTPD with error + 550 Invalid recipient ;. >> >> Is this expected or does it reflect a miss-configuration on the LDAP size ? >> Sounds weird to me that virtual user must exist in /etc/passwd :) > > AFAIK, this is "by design", deliver to ... expects a local system user. > As workaround, you might use a userbase table (see smtpd.conf(5)) to map > all your virtual users to a single (fake) system users. Also, you might > play with deliver to lda instead of lmtp. > OK, I’ll dig the LDA ; although Dovecot seem to recommend LTMP over LDA. Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Virtual users need to exist in /etc/passwd ?
Hi, I have configured OpenSMTPD 5.4.4 (from OpenBSD 5.7) with virtual LDAP users and LMTP to Dovecot. table vusers ldap:/etc/mail/ldap.conf table vdomains ldap:/etc/mail/ldap.conf accept from any for domain virtual deliver to lmtp "/var/dovecot/lmtp" If the user id exists in /etc/passwd, the mail is accepted by OpenSMTPD and delivered to dovecot. Dovecot only uses LDAP so it doesn’t care about users not being in /etc/passwd since they exist un LDAP ; tested using direct telnet on LMTP port. If the user id does not exist in /etc/passwd (but exists in LDAP), the mail gets rejected by OpenSMTPD with error « 550 Invalid recipient ». Is this expected or does it reflect a miss-configuration on the LDAP size ? Sounds weird to me that virtual user must exist in /etc/passwd :) TIA, Jo
Re: table config examples for LDAP
+1 Never got it working here :'-( -- e-mail different > Le 3 nov. 2014 à 16:58, Barbier, Jason a écrit : > > hey I saw a few people out there with successful LDAP setups, could anyone be > nice enough to drop me their LDAP table config. I want to see if I can get it > going and maybe get the man page written for it so others don't have to ask. > > -- > Jason Barbier | jab...@serversave.us > Pro Patria Vigilans
Re: interested in LDAP ?
Le 29 sept. 2014 à 21:31, Gilles Chehade a écrit : > On Fri, Sep 26, 2014 at 04:02:45PM +0200, Joel Carnat wrote: >> Couldn't be there at that time, unfortunately. >> Yet, I'm having a look again at, this time, OpenBSD 5.5 / OpenSMTPD 5.4.2 >> and I still can't have it working. >> >> I already noticed smtpd will fail/crash if no index is done in LDAP server >> (seen using OpenLDAP and OpenBSD ldapd). >> But smtpd is still dying after the ldap match. >> debug: table-ldap: reading key "url" -> "ldap://localhost"; >> debug: table-ldap: reading key "username" -> "cn=admin,dc=tumfatig,dc=net" >> debug: table-ldap: reading key "password" -> "secret" >> debug: table-ldap: reading key "basedn" -> "ou=users,dc=tumfatig,dc=net" >> debug: table-ldap: reading key "userinfo_filter" -> >> "(&(objectClass=inetOrgPerson)(mail=%s))" >> debug: table-ldap: parsing attribute "userinfo_attributes" (4) -> "mail" >> debug: table-ldap: reading key "alias_filter" -> >> "(&(objectClass=inetOrgPerson)(mail=%s))" >> debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" >> debug: table-ldap: done reading config >> debug: smtp: listen on 192.168.59.131 port 25 flags 0x0 pki "" >> debug: smtp: listen on IPv6:fe80::20c:29ff:fef1:283d%vic0 port 25 flags 0x0 >> pki "" >> debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki "" >> debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki "" >> debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki "" >> debug: smtp: will accept at most 500 clients >> debug: table-ldap: ldap server accepted credentials >> debug: table-ldap: connected >> debug: smtpd: scanning offline queue... >> debug: smtpd: offline scanning done >> debug: smtp: new client on listener: 0x8ee2a66700 >> smtp-in: New session d672dd667db0a9ba from host 0@localhost [local] >> debug: table_ldap_internal_query: >> filter=(&(objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1 >> Segmentation fault >> warn: table-proc: pipe closed >> fatal: table-proc: exiting >> warn: smtp -> lka: pipe closed >> warn: parent -> lka: pipe closed >> warn: mfa -> smtp: pipe closed >> warn: mda -> lka: pipe closed >> warn: mta -> lka: pipe closed >> warn: control -> lka: pipe closed >> # warn: queue -> lka: pipe closed >> warn: scheduler -> control: pipe closed >> >> There's probably a misconfiguration on my smtpd.conf. >> But I'd be available for an IRC debug sequence tonight, if wished/available >> :) >> >> Le 19 mai 2014 ? 10:52, Gilles Chehade a ?crit : >> >>> ohai, >>> >>> if you're interested in getting LDAP fixed, I plan a debugging session >>> this Thusrday at 7PM (Europe/Paris) on IRC: #opensmtpd @ freenode >>> >>> im willing to stay working on it as long as it takes for all crashes to >>> go, but given that im not an LDAP user and not too familiar with it, I >>> would love to have some LDAP users around ;-) >>> > > I'll be around tomorrow and after tomorrow evening with spare time in > my hands ;-) Will have some time next Wednesday. I'll poke you on #opensmtpd around 9pm then :) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: interested in LDAP ?
Couldn't be there at that time, unfortunately. Yet, I'm having a look again at, this time, OpenBSD 5.5 / OpenSMTPD 5.4.2 and I still can't have it working. I already noticed smtpd will fail/crash if no index is done in LDAP server (seen using OpenLDAP and OpenBSD ldapd). But smtpd is still dying after the ldap match. debug: table-ldap: reading key "url" -> "ldap://localhost"; debug: table-ldap: reading key "username" -> "cn=admin,dc=tumfatig,dc=net" debug: table-ldap: reading key "password" -> "secret" debug: table-ldap: reading key "basedn" -> "ou=users,dc=tumfatig,dc=net" debug: table-ldap: reading key "userinfo_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "userinfo_attributes" (4) -> "mail" debug: table-ldap: reading key "alias_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" debug: table-ldap: done reading config debug: smtp: listen on 192.168.59.131 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:fe80::20c:29ff:fef1:283d%vic0 port 25 flags 0x0 pki "" debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki "" debug: smtp: will accept at most 500 clients debug: table-ldap: ldap server accepted credentials debug: table-ldap: connected debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done debug: smtp: new client on listener: 0x8ee2a66700 smtp-in: New session d672dd667db0a9ba from host 0@localhost [local] debug: table_ldap_internal_query: filter=(&(objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1 Segmentation fault warn: table-proc: pipe closed fatal: table-proc: exiting warn: smtp -> lka: pipe closed warn: parent -> lka: pipe closed warn: mfa -> smtp: pipe closed warn: mda -> lka: pipe closed warn: mta -> lka: pipe closed warn: control -> lka: pipe closed # warn: queue -> lka: pipe closed warn: scheduler -> control: pipe closed There's probably a misconfiguration on my smtpd.conf. But I'd be available for an IRC debug sequence tonight, if wished/available :) Le 19 mai 2014 à 10:52, Gilles Chehade a écrit : > ohai, > > if you're interested in getting LDAP fixed, I plan a debugging session > this Thusrday at 7PM (Europe/Paris) on IRC: #opensmtpd @ freenode > > im willing to stay working on it as long as it takes for all crashes to > go, but given that im not an LDAP user and not too familiar with it, I > would love to have some LDAP users around ;-) > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: postgres and ldap backends
OpenBSD ldapd. Le 5 mars 2014 à 18:56, Gilles Chehade a écrit : > it's ok ;-) > > you're using openldap or openbsd's ldapd ? > > On Wed, Mar 05, 2014 at 06:51:10PM +0100, Joel Carnat wrote: >> Unfortunately, real life take precedence tonight ;-) >> >> I may find time to connect tomorrow during work-day. Or a bit late in the >> evening. >> Although it's been tenths of years since I ran an IRC client on my laptop ;-) >> >> Le 5 mars 2014 ? 18:42, Gilles Chehade a ?crit : >> >>> if you can come on irc and stay for a while, i can kill this one >>> by tonight >>> >>> On Wed, Mar 05, 2014 at 06:22:04PM +0100, Joel Carnat wrote: >>>> >>>> Le 5 mars 2014 ? 18:10, Gilles Chehade a ?crit : >>>> >>>>> can you start smtpd with -dv -T lookup -T table ? >>>>> this should provide a bit more information about the ldap lookup >>>> yup. >>>> >>>> # smtpd -dv -T lookup -T table >>>> debug: init ssl-tree >>>> info: OpenSMTPD 5.4.2 starting >>>> debug: bounce warning after 4h >>>> debug: using "fs" queue backend >>>> debug: using "ramqueue" scheduler backend >>>> debug: using "ram" stat backend >>>> info: startup [debug mode] >>>> debug: queue: done loading queue into scheduler >>>> debug: parent_send_config_ruleset: reloading >>>> debug: parent_send_config_mfa: reloading >>>> debug: parent_send_config: configuring smtp >>>> TABLE "" type=LIST config="" >>>> "*" >>>> "bagheera" >>>> TABLE "" type= config="" >>>> "0.0.0.0/0" >>>> "::/0" >>>> "local" >>>> TABLE "" type=LIST config="" >>>> "foo.net" >>>> TABLE "" type=DYNAMIC config="" >>>> TABLE "" type= config="" >>>> "127.0.0.1" >>>> "192.168.0.128" >>>> "ipv6:::1" >>>> "ipv6:fe80::1%lo0" >>>> "ipv6:fe80::20c:29ff:fe08:7d50%em0" >>>> "local" >>>> TABLE "" type=LIST config="" >>>> "bagheera.local" >>>> "localhost" >>>> TABLE "aliases" type=DYNAMIC config="/etc/mail/aliases.db" >>>> TABLE "relay-hosts" type=DYNAMIC config="/etc/mail/relay-hosts.db" >>>> TABLE "virtual-domains" type=DYNAMIC config="/etc/mail/virtual-domains.db" >>>> TABLE "virtual-users" type=DYNAMIC config="/usr/libexec/smtpd/table-ldap >>>> /etc/mail/virtual-users.conf" >>>> mfa: building simple chains... >>>> mfa: building complex chains... >>>> mfa: done building complex chains >>>> mfa: done building default chain >>>> debug: mfa ready >>>> debug: table-ldap: reading key "url" -> "ldap://127.0.0.1"; >>>> debug: table-ldap: reading key "username" -> "cn=email,ou=users,dc=local" >>>> debug: table-ldap: reading key "password" -> "vierge" >>>> debug: table-ldap: reading key "basedn" -> "dc=local" >>>> debug: table-ldap: reading key "userinfo_filter" -> >>>> "(&(objectClass=inetOrgPerson)(mail=%s))" >>>> debug: table-ldap: parsing attribute "userinfo_attributes" (4) -> "mail" >>>> debug: table-ldap: reading key "credentials_filter" -> >>>> "(&(objectClass=inetOrgPerson)(mail=%s))" >>>> debug: table-ldap: parsing attribute "credentials_attributes" (2) -> >>>> "mail,userPassword" >>>> debug: table-ldap: reading key "alias_filter" -> >>>> "(&(objectClass=inetOrgPerson)(mail=%s))" >>>> debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" >>>> debug: table-ldap: done reading config >>>> debug: table-ldap: ldap server accepted credentials >>>> debug: table-ldap: connected >>>> debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0
Re: postgres and ldap backends
Unfortunately, real life take precedence tonight ;-) I may find time to connect tomorrow during work-day. Or a bit late in the evening. Although it's been tenths of years since I ran an IRC client on my laptop ;-) Le 5 mars 2014 à 18:42, Gilles Chehade a écrit : > if you can come on irc and stay for a while, i can kill this one > by tonight > > On Wed, Mar 05, 2014 at 06:22:04PM +0100, Joel Carnat wrote: >> >> Le 5 mars 2014 ? 18:10, Gilles Chehade a ?crit : >> >>> can you start smtpd with -dv -T lookup -T table ? >>> this should provide a bit more information about the ldap lookup >> yup. >> >> # smtpd -dv -T lookup -T table >> debug: init ssl-tree >> info: OpenSMTPD 5.4.2 starting >> debug: bounce warning after 4h >> debug: using "fs" queue backend >> debug: using "ramqueue" scheduler backend >> debug: using "ram" stat backend >> info: startup [debug mode] >> debug: queue: done loading queue into scheduler >> debug: parent_send_config_ruleset: reloading >> debug: parent_send_config_mfa: reloading >> debug: parent_send_config: configuring smtp >> TABLE "" type=LIST config="" >>"*" >>"bagheera" >> TABLE "" type= config="" >>"0.0.0.0/0" >>"::/0" >>"local" >> TABLE "" type=LIST config="" >>"foo.net" >> TABLE "" type=DYNAMIC config="" >> TABLE "" type= config="" >>"127.0.0.1" >>"192.168.0.128" >>"ipv6:::1" >>"ipv6:fe80::1%lo0" >>"ipv6:fe80::20c:29ff:fe08:7d50%em0" >>"local" >> TABLE "" type=LIST config="" >>"bagheera.local" >>"localhost" >> TABLE "aliases" type=DYNAMIC config="/etc/mail/aliases.db" >> TABLE "relay-hosts" type=DYNAMIC config="/etc/mail/relay-hosts.db" >> TABLE "virtual-domains" type=DYNAMIC config="/etc/mail/virtual-domains.db" >> TABLE "virtual-users" type=DYNAMIC config="/usr/libexec/smtpd/table-ldap >> /etc/mail/virtual-users.conf" >> mfa: building simple chains... >> mfa: building complex chains... >> mfa: done building complex chains >> mfa: done building default chain >> debug: mfa ready >> debug: table-ldap: reading key "url" -> "ldap://127.0.0.1"; >> debug: table-ldap: reading key "username" -> "cn=email,ou=users,dc=local" >> debug: table-ldap: reading key "password" -> "vierge" >> debug: table-ldap: reading key "basedn" -> "dc=local" >> debug: table-ldap: reading key "userinfo_filter" -> >> "(&(objectClass=inetOrgPerson)(mail=%s))" >> debug: table-ldap: parsing attribute "userinfo_attributes" (4) -> "mail" >> debug: table-ldap: reading key "credentials_filter" -> >> "(&(objectClass=inetOrgPerson)(mail=%s))" >> debug: table-ldap: parsing attribute "credentials_attributes" (2) -> >> "mail,userPassword" >> debug: table-ldap: reading key "alias_filter" -> >> "(&(objectClass=inetOrgPerson)(mail=%s))" >> debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" >> debug: table-ldap: done reading config >> debug: table-ldap: ldap server accepted credentials >> debug: table-ldap: connected >> debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 >> pki "" >> debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki "" >> debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki "" >> debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki "" >> debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki "" >> debug: smtp: will accept at most 500 clients >> debug: smtpd: scanning offline queue... >> debug: smtpd: offline scanning done >> debug: smtp: new client on listener: 0x98551cb9000 >> smtp-in: New session ce7f1f365cb16f30 from host 192.168.0.21 [192.168.0.21] >> lookup: check "192.168.0.21" as NETADDR in table static: -> 0 >> lookup: check "192.168.0.21" as NETADDR in table db:relay-hosts -> found >> lookup: check "foo.net"
Re: postgres and ldap backends
Le 5 mars 2014 à 18:10, Gilles Chehade a écrit : > can you start smtpd with -dv -T lookup -T table ? > this should provide a bit more information about the ldap lookup yup. # smtpd -dv -T lookup -T table debug: init ssl-tree info: OpenSMTPD 5.4.2 starting debug: bounce warning after 4h debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend info: startup [debug mode] debug: queue: done loading queue into scheduler debug: parent_send_config_ruleset: reloading debug: parent_send_config_mfa: reloading debug: parent_send_config: configuring smtp TABLE "" type=LIST config="" "*" "bagheera" TABLE "" type= config="" "0.0.0.0/0" "::/0" "local" TABLE "" type=LIST config="" "foo.net" TABLE "" type=DYNAMIC config="" TABLE "" type= config="" "127.0.0.1" "192.168.0.128" "ipv6:::1" "ipv6:fe80::1%lo0" "ipv6:fe80::20c:29ff:fe08:7d50%em0" "local" TABLE "" type=LIST config="" "bagheera.local" "localhost" TABLE "aliases" type=DYNAMIC config="/etc/mail/aliases.db" TABLE "relay-hosts" type=DYNAMIC config="/etc/mail/relay-hosts.db" TABLE "virtual-domains" type=DYNAMIC config="/etc/mail/virtual-domains.db" TABLE "virtual-users" type=DYNAMIC config="/usr/libexec/smtpd/table-ldap /etc/mail/virtual-users.conf" mfa: building simple chains... mfa: building complex chains... mfa: done building complex chains mfa: done building default chain debug: mfa ready debug: table-ldap: reading key "url" -> "ldap://127.0.0.1"; debug: table-ldap: reading key "username" -> "cn=email,ou=users,dc=local" debug: table-ldap: reading key "password" -> "vierge" debug: table-ldap: reading key "basedn" -> "dc=local" debug: table-ldap: reading key "userinfo_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "userinfo_attributes" (4) -> "mail" debug: table-ldap: reading key "credentials_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "credentials_attributes" (2) -> "mail,userPassword" debug: table-ldap: reading key "alias_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" debug: table-ldap: done reading config debug: table-ldap: ldap server accepted credentials debug: table-ldap: connected debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 pki "" debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki "" debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki "" debug: smtp: will accept at most 500 clients debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done debug: smtp: new client on listener: 0x98551cb9000 smtp-in: New session ce7f1f365cb16f30 from host 192.168.0.21 [192.168.0.21] lookup: check "192.168.0.21" as NETADDR in table static: -> 0 lookup: check "192.168.0.21" as NETADDR in table db:relay-hosts -> found lookup: check "foo.net" as DOMAIN in table static: -> found debug: 0x9854d6bd000: end of message, msgflags=0x smtp-in: Accepted message 30972eb5 on session ce7f1f365cb16f30: from=, to=, size=5, ndest=1, proto=SMTP debug: scheduler: evp:30972eb53e98e2d4 scheduled (mta) debug: mta: received evp:30972eb53e98e2d4 for debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying MX for [relay:foo.net]... debug: mta: [relay:foo.net] waiting for MX debug: MXs for domain foo.net: 192.168.0.128 preference 10 debug: mta: ... got mx (0x98545ea7420, foo.net, [relay:foo.net]) debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying source for [relay:foo.net]... debug: mta: ... got source for [relay:foo.net]: [] debug: mta: new [connector:[]->[relay:foo.net],0x1] debug: mta: connecting with [connector:[]->[relay:foo.net],0x0] debug: mta-routing: searching new route for [connector:[]->[relay:foo.net],0x0]... debug: mta-routing: selecting candidate route [] <-> 192.168.0.128 debug: mta-routing: spawning new connection on [] <-> 192.168.0.128 debug: mta: 0x985504b5c00: spawned for relay [relay:foo.net] debug: mta: connecting with [connector:[]->[relay:foo.net],0x0] debug: mta: cannot use [relay:foo.net] before 2s debug: mta-routing: no route available for [connector:[]->[relay:foo.net],0x0]: must wait a bit debug: mta: retrying to connect on [connector:[]->[relay:foo.net],0x0] in 2s... debug: mta: draining [relay:foo.net] refcount=3, ntask=1, nconnector=1, nconn=1 debug: mta: scheduling relay [relay:foo.net] in 1s... smtp-out: Connecting to smtp+tls://192.168.0.128:25 (bagheera.local.) on session a477a901ccc2e17c... debug: smtp: new client on listener: 0x98551cb9000 smtp-out: Connected on session a477a901ccc2e17c smtp-in: New session ce7f1f374e67
Re: postgres and ldap backends
57:39.356 [20646] found index mail=j...@foo.net,mail=j...@foo.net,ou=users,ou=foo.net, Mar 5 17:57:39.356 [20646] lookup indexed key [mail=j...@foo.net,ou=users,ou=foo.net,dc=local] Mar 5 17:57:39.356 [20646] found dn mail=j...@foo.net,ou=users,ou=foo.net,dc=local Mar 5 17:57:39.356 [20646] requesting 01 access to mail=j...@foo.net,ou=users,ou=foo.net,dc=local by cn=email,ou=users,dc=local, in namespace dc=local Mar 5 17:57:39.356 [20646] found index mail=maria...@bar.net,mail=maria...@bar.net,ou=users,ou=bar.net, Mar 5 17:57:39.356 [20646] scanned past index prefix [mail=j...@foo.net,] Mar 5 17:57:39.357 [20646] 1 scanned, 1 matched, 0 dups Mar 5 17:57:39.357 [20646] sending response 5 with result 0 Mar 5 17:57:39.357 [20646] finished search on msgid 2 Mar 5 17:57:39.357 [20646] end-of-file on connection 12 Mar 5 17:57:39.357 [20646] closing connection 12 ### THE LDAP CLIENT # ldapsearch -H ldap://127.0.0.1 -D "cn=email,ou=users,dc=local" -w vierge -b "dc=local" "(&(objectClass=inetOrgPerson)(mail=j...@foo.net))" (...) dn: mail=j...@foo.net,ou=users,ou=foo.net,dc=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Joel Carnat sn: Carnat givenName: Joel mail: j...@foo.net userPassword:: dmllcmdl # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Le 5 mars 2014 à 10:27, Gilles Chehade a écrit : > Well, first question first, does it work for you ? :-) > > On Wed, Mar 05, 2014 at 07:59:27AM +0100, Joel Carnat wrote: >> Will for LDAP here. :) >> Feel free to MP. French or English. >> >> -- >> e-mail different >> >>> Le 5 mars 2014 ?? 02:35, Gilles Chehade a ??crit : >>> >>> Hi, >>> >>> We have just released a minor stable version and hopefully we should not >>> see another minor release before OpenSMTPD 5.5.0 comes out several weeks >>> from now. >>> >>> In the meantime, I'd like to stabilize table_ldap and table_postgres, so >>> we could *maybe* stop shipping them as experimental with our next big >>> release. >>> >>> If people willing to use ldap or postgres could get in touch with me, it >>> would be nice ;-) >>> >>> -- >>> Gilles Chehade >>> >>> https://www.poolp.org @poolpOrg >>> >>> -- >>> You received this mail because you are subscribed to misc@opensmtpd.org >>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >>> >> >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >> > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: postgres and ldap backends
Will for LDAP here. :) Feel free to MP. French or English. -- e-mail different > Le 5 mars 2014 à 02:35, Gilles Chehade a écrit : > > Hi, > > We have just released a minor stable version and hopefully we should not > see another minor release before OpenSMTPD 5.5.0 comes out several weeks > from now. > > In the meantime, I'd like to stabilize table_ldap and table_postgres, so > we could *maybe* stop shipping them as experimental with our next big > release. > > If people willing to use ldap or postgres could get in touch with me, it > would be nice ;-) > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SegFault with OpenSMTPD 5.4.1 on OpenBSD 5.4 amd64
Le 28 févr. 2014 à 17:31, Gilles Chehade a écrit : > On Fri, Feb 28, 2014 at 05:08:59PM +0100, Joel Carnat wrote: >> Le 28 f?vr. 2014 ? 16:54, Gilles Chehade a ?crit : >>> On Fri, Feb 28, 2014 at 03:25:28PM +0100, Joel Carnat wrote: >> (...) >>>> (Can't believe I'm so unlucky with that daemon...) >>>> I'm having a try with osmtpd 5.4.1 on obsd 5.4/amd64. >>>> It was compiled locally from "opensmtpd-5.4.1.tar.gz". >>>> >>>> Virtual users table is hosted in (localhost openbsd native) LDAP. >>>> OpenSMTPD connects properly to LDAP but badly quits when getting a mail. >>>> >>> >>> the experimental LDAP backend is probably broken, we have no user that are >>> reporting using it, we don't use it ourselves and given how many changes >>> happened since it was last tested ... >>> >> >> I thought so :( >> >>> if you're going to use it and report failures, i'll fix it and get it back >>> to working state next week >> >> Well. When it works, I definitely will use it. >> My actual configuration is spamd/Postfix/Dovecot/OpenLDAP. >> I regularly test to see if I can replace with spamd/OpenSMTPD/Dovecot/ldapd >> >> Using MySQL rather than LDAP to store "virtual stuff" would be OK for me. >> If that particular backend is more "mass-used" :) >> > > MySQL should work flawlessly yes > > >> If you'd like to have a user reporting LDAP issues, I'll do it ;-) >> > > Well, if you plan on using it, I can spend a few hours making it work > and I can fix very fast issues that you will later face until we have > a working table_ldap yes, until now no one used it which explains why > it has not been given as much love as table_mysql ;-) OK. Let's go for it then :) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: SegFault with OpenSMTPD 5.4.1 on OpenBSD 5.4 amd64
Le 28 févr. 2014 à 16:54, Gilles Chehade a écrit : > On Fri, Feb 28, 2014 at 03:25:28PM +0100, Joel Carnat wrote: (...) >> (Can't believe I'm so unlucky with that daemon...) >> I'm having a try with osmtpd 5.4.1 on obsd 5.4/amd64. >> It was compiled locally from "opensmtpd-5.4.1.tar.gz". >> >> Virtual users table is hosted in (localhost openbsd native) LDAP. >> OpenSMTPD connects properly to LDAP but badly quits when getting a mail. >> > > the experimental LDAP backend is probably broken, we have no user that are > reporting using it, we don't use it ourselves and given how many changes > happened since it was last tested ... > I thought so :( > if you're going to use it and report failures, i'll fix it and get it back > to working state next week Well. When it works, I definitely will use it. My actual configuration is spamd/Postfix/Dovecot/OpenLDAP. I regularly test to see if I can replace with spamd/OpenSMTPD/Dovecot/ldapd Using MySQL rather than LDAP to store "virtual stuff" would be OK for me. If that particular backend is more "mass-used" :) If you'd like to have a user reporting LDAP issues, I'll do it ;-) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
SegFault with OpenSMTPD 5.4.1 on OpenBSD 5.4 amd64
Hi, (Can't believe I'm so unlucky with that daemon...) I'm having a try with osmtpd 5.4.1 on obsd 5.4/amd64. It was compiled locally from "opensmtpd-5.4.1.tar.gz". Virtual users table is hosted in (localhost openbsd native) LDAP. OpenSMTPD connects properly to LDAP but badly quits when getting a mail. # smtpd -dvv debug: init ssl-tree info: OpenSMTPD 5.4.1 starting debug: bounce warning after 4h debug: using "fs" queue backend debug: using "ramqueue" scheduler backend debug: using "ram" stat backend info: startup [debug mode] debug: parent_send_config_ruleset: reloading debug: parent_send_config_mfa: reloading debug: parent_send_config: configuring smtp mfa: building simple chains... debug: queue: done loading queue into scheduler mfa: building complex chains... mfa: done building complex chains mfa: done building default chain debug: mfa ready debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 pki "" debug: table-ldap: reading key "url" -> "ldap://127.0.0.1"; debug: table-ldap: reading key "username" -> "cn=email,ou=users,dc=local" debug: table-ldap: reading key "password" -> "vierge" debug: table-ldap: reading key "basedn" -> "dc=local" debug: table-ldap: reading key "alias_filter" -> "(&(objectClass=inetOrgPerson)(mail=%s))" debug: table-ldap: parsing attribute "alias_attributes" (1) -> "mail" debug: table-ldap: done reading config debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki "" debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki "" debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki "" debug: smtp: will accept at most 500 clients debug: table-ldap: ldap server accepted credentials debug: table-ldap: connected debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done debug: smtp: new client on listener: 0x181d06b4d000 smtp-in: New session 2851bd0c7505cf16 from host 192.168.0.21 [192.168.0.21] debug: table_ldap_internal_query: filter=(&(objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1 Segmentation fault warn: table-proc: pipe closed fatal: table-proc: exiting warn: smtp -> lka: pipe closed warn: mda -> lka: pipe closed warn: control -> lka: pipe closed warn: mta -> lka: pipe closed warn: mfa -> smtp: pipe closed warn: scheduler -> control: pipe closed warn: parent -> lka: pipe closed warn: queue -> lka: pipe closed On the client side, I had: # telnet 192.168.0.128 25 Trying 192.168.0.128... Connected to 192.168.0.128. Escape character is '^]'. 220 bagheera.local. ESMTP OpenSMTPD helo macbook 250 bagheera.local. Hello macbook [192.168.0.21], pleased to meet you mail from: 250 Ok rcpt to: Connection closed by foreign host. A manual LDAP request does work: # ldapsearch -H ldap://127.0.0.1 -D "cn=email,ou=users,dc=local" -w vierge -b "dc=local" "(&(objectClass=inetOrgPerson)(mail=j...@foo.net))" (...) # j...@foo.net, users, foo.net, local dn: mail=j...@foo.net,ou=users,ou=foo.net,dc=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Joel Carnat sn: Carnat givenName: Joel mail: j...@foo.net userPassword:: dmllcmdl (...) A bit of configuration ? # egrep -v '^$|^#' /etc/mail/smtpd.conf.local lan_addr = "192.168.0.128" listen on all table aliases db:/etc/mail/aliases.db table relay-hosts db:/etc/mail/relay-hosts.db table virtual-domains db:/etc/mail/virtual-domains.db table virtual-users ldap:/etc/mail/virtual-users.conf accept for domain "foo.net" virtual deliver to maildir "/home/vmail/" accept from source for any relay # egrep -v '^$|^#' /etc/mail/virtual-users.conf url ldap://127.0.0.1 usernamecn=email,ou=users,dc=local passwordvierge basedn dc=local alias_filter(&(objectClass=inetOrgPerson)(mail=%s)) alias_attributesmail Any thoughts? TIA, Joe -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD in OpenBSD
Le 8 nov. 2013 à 19:50, Gilles Chehade a écrit : > We have taken a wrong path by trying to synchronize our releases with OpenBSD. > > This is why you guys are confused now, OpenBSD 5.4 was tagged a while ago and > OpenSMTPD was tagged at the same time and so it ships with a version that is > very close to 5.3.3 but which isn't really 5.3.3 nor what we want to release > for our "next" major. > > Long story short: > > You should always run our "stable" version which is advertised on our website > since that's always going to be the last stable one. > We have decided to rework how we do our releases so that it removes all the > confusion from the last few months. > > Very soon, we will release 5.4.1, which will be our first stable release for > 5.4. Right. That's why the website still refers to 5.3.3. I thought it was just not up to date :) BTW, the footer says "Copyright © 2012 OpenBSD". Shouldn't it mention 2013 too? > When OpenBSD will tag 5.5, we will not rush to tag OpenSMTPD 5.5 but simply > ship our latest known stable 5.4.x, this way no more bastard versions. > > Gilles > > > 2013/11/8 Joel Carnat > Le 8 nov. 2013 à 19:21, Bryan Vyhmeister a écrit : > > > > >> So since OpenBSD X.X is released, the only way to get new featured or > >> bug corrected OpenSMTPD is either use OpenBSD "HEAD" or OpenSMTPD > >> snapshots, right? > > > > That's correct. I ran into an obscure bug only triggered by spam-sending > > mail hosts with super long commands but it was a bug and, when I > > reported it, it was fixed in a couple of hours and in a snapshot right > > away and so I have been running OpenSMTPD snapshots with success ever > > since. I can't ask for better than that from the developers. > > OK, let's go for it this way :) > Thanks! > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD in OpenBSD
Le 8 nov. 2013 à 19:21, Bryan Vyhmeister a écrit : > >> So since OpenBSD X.X is released, the only way to get new featured or >> bug corrected OpenSMTPD is either use OpenBSD "HEAD" or OpenSMTPD >> snapshots, right? > > That's correct. I ran into an obscure bug only triggered by spam-sending > mail hosts with super long commands but it was a bug and, when I > reported it, it was fixed in a couple of hours and in a snapshot right > away and so I have been running OpenSMTPD snapshots with success ever > since. I can't ask for better than that from the developers. OK, let's go for it this way :) Thanks! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD in OpenBSD
OK. But OpenBSD also has "OPENBSD_5_4_BASE" which is what I understood as "primary snapshot release for 5.4" and "OPENBSD_5_4" which I understand as "5.4 release plus required (security only ?) patches". I thought, maybe opensmtpd would also be updated in "OPENBSD_5_4" and not only in "HEAD". From what I see, OpenSMTPD as shipped with OpenBSD 5.4 is tagged 5.4. Last snapshot I grabbed (mostly for Bug #333 correction) is tagged 201310281422. It's not straight forward to deal with but since one knows when OpenBSD 5.4 start shipping... :) So since OpenBSD X.X is released, the only way to get new featured or bug corrected OpenSMTPD is either use OpenBSD "HEAD" or OpenSMTPD snapshots, right? Le 8 nov. 2013 à 18:16, Bryan Vyhmeister a écrit : > The version in archives is definitely newer. A release of OpenBSD is tagged > and the tree frozen for that release months back in order for CD duplication > and so forth. That's why archives has a much newer version. It is regularly > synced to -current as you noticed and I believe 5.4 has OpenSMTPD version > 5.3.x. > > Bryan > > --- > Bryan Vyhmeister > Sent from my iPhone > >> On Nov 8, 2013, at 9:11, Joel Carnat wrote: >> >> Hi, >> >> I was looking at opensmtpd in brand new openbsd 5.4 and it seems not to be >> as fresh as the one in /archives/. >> I also had a look at the Web CVS of OpenBSD and, as far as I understood it, >> opensmtpd seem to not be synced in the "release" tree but rather in the >> "current" one. >> >> Am I wrong or do one have to rather use /archives/ to be able to get the >> required latest fixes on opensmtpd ? >> >> Thanks. >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >> > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
OpenSMTPD in OpenBSD
Hi, I was looking at opensmtpd in brand new openbsd 5.4 and it seems not to be as fresh as the one in /archives/. I also had a look at the Web CVS of OpenBSD and, as far as I understood it, opensmtpd seem to not be synced in the "release" tree but rather in the "current" one. Am I wrong or do one have to rather use /archives/ to be able to get the required latest fixes on opensmtpd ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Dealing with virtual aliases and nodes
Le 15 oct. 2013 à 10:14, Gilles Chehade a écrit : > > can you also mail me full config and full tables, something might be missing > for me to troubleshoot > ### CONFIG listen on all table trustnet { 127.0.0.1, 192.168.0.0/24 } table vdoms "/etc/mail/virtual-domains.txt" table bdoms "/etc/mail/backup-domains.txt" table valiases "/etc/mail/virtual-aliases.txt" table vusers "/etc/mail/virtual-users.txt" accept for domain virtual deliver to maildir "/home/vmail/%{dest.domain}/%{dest.user}/" accept for any alias deliver to mbox accept from for any relay via smtp://smtp.free.fr ### /etc/mail/virtual-domains.txt foo.net ### /etc/mail/virtual-aliases.txt postmaster: root abuse: root hostmaster: root webmaster: root root: m...@foo.net ### /etc/mail/virtual-users.txt m...@foo.net vmail s...@foo.net vmail cont...@foo.net m...@foo.net,s...@foo.net Maybe there's a need to explain what I want to achieve. - Deal with two domain names and one backup/secondary MX domain name - Store email accounts in LDAP (later on ; right now, I'm just trying to dispatch users/alias in flat files) - Do not bind email account to real system user (so using vmail as a generic/common user) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Dealing with virtual aliases and nodes
Le 15 oct. 2013 à 09:59, Gilles Chehade a écrit : > On Thu, Oct 10, 2013 at 05:27:40PM +0200, Joel Carnat wrote: >> Hi, >> >> Before being able to post my CONFIG PR0N, I need to finish it. And it's >> ready, yet :) >> >> I want an email to be splited trough various final recipients. >> Bits of config: >> (...) >> table vusers "/etc/mail/virtual-users.txt" >> (..) >> accept for domain virtual deliver to maildir >> "/home/vmail/%{dest.domain}/%{dest.user}/" >> (...) >> > >> If I fill the virtual user base with: >> cont...@foo.net m...@foo.net >> The log will be: >> smtp-in: New session bb26c6cd from host 0@localhost [local] >> debug: aliases_virtual_get: 'cont...@foo.net' resolved to 1 nodes >> debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes >> (...) >> delivery: Ok for ffcdf782fe8ffea4: from=, >> to=, rcpt=, user=vmail, method=maildir, >> delay=0s, stat=Delivered >> >> If I fill the virtual user base with: >> cont...@foo.net m...@foo.net,s...@foo.net >> The log will be: >> smtp-in: New session b6ac6f0b from host 0@localhost [local] >> debug: aliases_virtual_get: 'cont...@foo.net' resolved to 2 nodes >> debug: aliases_virtual_get: 's...@foo.net' resolved to 1 nodes >> debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes >> (...) >> delivery: Ok for e7f8941b403237a4: from=, >> to=, rcpt=, user=vmail, method=maildir, >> delay=0s, stat=Delivered >> >> In both case, I only get one delivery when I expected two in the second case. >> Is there a way to achieve this kinda of split distribution? >> > > What version are you using ? > > This is strange because it is exactly what we do for some accounts such > as secur...@opensmtpd.org > > Can you provide more log ? > I use smtpd shipping with OpenBSD 5.4 (Oct. 4th). Find the log attached. smtpd.log.gz Description: GNU Zip compressed data
Dealing with virtual aliases and nodes
Hi, Before being able to post my CONFIG PR0N, I need to finish it. And it's ready, yet :) I want an email to be splited trough various final recipients. Bits of config: (...) table vusers "/etc/mail/virtual-users.txt" (..) accept for domain virtual deliver to maildir "/home/vmail/%{dest.domain}/%{dest.user}/" (...) If I fill the virtual user base with: cont...@foo.net m...@foo.net The log will be: smtp-in: New session bb26c6cd from host 0@localhost [local] debug: aliases_virtual_get: 'cont...@foo.net' resolved to 1 nodes debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes (...) delivery: Ok for ffcdf782fe8ffea4: from=, to=, rcpt=, user=vmail, method=maildir, delay=0s, stat=Delivered If I fill the virtual user base with: cont...@foo.net m...@foo.net,s...@foo.net The log will be: smtp-in: New session b6ac6f0b from host 0@localhost [local] debug: aliases_virtual_get: 'cont...@foo.net' resolved to 2 nodes debug: aliases_virtual_get: 's...@foo.net' resolved to 1 nodes debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes (...) delivery: Ok for e7f8941b403237a4: from=, to=, rcpt=, user=vmail, method=maildir, delay=0s, stat=Delivered In both case, I only get one delivery when I expected two in the second case. Is there a way to achieve this kinda of split distribution? TIA, Jo -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
MySQL support in 5.3.3 or 5.4 ?
Hi, Do OpenSMTPD 5.4 (shipping with OpenBSD 5.4-snapshot) or 5.3.3 come with support for mysql backend? I found a reference for table_mysql on the Git but when configuring my smtpd and starting it, it goes: smtpd: table_create: backend "mysql" does not exist The configuration line was: table vusers "mysql:/etc/mail/virtual-users.sql" Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: CONFIG PR0N !?
Le 3 oct. 2013 à 17:12, Gilles Chehade a écrit : > On Thu, Oct 03, 2013 at 05:06:22PM +0200, Joel Carnat wrote: >> >> Le 3 oct. 2013 ? 16:54, Gilles Chehade a ?crit : >> >>> On Thu, Oct 03, 2013 at 04:50:27PM +0200, Gilles Chehade wrote: >>>> OHAI ! >>>> >>>> Today is CONFIG PR0N !? day >>>> >>>> Please share your config files in this thread ;-) >>>> >>> >>> pki mx1.poolp.org certificate "/etc/ssl/mx1.poolp.org.crt" >>> pki mx1.poolp.org key "/etc/ssl/private/mx1.poolp.org.key" >>> >>> pki mail.poolp.org certificate "/etc/ssl/mail.poolp.org.crt" >>> pki mail.poolp.org key "/etc/ssl/private/mail.poolp.org.key" >>> >>> listen on lo0 >>> listen on lo0 port 10029 tag DKIM >>> listen on egress secure pki mx1.poolp.org hostname mx1.poolp.org >>> listen on egress port submission tls pki mail.poolp.org auth hostname >>> mail.poolp.org >>> >>> table sources { 88.190.237.114 } >>> table helonames { 88.190.237.114 = mx1.poolp.org } >>> >>> table aliases "/etc/mail/smtpd/aliases" >>> table pdomains "/etc/mail/smtpd/primary-domains" >>> table vdomains "/etc/mail/smtpd/virtual-domains" >>> table vusers"/etc/mail/smtpd/virtual-users" >>> table bdomains "/etc/mail/smtpd/backup-domains" >>> >>> accept for local alias deliver to maildir >>> accept from any for domain alias deliver to maildir >>> accept from any for domain virtual deliver to maildir >>> accept from any for domain relay backup mx1.poolp.org >>> >>> accept tagged DKIM for any relay source hostnames >>> accept for any relay via smtp://127.0.0.1:10028 >>> >> >> Unless it's too pr0ny, shall we get contents from "table"s too please? :) >> > > Too pr0ny, but they don't have anything funky, they're basic tables ;-) > > pdomains, vdomains and bdomains contain lists of domains, one per line, > for respectively Primary domains, Virtual domains and domains my MX is > the Backup for. > > aliases is a simple aliases mapping (root: gilles, abuse: gilles, ...) > vusers is also a simple mapping (x@vdomain a, y@vdomain b, ...) ok :) ldap or sql table content would be h0t! ;-) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: CONFIG PR0N !?
Le 3 oct. 2013 à 16:54, Gilles Chehade a écrit : > On Thu, Oct 03, 2013 at 04:50:27PM +0200, Gilles Chehade wrote: >> OHAI ! >> >> Today is CONFIG PR0N !? day >> >> Please share your config files in this thread ;-) >> > > pki mx1.poolp.org certificate "/etc/ssl/mx1.poolp.org.crt" > pki mx1.poolp.org key "/etc/ssl/private/mx1.poolp.org.key" > > pki mail.poolp.org certificate "/etc/ssl/mail.poolp.org.crt" > pki mail.poolp.org key "/etc/ssl/private/mail.poolp.org.key" > > listen on lo0 > listen on lo0 port 10029 tag DKIM > listen on egress secure pki mx1.poolp.org hostname mx1.poolp.org > listen on egress port submission tls pki mail.poolp.org auth hostname > mail.poolp.org > > table sources { 88.190.237.114 } > table helonames { 88.190.237.114 = mx1.poolp.org } > > table aliases "/etc/mail/smtpd/aliases" > table pdomains "/etc/mail/smtpd/primary-domains" > table vdomains "/etc/mail/smtpd/virtual-domains" > table vusers"/etc/mail/smtpd/virtual-users" > table bdomains "/etc/mail/smtpd/backup-domains" > > accept for local alias deliver to maildir > accept from any for domain alias deliver to maildir > accept from any for domain virtual deliver to maildir > accept from any for domain relay backup mx1.poolp.org > > accept tagged DKIM for any relay source hostnames > accept for any relay via smtp://127.0.0.1:10028 > Unless it's too pr0ny, shall we get contents from "table"s too please? :) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Digging into using LDAP
Le 28 juin 2013 à 11:44, Gilles Chehade a écrit : > On Fri, Jun 28, 2013 at 11:38:29AM +0200, Joel Carnat wrote: >> /etc/mail/smtpd.conf.local >> lan_addr = "192.168.0.218" >> listen on $lan_addr >> table ldap ldap:/etc/mail/ldapd.conf >> accept for domain "tumfatig.net" alias deliver to maildir >> "/home/vmail/%{rcpt.domain}/%{rcpt.user}/" >> accept for any relay > either use a virtual mapping, since that will use the full email address > as the key, or extend the backend to support expansion so that you can > use %{rcpt} instead of %s OK, so the configuration line now goes accept for domain "tumfatig.net" virtual deliver to maildir "/home/vmail/%{rcpt.domain}/%{rcpt.user}/" And the "postmaster" alias is now resolved and delivered (to an external domain/user name). YeePee !!! :D BUT :) I also have accounts on this domain for which I want to deliver mail directly. For them, the LDAP filter and field are different than for aliases. I have tried using "credentials_filter" and "userinfo_filter" but this doesn't seem to do what I want. # Aliases alias_filter(&(mail=%s)(objectClass=CourierMailAlias)) alias_attributesmaildrop # Account userinfo_filter (&(mail=%s)(objectClass=CourierMailAccount)) userinfo_attributes mailbox According to smtpd log, it only looks for objectClass=CourierMailAlias using full mail, then username, then domain name, then '@'. What is the way to tell opensmtpd to ? - first, try to find an alias using "(&(mail=%s)(objectClass=CourierMailAlias))" - then, try to find an account using "(&(mail=%s)(objectClass=CourierMailAccount))" Thanks for help. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Digging into using LDAP
Hi, (Now that SSL "issue" is clear, let's digg a bit more :) So, using smtpd 5.3.3 on openbsd 5.3. I used https://poolp.org/0x765d/OpenSMTPD:-LDAP-support-selectable-source--DKIM-and-Goodies as a source of inspiration. Here's my configuration bits: /etc/mail/smtpd.conf listen on lo0 include "/etc/mail/smtpd.conf.local" /etc/mail/smtpd.conf.local lan_addr = "192.168.0.218" listen on $lan_addr table ldap ldap:/etc/mail/ldapd.conf accept for domain "tumfatig.net" alias deliver to maildir "/home/vmail/%{rcpt.domain}/%{rcpt.user}/" accept for any relay /etc/mail/ldapd.conf url ldap://ldap.tumfatig.net usernamecn=user,... passwordmypass basedn dc=tumfatig,dc=net # Aliases alias_filter(&(mail=%s)(objectClass=CourierMailAlias)) alias_attributesmaildrop One of my test LDAP alias (which works in my actual postfix configuration) looks like: dn: mail=r...@tumfatig.net,ou=alias,dc=tumfatig,dc=net objectClass: top objectClass: CourierMailAlias objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson (...) mail: ab...@tumfatig.net mail: hostmas...@tumfatig.net mail: postmas...@tumfatig.net mail: r...@tumfatig.net (...) maildrop: j...@carnat.net The thing is, when I issue the "RCPT TO: ", I get "550 Invalid recipient". Running smtpd in debug mode reports: debug: smtp: new client on listener: 0x88fe9170 smtp-in: New session 0001573f798d from host localhost [127.0.0.1] debug: table_ldap_internal_query: filter=(&(mail=postmaster)(objectClass=CourierMailAlias)), ret=0 debug: table_ldap_alias: ret=0 smtp-in: Failed command on session 0001573f798d: "RCPT TO: " => 550 Invalid recipient smtp-in: Closing session 0001573f798d debug: smtp: 0x7d217000: deleting session: done The error is that my alias_filter looks badly formed. What would be the correct filter syntax to look for the whole email address in the LDAP tree ? Thanks. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
Le 28 juin 2013 à 11:08, Mathieu - a écrit : > Joel Carnat wrote: >> Le 28 juin 2013 à 10:07, Gilles Chehade a écrit : >> >>> On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: >>>> Hi, >>>> >>> >>> Hi, >>> >>> >>>> I'm having a(nother) look at OpenSMTPd as a Postfix replacement. >>>> I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. >>>> I have configured LDAP connexion as such: >>>>table ldap ldap:/etc/mail/ldapd.conf >>>> It seems to work ; at least to connect. But if I try using "ldaps", I get: >>>>smtpd: table_create: backend "ldaps" does not exist >>>> >>> >>> Yes, backend != protocol ;-) >>> >>> Both ldap and ldaps would be handled by the ldap backend, however... The >>> ldap backend doesn't support SSL yet. >>> >> >> ok :) >> >> So, is there a way to tell smtpd to not try to authenticate as it's using >> clear-text connexion ? >> > > No, the ldap backend at the moment doesn't support anonnymous binds. Not > sure if it is wanted.. OK, thanks. What would be the point of using authenticated binds over clear-text LDAP protocol ? -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
Le 28 juin 2013 à 10:07, Gilles Chehade a écrit : > On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: >> Hi, >> > > Hi, > > >> I'm having a(nother) look at OpenSMTPd as a Postfix replacement. >> I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. >> I have configured LDAP connexion as such: >> table ldap ldap:/etc/mail/ldapd.conf >> It seems to work ; at least to connect. But if I try using "ldaps", I get: >> smtpd: table_create: backend "ldaps" does not exist >> > > Yes, backend != protocol ;-) > > Both ldap and ldaps would be handled by the ldap backend, however... The > ldap backend doesn't support SSL yet. > ok :) So, is there a way to tell smtpd to not try to authenticate as it's using clear-text connexion ? Right now, my ldap configuration file contains: url ldap://ldap.tumfatig.net usernamecn=user,... passwordmypass If I comment username/password, I then get smtpd: failed to open table ldap Thanks. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Using LDAP/SSL
Hi, I'm having a(nother) look at OpenSMTPd as a Postfix replacement. I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. I have configured LDAP connexion as such: table ldap ldap:/etc/mail/ldapd.conf It seems to work ; at least to connect. But if I try using "ldaps", I get: smtpd: table_create: backend "ldaps" does not exist Is there a way to use LDAP/SSL ? (Other than using SSH to redirect remote LDAP port to localhost ;) Thanks. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister