Re: Unable to remove mail from queue
Hi Gilles, Ok. So course of action is indeed just to rm the files? Which works for me. ;) Mischa > On 4 Jun 2020, at 05:16, Gilles Chehade wrote: > > this is due to a short-coming with how inflight envelopes are handled: > > when a mail is passed from scheduler to mta, it is marked as "inflight" and > can't be removed until it comes back to scheduler. > > this is usually not a big deal because an envelope is marked inflight only a > few seconds usually... > > ... except that eric@ and I came with an optimization to avoid envelopes > going back and forth into the scheduler when they have multiple routes or > when there's a chance a route gets enabled soon, they are kept in the MTA for > a bit longer, but this means that they can't be removed either. > > we had discussed a quick fix for this but since the MTA layer is supposedly > going to be simplified a lot, it was not worth the effort. > > I don't know where eric@ stands wrt this as of today > > > On Sun, May 31, 2020 at 8:00 PM Chris Bennett <mailto:ch...@bennettconstruction.us>> wrote: > On Sun, May 31, 2020 at 05:24:18PM +0200, Mischa Peters wrote: > > Hi All, > > > > I just noticed something strange on one of my mailservers running OpenSMTPd > > 6.7.0p1 (OpenBSD 6.7). > > The mailserver was trying to deliver a spam mailbounce to fedex, it kept > > failing so I removed it from the queue. > > The logs kept showing it was being delivered, eventhough nothing was > > showing in the queue. > > After a restart of smtpd the message did show up in the queue again. > > > > root@smtp1:~ # smtpctl show queue > > cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com > > <mailto:bou...@nds.fedex.com>|prvs=1417a4ec2a=bou...@nds.fedex.com > > <mailto:bou...@nds.fedex.com>|1590676002|1590676002|1590937323|0|inflight|99| > > > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove > > cd9b0933db878954 > > 1 envelope removed > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove > > cd9b0933db878954 > > 0 envelope removed > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la > > total 52 > > drwx-- 2 _smtpq wheel512 May 28 16:26 . > > drwx-- 3 _smtpq wheel512 May 30 20:49 .. > > -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 > > -rw--- 1 _smtpq wheel 19296 May 28 16:26 message > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # rcctl restart smtpd > > smtpd(ok) > > smtpd(ok) > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue > > cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com > > <mailto:bou...@nds.fedex.com>|prvs=1417a4ec2a=bou...@nds.fedex.com > > <mailto:bou...@nds.fedex.com>|1590676002|1590676002|1590937456|0|inflight|1| > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la > > total 52 > > drwx-- 2 _smtpq wheel512 May 28 16:26 . > > drwx-- 3 _smtpq wheel512 May 30 20:49 .. > > -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 > > -rw--- 1 _smtpq wheel 19296 May 28 16:26 message > > > > I assume this is not the expected result. :) > > What else can I collect to pinpoint what is going on, before I rm the files? > > > > Mischa > > > > > > I also had this same problem. I rm'd the files. > However, what is the right solution? > (I was in a big rush and had to quickly solve the problem.) > > Chris Bennett > > >
Unable to remove mail from queue
Hi All, I just noticed something strange on one of my mailservers running OpenSMTPd 6.7.0p1 (OpenBSD 6.7). The mailserver was trying to deliver a spam mailbounce to fedex, it kept failing so I removed it from the queue. The logs kept showing it was being delivered, eventhough nothing was showing in the queue. After a restart of smtpd the message did show up in the queue again. root@smtp1:~ # smtpctl show queue cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937323|0|inflight|99| root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove cd9b0933db878954 1 envelope removed root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove cd9b0933db878954 0 envelope removed root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la total 52 drwx-- 2 _smtpq wheel512 May 28 16:26 . drwx-- 3 _smtpq wheel512 May 30 20:49 .. -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 -rw--- 1 _smtpq wheel 19296 May 28 16:26 message root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # rcctl restart smtpd smtpd(ok) smtpd(ok) root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937456|0|inflight|1| root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la total 52 drwx-- 2 _smtpq wheel512 May 28 16:26 . drwx-- 3 _smtpq wheel512 May 30 20:49 .. -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 -rw--- 1 _smtpq wheel 19296 May 28 16:26 message I assume this is not the expected result. :) What else can I collect to pinpoint what is going on, before I rm the files? Mischa
Re: RBLs?
Hi Tom, Getting a filter to do this would be great. I had a similar discussion on Mastodon the other day and there is an RBL which can be download and used with spamd. It already helps a lot on our setup. I am using the following script to collect the RBLs and to make them usable for spamd. ### fetch script ### #!/bin/sh openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-1.uceprotect.net /tmp/ > /dev/null 2>&1 openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-2.uceprotect.net /tmp/ > /dev/null 2>&1 openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/ips.whitelisted.org /tmp/ > /dev/null 2>&1 openrsync psbl-mirror.surriel.com::psbl/psbl.txt /etc/mail/ > /dev/null 2>&1 # strip out all non IP lines sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/dnsbl-1.uceprotect.net sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/dnsbl-2.uceprotect.net sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/ips.whitelisted.org # cp dnsbl1 cp /tmp/dnsbl-1.uceprotect.net /etc/mail # copy only IPs to the destination awk '{print $1}' /tmp/dnsbl-2.uceprotect.net > /etc/mail/dnsbl-2.uceprotect.net cp /tmp/ips.whitelisted.org /etc/mail ### The reason for /dev/null is openrsync doesn't have a quiet mode (yet). :) ### spamd.conf ### all:\ :nixspam:bsdly:dnsbl-1:dnsbl-2:psbl::dnsbl-white:localwhite:localblack: dnsbl-1:\ :black:\ :msg="Your address %A is listed on UCEPROTECT-Level 1\n\ See http://www.uceprotect.net/en":\ :method=file:\ :file=/etc/mail/dnsbl-1.uceprotect.net dnsbl-2:\ :black:\ :msg="Your address %A is listed on UCEPROTECT-Level 2\n\ See http://www.uceprotect.net/en":\ :method=file:\ :file=/etc/mail/dnsbl-2.uceprotect.net psbl:\ :black:\ :msg="Your address %A is listed on PSBL\n\ See https://psbl.org/":\ :method=file:\ :file=/etc/mail/psbl.txt dnsbl-white:\ :white:\ :method=file:\ :file=/etc/mail/ips.whitelisted.org ### Hope this helps. Mischa > On 20 Jun 2019, at 00:40, Thomas Smith wrote: > > Hi, > > I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at > 6.5) for some time and with success. However, there are still some > false-negatives and I’m looking at ways of reducing those. One way is by > making use of RBLs. > > (I’ve evaluated delivered spam and the majority of it seems to be coming from > IPs that are on various blacklists but aren’t being caught by greylisting.) > > spamd doesn’t support RBLs, at least that I’ve found, it can only use lists > that can be downloaded locally—the particular service I’m wanting to use only > provides DNS-based RBLs. So that’s my problem… > > I’m looking for ways of including an RBL in either spamd or OpenSMTPd, > preferring to stay in OpenBSD base as much as possible. (In other words, I’d > prefer to not rip out spamd or replace or supplement it with SpamAssassin or > rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs > without all of the other bloat that SpamAssassin and similar products bring. > > Can anyone offer some input on this please? > > I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate > some documentation for that (I’ve looked but haven’t been able to find it, so > I’m probably looking in the wrong places—suggestions welcomed). > > ~ Tom > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Filter email where sender and rcpt-to are the same
> On 6 Feb 2019, at 17:24, Mischa wrote: > >> On 6 Feb 2019, at 15:38, Gilles Chehade wrote: >> >> On Wed, Feb 06, 2019 at 11:42:19AM +0100, Mischa wrote: >>> Hi All, >>> >>> There has been a new scam going around for some time now where you get an >>> email from your own email address to your email address. >>> For people that don't know better it's scares the s**t out of them as the >>> email is like: >>> >>> Hey I hacked your account as you can see since I am sending this email from >>> your own account. >>> etc.. >>> >>> Is there a quick way to filter email where the sender and rcpt-to are the >>> same? >>> Has anybody created a filter already to easily do this? >>> >>> Thanx! >>> >> >> I used to have a rule to reject any mail from my domain but which were >> not originating from trusted machines nor authenticated users. >> >> not tested here but something along the lines of: >> >> match !from local mail-from "@opensmtpd.org" reject >> match !auth from any mail-from "@opensmtpd.org" reject >> >> there are other ways too > > Let me see if some modified version of those rules work, the difference is > that the MX is for incoming email only, outbound is taking a different route. > > Thanx Gilles! I have been trying to do things like: match from any rcpt-to "openbsd @ high5.nl" mail-from "openbsd @ high5.nl" reject (without the spaces of course) But it's not working. :/ Is there again parts of the rule I am missing? Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Filter email where sender and rcpt-to are the same
> On 6 Feb 2019, at 15:38, Gilles Chehade wrote: > > On Wed, Feb 06, 2019 at 11:42:19AM +0100, Mischa wrote: >> Hi All, >> >> There has been a new scam going around for some time now where you get an >> email from your own email address to your email address. >> For people that don't know better it's scares the s**t out of them as the >> email is like: >> >> Hey I hacked your account as you can see since I am sending this email from >> your own account. >> etc.. >> >> Is there a quick way to filter email where the sender and rcpt-to are the >> same? >> Has anybody created a filter already to easily do this? >> >> Thanx! >> > > I used to have a rule to reject any mail from my domain but which were > not originating from trusted machines nor authenticated users. > > not tested here but something along the lines of: > >match !from local mail-from "@opensmtpd.org" reject >match !auth from any mail-from "@opensmtpd.org" reject > > there are other ways too Let me see if some modified version of those rules work, the difference is that the MX is for incoming email only, outbound is taking a different route. Thanx Gilles! Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Filter email where sender and rcpt-to are the same
Hi All, There has been a new scam going around for some time now where you get an email from your own email address to your email address. For people that don't know better it's scares the s**t out of them as the email is like: Hey I hacked your account as you can see since I am sending this email from your own account. etc.. Is there a quick way to filter email where the sender and rcpt-to are the same? Has anybody created a filter already to easily do this? Thanx! Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: match rule seems to be failing in -current
> On 29 Jan 2019, at 16:20, Gilles Chehade wrote: > > On Tue, Jan 29, 2019 at 01:10:47PM +0100, Mischa wrote: >> Hi Gilles, >> >>> well, providing the full session log from connect to disconnect without >>> altering it would be a good start to troubleshoot. >> >> Yeah... not really going to happen on public mailinglist. :/ >> It has the email address of one of my customers and there isn't anything I >> want to do with the rcpt-to. >> >> The IP address is part of src (www-relays), which I checked and double >> checked. :) >> >> The only thing I can think of is that the mail-from is not matched in >> www-senders file. >> Just saw I missed one IP, but that is ok, so you get the drift. >> >>> I think you are missing a "for any" on some rules which causes them to >>> not be matched. >> >> I would like this email to match the following rule: >> >> match from src mail-from action "relay" >> action "relay" relay >> > > for starters, you lack a 'for any' in that rule, so it will only match > for recipients that are on a local domain (ie: `hostname` & localhost) That makes perfect sense! It's working as expected now. Thanx Gilles! Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: match rule seems to be failing in -current
Hi Gilles, > On 29 Jan 2019, at 12:58, Gilles Chehade wrote: > > On Tue, Jan 29, 2019 at 12:41:17PM +0100, Mischa wrote: >> >> >>> On 29 Jan 2019, at 12:30, Gilles Chehade wrote: >>> >>> On Fri, Jan 25, 2019 at 02:08:41PM +0100, Mischa wrote: >>>> Hi All, >>>> >>> >>> Hi, >>> >>> >>>> ### smtpd.conf >>>> pki mx1.domain1.nl cert "/etc/ssl/mx1.domain1.nl.fullchain.pem" >>>> pki mx1.domain1.nl key "/etc/ssl/private/mx1.domain1.nl.key" >>>> >>>> table names file:/etc/mail/hostnames >>>> table aliases file:/etc/mail/aliases >>>> table www-relays file:/etc/mail/www-relays >>>> table www-senders file:/etc/mail/www-senders >>>> table relay-domains file:/etc/mail/relay-domains >>>> table reject-email file:/etc/mail/reject-email >>>> >>>> table domains sqlite:/etc/mail/sqlite.conf >>>> table virtuals sqlite:/etc/mail/sqlite.conf >>>> table credentials sqlite:/etc/mail/sqlite.conf >>>> >>>> filter check-fcrdns builtin connect fcrdns disconnect "550 fc-rDNS" >>>> >>>> listen on mx1.domain1.nl port 25 tls pki mx1.domain1.nl hostnames >>>> filter check-fcrdns >>>> >>>> action "local" mbox alias >>>> action "maildir" maildir "/var/mail/virtual/%{dest:lowercase}/" virtual >>>> >>>> action "relay" relay >>>> action "smartrelay" relay host smtp://mail.domain1.nl >>>> >>>> match from any rcpt-to for any reject >>>> match from src !mail-from for any reject >>>> match from src mail-from action "relay" >>>> match from any for domain action "smartrelay" >>>> match from any for domain action "maildir" >>>> match from local action "smartrelay" >>>> match for any action "relay" >>>> ### >>>> >>>> # cat www-relays >>>> 46.23.xx.yy >>>> >>>> # cat www-senders >>>> w...@www.domain2.nl >>>> >>>> As soon as an email is send from one of the www-relays with the >>>> sender that is in www-senders I am getting the following error on >>>> the sending mail server (FreeBSD w/ dma): >>>> >>>> Jan 18 15:56:12 www dma[2eb801]: new mail from user=www uid=80 >>>> envelope_from= >>>> Jan 18 15:56:12 www dma[2eb801]: mail to= queued as >>>> 2eb801.801a2d0a0 >>>> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying delivery >>>> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: using smarthost >>>> (mx1.domain1.nl:25) >>>> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying remote delivery to >>>> mx1.domain1.nl [46.23.xx.zz] pref 0 >>>> Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: remote delivery to >>>> mx1.domain1.nl [46.23.xx.zz] failed after RCPT TO: 550 Invalid recipient >>>> Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: delivery failed, bouncing as >>>> 2eb803 >>>> >>>> >>>> OpenSMTPD is saying (grep "00a1b263550db3c7" /var/log/maillog): >>>> >>>> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected >>>> address=46.23.xx.yy host=46-23-xx-yy.domain1.nl >>>> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command >>>> command="RCPT TO:" result="550 Invalid recipient" >>>> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp disconnected >>>> reason=disconnect >>>> >>>> Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected >>>> address=46.23.xx.xx host=www.domain2.nl >>>> Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command >>>> command="RCPT TO:" result="550 Invalid recipient" >>>> >>>> >>>> Anybody have an idea? >>>> >>> >>> can you run smtpd with -dv -T rules and provide log of which rule is >>> matched ? >> >> It says no rules are matched. Which makes sense from a failure perspective, >> as it's unable to deliver the email locally. >> But the content in the files hasn't changed since the upgrade to the new >> syntax. >> >> debug: lka: helo names:46.23.88.60 >> ed537f31142afcea smtp connected address=46.23.xx.xx host=46-23-xx.xx.high5.nl >> no rule matched >> ed537f31142afcea smtp failed-command command="RCPT >> TO:" result="550 Invalid recipient" >> ed537f31142afcea smtp disconnected reason=disconnect >> >> Is there a way to get the sender information in the debug? >> > > well, providing the full session log from connect to disconnect without > altering it would be a good start to troubleshoot. Yeah... not really going to happen on public mailinglist. :/ It has the email address of one of my customers and there isn't anything I want to do with the rcpt-to. The IP address is part of src (www-relays), which I checked and double checked. :) The only thing I can think of is that the mail-from is not matched in www-senders file. Just saw I missed one IP, but that is ok, so you get the drift. > I think you are missing a "for any" on some rules which causes them to > not be matched. I would like this email to match the following rule: match from src mail-from action "relay" action "relay" relay Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: match rule seems to be failing in -current
> On 29 Jan 2019, at 12:30, Gilles Chehade wrote: > > On Fri, Jan 25, 2019 at 02:08:41PM +0100, Mischa wrote: >> Hi All, >> > > Hi, > > >> ### smtpd.conf >> pki mx1.domain1.nl cert "/etc/ssl/mx1.domain1.nl.fullchain.pem" >> pki mx1.domain1.nl key "/etc/ssl/private/mx1.domain1.nl.key" >> >> table names file:/etc/mail/hostnames >> table aliases file:/etc/mail/aliases >> table www-relays file:/etc/mail/www-relays >> table www-senders file:/etc/mail/www-senders >> table relay-domains file:/etc/mail/relay-domains >> table reject-email file:/etc/mail/reject-email >> >> table domains sqlite:/etc/mail/sqlite.conf >> table virtuals sqlite:/etc/mail/sqlite.conf >> table credentials sqlite:/etc/mail/sqlite.conf >> >> filter check-fcrdns builtin connect fcrdns disconnect "550 fc-rDNS" >> >> listen on mx1.domain1.nl port 25 tls pki mx1.domain1.nl hostnames >> filter check-fcrdns >> >> action "local" mbox alias >> action "maildir" maildir "/var/mail/virtual/%{dest:lowercase}/" virtual >> >> action "relay" relay >> action "smartrelay" relay host smtp://mail.domain1.nl >> >> match from any rcpt-to for any reject >> match from src !mail-from for any reject >> match from src mail-from action "relay" >> match from any for domain action "smartrelay" >> match from any for domain action "maildir" >> match from local action "smartrelay" >> match for any action "relay" >> ### >> >> # cat www-relays >> 46.23.xx.yy >> >> # cat www-senders >> w...@www.domain2.nl >> >> As soon as an email is send from one of the www-relays with the >> sender that is in www-senders I am getting the following error on >> the sending mail server (FreeBSD w/ dma): >> >> Jan 18 15:56:12 www dma[2eb801]: new mail from user=www uid=80 >> envelope_from= >> Jan 18 15:56:12 www dma[2eb801]: mail to= queued as >> 2eb801.801a2d0a0 >> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying delivery >> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: using smarthost >> (mx1.domain1.nl:25) >> Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying remote delivery to >> mx1.domain1.nl [46.23.xx.zz] pref 0 >> Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: remote delivery to mx1.domain1.nl >> [46.23.xx.zz] failed after RCPT TO: 550 Invalid recipient >> Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: delivery failed, bouncing as >> 2eb803 >> >> >> OpenSMTPD is saying (grep "00a1b263550db3c7" /var/log/maillog): >> >> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected >> address=46.23.xx.yy host=46-23-xx-yy.domain1.nl >> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command >> command="RCPT TO:" result="550 Invalid recipient" >> Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp disconnected >> reason=disconnect >> >> Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected >> address=46.23.xx.xx host=www.domain2.nl >> Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command >> command="RCPT TO:" result="550 Invalid recipient" >> >> >> Anybody have an idea? >> > > can you run smtpd with -dv -T rules and provide log of which rule is > matched ? It says no rules are matched. Which makes sense from a failure perspective, as it's unable to deliver the email locally. But the content in the files hasn't changed since the upgrade to the new syntax. debug: lka: helo names:46.23.88.60 ed537f31142afcea smtp connected address=46.23.xx.xx host=46-23-xx.xx.high5.nl no rule matched ed537f31142afcea smtp failed-command command="RCPT TO:" result="550 Invalid recipient" ed537f31142afcea smtp disconnected reason=disconnect Is there a way to get the sender information in the debug? Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
match rule seems to be failing in -current
Hi All, I am currently running OpenSMTPD on OpenBSD 6.4 GENERIC#588 What I am trying to achieve is the following. As soon as email is send from a webserver with a specific sender I allow relay through opensmtpd. When it's coming from that same webserver without the approved sender it's rejected. This was all running fine before the syntax change but I haven't been able to get this working with the next syntax. The IP address of the webserver is in: www-relays The approved sender is in: www-sender ### smtpd.conf pki mx1.domain1.nl cert "/etc/ssl/mx1.domain1.nl.fullchain.pem" pki mx1.domain1.nl key "/etc/ssl/private/mx1.domain1.nl.key" table names file:/etc/mail/hostnames table aliases file:/etc/mail/aliases table www-relays file:/etc/mail/www-relays table www-senders file:/etc/mail/www-senders table relay-domains file:/etc/mail/relay-domains table reject-email file:/etc/mail/reject-email table domains sqlite:/etc/mail/sqlite.conf table virtuals sqlite:/etc/mail/sqlite.conf table credentials sqlite:/etc/mail/sqlite.conf filter check-fcrdns builtin connect fcrdns disconnect "550 fc-rDNS" listen on mx1.domain1.nl port 25 tls pki mx1.domain1.nl hostnames filter check-fcrdns action "local" mbox alias action "maildir" maildir "/var/mail/virtual/%{dest:lowercase}/" virtual action "relay" relay action "smartrelay" relay host smtp://mail.domain1.nl match from any rcpt-to for any reject match from src !mail-from for any reject match from src mail-from action "relay" match from any for domain action "smartrelay" match from any for domain action "maildir" match from local action "smartrelay" match for any action "relay" ### # cat www-relays 46.23.xx.yy # cat www-senders w...@www.domain2.nl As soon as an email is send from one of the www-relays with the sender that is in www-senders I am getting the following error on the sending mail server (FreeBSD w/ dma): Jan 18 15:56:12 www dma[2eb801]: new mail from user=www uid=80 envelope_from= Jan 18 15:56:12 www dma[2eb801]: mail to= queued as 2eb801.801a2d0a0 Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying delivery Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: using smarthost (mx1.domain1.nl:25) Jan 18 15:56:12 www dma[2eb801.801a2d0a0]: trying remote delivery to mx1.domain1.nl [46.23.xx.zz] pref 0 Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: remote delivery to mx1.domain1.nl [46.23.xx.zz] failed after RCPT TO: 550 Invalid recipient Jan 18 15:56:13 www dma[2eb801.801a2d0a0]: delivery failed, bouncing as 2eb803 OpenSMTPD is saying (grep "00a1b263550db3c7" /var/log/maillog): Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected address=46.23.xx.yy host=46-23-xx-yy.domain1.nl Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command command="RCPT TO:" result="550 Invalid recipient" Jan 18 15:56:13 mx1 smtpd[36743]: 00a1b263550db3c7 smtp disconnected reason=disconnect Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp connected address=46.23.xx.xx host=www.domain2.nl Jan 18 14:10:04 mx1 smtpd[36743]: 00a1b263550db3c7 smtp failed-command command="RCPT TO:" result="550 Invalid recipient" Anybody have an idea? Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
relayd l7 loadbalancing
Hi All, I have somewhat the following config for relayd running on 6.1. And I am trying to forward certain request paths to different hosts. table { xx.xx.xx.131 } table { xx.xx.xx.31 } http protocol httpsfilter { match request header remove "Proxy" match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match response header set "Server" value "Sever" match response header set "X-Powered-By" value "Power" match response header set "X-Frame-Options" value "SAMEORIGIN" match response header set "X-Xss-Protection" value "1; mode=block" match response header set "X-Content-Type-Options" value "nosniff" match request quick path "/crm/" forward to tcp { no splice } } relay host_tls { listen on $ext_addr_v4 port 443 tls listen on $ext_addr_v6 port 443 tls protocol httpsfilter forward to port 80 check http "/" host example.com code 200 forward to port 80 } I have tried both "match request quick path" and "match request quick url" but what I noticed is that as soon as you have visited one of the URLs that needs forwarding to a different host you end up at the for all subsequent requests. With "match request quick url" this is to be expected as it checks everything up to /. For example: http://example.com/ -> wwwhost http://example.com/crm/ -> otherhost http://exmaple.com/folder/ -> otherhost Is this expected behaviour for "match request quick path" as well? Is there any way to do this type of load balancing? Thanx!! Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: please share your configuration files with us
Hi Gilles, Here you go. I have redundant table config in there but this was to test for the man rewrite/write up. :) #filter filter-pause pause #filter filter-regex regex #filter filter-dnsbl-sorbs dnsbl #filter filter-dnsbl-spamcop dnsbl "-h bl.spamcop.net" #filter filter-dnsbl-spamhaus dnsbl "-h sbl-xbl.spamhaus.org" #filter all chain filter-pause filter-regex filter-dnsbl-sorbs filter-dnsbl-spamcop filter-dnsbl-spamhaus #filter all chain filter-pause pki mx1.runbsd.nl certificate "/etc/ssl//mx1.runbsd.nl.fullchain.pem" pki mx1.runbsd.nl key "/etc/ssl/private/mx1.runbsd.nl.key" pki mx1.high5.nl certificate "/etc/ssl//mx1.high5.nl.fullchain.pem" pki mx1.high5.nl key "/etc/ssl/private/mx1.high5.nl.key" table names file:/etc/mail/hostnames table aliases file:/etc/mail/aliases table www-relays file:/etc/mail/www-relays table www-senders file:/etc/mail/www-senders # sqlite table domains sqlite:/etc/mail/sqlite.conf table virtuals sqlite:/etc/mail/sqlite.conf table credentials sqlite:/etc/mail/sqlite.conf # mysql #table domains mysql:/etc/mail/mysql.conf #table virtuals mysql:/etc/mail/mysql.conf #table credentials mysql:/etc/mail/mysql.conf # pgsql #table domains postgres:/etc/mail/pgsql.conf #table virtuals postgres:/etc/mail/pgsql.conf #table credentials postgres:/etc/mail/pgsql.conf listen on lo0 listen on mx1.runbsd.nl port 25 tls pki mx1.runbsd.nl hostnames listen on mx1.runbsd.nl port 587 tls-require pki mx1.runbsd.nl auth hostnames listen on mx1.high5.nl port 25 tls pki mx1.high5.nl hostnames accept from local for any relay via secure://mail.high5.nl accept from local for domain "*.high5.nl" relay via secure://mail.high5.nl reject from source sender ! for any accept from source sender for any relay accept from any for domain virtual deliver to maildir "/var/mail/virtual/%{dest:lowercase}/" accept from local for any relay Mischa > On 3 Aug 2017, at 19:32, Gilles Chehade wrote: > > Hi, > > We're currently reworking the smtpd.conf grammar to solve some errors we > made years ago and that are now in the way of many nice features. > > We would appreciate if AS MANY as you could send us your smtpd.conf, the > goal being for me to translate them to the new grammar and check how the > new smtpd.conf looks like for you. > > The more I get, the faster I can move forward with this change that will > span over many months. This has no chance of hitting 6.2 whatsoever, but > if it is done by 6.2 it may hit 6.3 :-) > > Again, many many many features rely on this to be done first so... ;-) > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: plans for 2017
Hi Gilles, Thank you for expressing your plans. Looking forward to the changes. Keep it coming, you are doing great things! Mischa > On 9 Feb 2017, at 10:44, Gilles Chehade wrote: > > Hello misc@, > > It's been calm for a while due to "real-life (tm)" events that had > to be handled in priority as far as I'm concerned, I don't know of > the reasons why the others are slacking though :-) > > I've been willing to send this mail for a while to outline some of > the big plans for 2017 regarding OpenSMTPD and some of the changes > that are planned in different parts of the daemon. > > > > First of all, regarding filters, since that's the question that is > coming the more often: > > Filters are neither dead or alive. > We have implemented an API and the mechanics to make that API work > and this is what people started using while we warned them not to. > > Turns out that while implementing a specific filter I hit an issue > which made it clear that there was a fundamental design issue with > the mechanics below the API that couldn't be worked around without > requiring a non-trivial refactor. > > We had a long chat with eric@ about this design issue and how this > could be redesigned in a way that all the work we've done is still > usable and we figured a way which will reuse a big part of what we > already did, which guarantees that we will not find a design error > later down the chain and which as a bonus simplifies the daemon. > > We're going to be working towards this way but now that we have an > experience in how providing the code early turned into a nightmare > for me, we'll work in a private branch then show the diff when the > code is working enough that it can be part of snapshots :-) > > > > Then, regarding the MTA we're going to do a pass of simplification > because the code has evolved into something quite complex and from > experience gathered in the mail industry these last few years, the > code can be made much more efficient while MUCH simpler. > > > > Finally, there is ongoing work that's going to span over months to > improve some configuration structures which is going to have a lot > of interesting side-effects which I'm going to keep as a surprise, > but that are going to be impressive. I personnally look forward to > this more than filters given the amounts of improvements this will > unlock in many areas ranging from configuration, to reload, to MTA > and MDA. > > > Stay tuned ! > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Filter withdrawals
>> I’d be up for it. Although I’m still running 5.9 on my mail server, I’m >> thinking of upgrading. I knew that filters are experimental (and really to >> test the API, not the filters themselves), however I’ve decided to use some >> of them and would like to continue doing so. The dnsbl is the one I’d miss >> the most. >> >> All other functionality in my config uses traditional approach, with >> relaying over smtp to a daemon (spamd, clamav, dkim_proxy, etc) listening on >> lo interface, and all seems to be working fine. > > Assuming that that is OpenBSD spamd then I may be able to help you > with your dnsbl desire. > > I have a python script that runs every 15 mins (inside the spamd > whitelist time) that checks for new entries, looks them up against a > dnsbl and blacklists if appropriate. Note that this code would be > provided "as is" & whilst it works for me I make no guarantees as to > anything. It probably isn't suitable for anything vaguely high > volume. > > A better hack than what I'm doing currently would be to abuse the > spamd sync feature which provides a much more timely notification of > activity, but I haven't found the round tuits to do it and am unlikely > to do so. I am very interested in that script as well. Would be great to have a blacklist function in spamd based on RBLs. Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Filter withdrawals
You mean for people that don't read disclaimers, read me's, release notes? :) Mischa -- > On 11 Sep 2016, at 13:01, Gilles Chehade wrote: > >> On Tue, Sep 06, 2016 at 09:10:40AM -0500, Edgar Pettijohn wrote: >> I'm thinking of starting a support group for others suffering from filter >> withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd >> and sieve. Is there any other options besides amavis? I really miss >> filter-regex. Haven't had any luck finding a replacement just curious if >> anyone out there has any suggestions. >> > > we should also start a support group for people suffering from other > people running filters that are not ready ;-) > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
Hi Peter, That is indeed a great article. Thank you for writing it. It gave me a new appreciation for spamd again. :) Mischa > On 11 Sep 2016, at 12:17, Peter N. M. Hansteen wrote: > >> On 09/10/16 19:10, Silvio Siefke wrote: >> I search with google but I found nothing with greylisting and most about >> spam is with shell scripts and pf. > > If all you've found is 'shell scripts and pf' I don't think you've > looked very closely. > > As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's > spamd(8), which was (for example) quite capable of shielding all my > users from the recent 'voicemail' scam using only its default > greylisting (see > http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html > about that particular incident, links to other articles about spamd(8) > greylisting and related topics therein). > > - Peter > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: Greylisting
Hi Silvio, Have a look at spamd. https://www.openbsd.org/spamd/index.html Also runs on non-OpenBSD. Mischa > On 10 Sep 2016, at 19:10, Silvio Siefke wrote: > > Hello, > > is greylisting available in opensmtpd? I have so much spam and I use > blacklist but it will not really work. > > > triolan.net.ua > tpasites.com > sak-ura.net > zwaan.nl > ibece.net > mccurdycandler.com > fischbach.co.uk > hv.be > outlook.com > fischbach.co.uk > ecolelasource.ch > bvniel...@ymail.com > > Can i write so or must be complete address? > > > # Deliver locally messages coming back in from scanner > accept tagged Scanned from local for domain virtual deliver > to maildir "~/maildir" > accept from local for local alias deliver to maildir "~/maildir" > reject tagged Scanned > > I search with google but I found nothing with greylisting and most about > spam is with shell scripts and pf. > > Nice day > Silvio > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: tool-stats
Hi Giovanni, Nope... native. Only running this machine with a honeypot domain at the moment. # uname -a OpenBSD br1 6.0 GENERIC.MP#0 amd64 Mischa > On 06 Sep 2016, at 18:22, Giovanni Bechis wrote: > > On 09/06/16 18:10, Mischa wrote: >> Hi All, >> >> Did something else change in 6.0 in regards to logging? >> >> tool-stats remains very empty. >> > in OpenBSD 6.0 works file, are you running portable (on Linux) ? > > - > tool-stats - smtpd log statistics (c) 2016 Joerg Jung > > Thu Sep 06 09:00:02 - Thu Sep 06 18:19:33 > > Messages: smtp: 6533 mta: 6509 mda: 0 reject: 0 > Throughput: 700.57 mails/hour 44.67 mbytes/hour > - > > Cheers > Giovanni > >> # zcat /var/log/maillog.6.gz | tool-stats >> tool-stats - smtpd log statistics (c) 2016 Joerg Jung >> >> Mon Aug 27 15:00:01 - Tue Aug 28 15:00:01 >> >> Messages: smtp: 0 mta: 0 mda: 0 reject: 4327 >> Throughput: 0.00 mails/hour 0.00 bytes/hour >> >> Filters >> >> DNSBL: 4327 >> Regex: connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0 >> Spam:0 >> Virus: 0 >> >> ### >> >> # tool-stats /var/log/maillog >> tool-stats - smtpd log statistics (c) 2016 Joerg Jung >> >> Thu Sep 06 11:00:01 - Thu Sep 06 18:07:10 >> >> Messages: smtp: 0 mta: 0 mda: 0 reject: 0 >> Throughput: 0.00 mails/hour 0.00 bytes/hour >> >> Filters >> >> DNSBL: 0 >> Regex: connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0 >> Spam:0 >> Virus: 0 >> >> >> >> I can see mail is coming in still >> >> # grep -c "550 Invalid recipient" /var/log/maillog >> 754 >> >> Mischa >> >> > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- High5! B.V. KvK: 33248398 BTW: NL800781417B01 Mobile: +31 6 2181 8161 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
tool-stats
Hi All, Did something else change in 6.0 in regards to logging? tool-stats remains very empty. # zcat /var/log/maillog.6.gz | tool-stats tool-stats - smtpd log statistics (c) 2016 Joerg Jung Mon Aug 27 15:00:01 - Tue Aug 28 15:00:01 Messages: smtp: 0 mta: 0 mda: 0 reject: 4327 Throughput: 0.00 mails/hour 0.00 bytes/hour Filters DNSBL: 4327 Regex: connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0 Spam:0 Virus: 0 ### # tool-stats /var/log/maillog tool-stats - smtpd log statistics (c) 2016 Joerg Jung Thu Sep 06 11:00:01 - Thu Sep 06 18:07:10 Messages: smtp: 0 mta: 0 mda: 0 reject: 0 Throughput: 0.00 mails/hour 0.00 bytes/hour Filters DNSBL: 0 Regex: connect: 0 helo: 0 mail: 0 rcpt: 0 dataline: 0 Spam:0 Virus: 0 I can see mail is coming in still # grep -c "550 Invalid recipient" /var/log/maillog 754 Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Filter withdrawals
I would definitely join that group. :)) Mischa > On 06 Sep 2016, at 16:10, Edgar Pettijohn wrote: > > I'm thinking of starting a support group for others suffering from filter > withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd > and sieve. Is there any other options besides amavis? I really miss > filter-regex. Haven't had any luck finding a replacement just curious if > anyone out there has any suggestions. > > Thanks, > > Edgar > > Sent from my iPhone > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: [OpenSMTPD-5.9.1] Postgresql Backend
g to figure the use of query_userinfo out as well, haven't been able to figure it out yet. > è Do I have to fill specific home : /var/vmail/%d/%u to the db / > query_userinfo ? No > è Does query_userinfo fill a proc: ? No idea. > In parallel I used the syntax : > _ query_credentials select account, password from vusers where account=$1; > instead > _ query_credentials select account, password from vusers where account=?; > (from the Giovanni’s presentation : opensmtpd-linuxcon2015) > The syntax used is working fine on my side. > è Where can I find all last informations or correct syntax for it ? I think it depends on the backend you are using. Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Virtual domain setup sanity check
Argh!! This always happens to me... staring at things for a couple of hours, send email, do some more staring and figuring it out. Anyway here is the working config. ### filter filter-pause pause filter filter-regex regex filter all chain filter-pause filter-regex pki mx1 certificate "/etc/ssl/mx1.crt" pki mx1 key "/etc/ssl/private/mx1.key" listen on lo0 listen on egress port 25 filter all tls pki mx1 table aliases file:/etc/mail/aliases table virtuals file:/etc/mail/virtuals table domains file:/etc/mail/domains accept from local for local alias deliver to mbox accept from any for domain virtual deliver to maildir "/var/vmail/%{rcpt}/" accept from local for any relay ### # /var/mail/domains virtualdomain1.tld virtualdomain2.tld # /var/mail/virtuals i...@virtualdomain1.tldvmail i...@virtualdomain2.tldvmail Thanks Gilles & Co for a kick ass, albeit confusing at times :)), smtp server! With all the filtering in place it's time to move away from Postfix! Mischa > On 02 Jul 2016, at 13:39, Mischa wrote: > > Hi All, > > I have been wrecking my brain to figure out how to get OpenSMTPD setup with > virtual domain hosting to achieve the following: > > i...@virtualdomain1.tld -> /var/vmail/i...@virtualdomain1.tld/ (Maildir) > i...@virtualdomain2.tld -> /var/vmail/i...@virtualdomain2.tld/ (Maildir) > etc... > > /var/vmail is owned by vmail:vmail (1001:1001). > > My smtpd.conf is: > ### > filter filter-pause pause > filter filter-regex regex > filter all chain filter-pause filter-regex > > pki mx1 certificate "/etc/ssl/mx1.crt" > pki mx1 key "/etc/ssl/private/mx1.key" > > listen on lo0 > listen on egress port 25 filter all tls pki mx1 > > table aliases file:/etc/mail/valiases > table domains file:/etc/mail/domains > table userinfo file:/etc/mail/userinfo > > accept from any for domain virtual userbase > deliver to maildir > accept from local for any relay > ### > > As far as I can find from reading the docs and code is that the tables only > match on the left side of the email address. > Which means in the above example there is a collision when the left side of > the email address is the same. > > The only way I have been able to get mail delivered, opposed to a "550 > Invalid recipient" is with: > > # /var/mail/domains > virtualdomain1.tld > > # /var/mail/valiases > i...@virtualdomain1.tldinfo > -or- > infoinfo > > # /var/mail/userinfo > info1001:1001:/var/mail/virtual/i...@virtualdomain1.tld > > Which in my mind means that the domain doesn't come into play at all, except > of course for accepting for the domain in the table. > Any other way, for example the below, results in a "550 Invalid recipient". > > # /var/mail/domains > virtualdomain1.tld > > # /var/mail/valiases > i...@virtualdomain1.tldi...@virtualdomain1.tld > > # /var/mail/userinfo > i...@virtualdomain1.tld1001:1001:/var/mail/virtual/i...@virtualdomain1.tld > > The end goal is to move the files to either sqlite or MariaDB. > Am I missing the bloody obvious or is it not possible, to have overlapping > left hand side of the email addresses, without remapping in the aliases table? > > Thanx!! > > Mischa > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Virtual domain setup sanity check
Hi All, I have been wrecking my brain to figure out how to get OpenSMTPD setup with virtual domain hosting to achieve the following: i...@virtualdomain1.tld -> /var/vmail/i...@virtualdomain1.tld/ (Maildir) i...@virtualdomain2.tld -> /var/vmail/i...@virtualdomain2.tld/ (Maildir) etc... /var/vmail is owned by vmail:vmail (1001:1001). My smtpd.conf is: ### filter filter-pause pause filter filter-regex regex filter all chain filter-pause filter-regex pki mx1 certificate "/etc/ssl/mx1.crt" pki mx1 key "/etc/ssl/private/mx1.key" listen on lo0 listen on egress port 25 filter all tls pki mx1 table aliases file:/etc/mail/valiases table domains file:/etc/mail/domains table userinfo file:/etc/mail/userinfo accept from any for domain virtual userbase deliver to maildir accept from local for any relay ### As far as I can find from reading the docs and code is that the tables only match on the left side of the email address. Which means in the above example there is a collision when the left side of the email address is the same. The only way I have been able to get mail delivered, opposed to a "550 Invalid recipient" is with: # /var/mail/domains virtualdomain1.tld # /var/mail/valiases i...@virtualdomain1.tldinfo -or- infoinfo # /var/mail/userinfo info1001:1001:/var/mail/virtual/i...@virtualdomain1.tld Which in my mind means that the domain doesn't come into play at all, except of course for accepting for the domain in the table. Any other way, for example the below, results in a "550 Invalid recipient". # /var/mail/domains virtualdomain1.tld # /var/mail/valiases i...@virtualdomain1.tldi...@virtualdomain1.tld # /var/mail/userinfo i...@virtualdomain1.tld1001:1001:/var/mail/virtual/i...@virtualdomain1.tld The end goal is to move the files to either sqlite or MariaDB. Am I missing the bloody obvious or is it not possible, to have overlapping left hand side of the email addresses, without remapping in the aliases table? Thanx!! Mischa -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Crashing once a day and not auto-starting back
Hi All, There was an awesome utility once, daedalus. Written in Ruby though. :) http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=daedalus Mischa -- > On 05 May 2016, at 17:30, Edgar Pettijohn wrote: > > You could have a cron job check that it's running and if not restart it. Plus > the email cron sends would give you a time frame to look for in the logs. > > Sent from my iPhone > >>> On May 5, 2016, at 9:58 AM, Mariano Baragiola >>> wrote: >>> >>> On 05/05/16 11:51, Gilles Chehade wrote: >>> >>> No it shouldn't autostart when it crashes. >>> It shouldn't crash either. >>> >>> Can you provide more details ? >>> logs before the crash ? >> >> Noted. Is it a way to autostart it again >> if it crashes? >> >> I just added the verbosity flag to smtpd, >> so I guess I'll have more log details if >> and as soon as it crashes again. >> >> >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org