Re: Authentication problem

2021-06-17 Thread nathanael

Fran├žois RONVAUX  wrote:

I successfully got the client "test" authenticate on the server "mx1" with
this :
---
foo@test : # cat /etc/mail/secrets
foofoo:password_clear
---

But another issue that appeared...

Authentication does now work with this line in the file "smtpd.conf" :
---
table secrets file:/etc/mail/secrets
---

But if instead of a text file I use a db file, it does not work and I see
again the message "AUTH rejected: 535
Authentication failed" in the logs :
---
table secrets db:/etc/mail/secrets.db
---

I generated the db file with "makemap secrets" and there was no error
reported  by the command.


if you are on openbsd you might need the `opensmtpd-extras` package



Re: smtpctl spf walk -6 ?

2021-05-12 Thread nathanael
Harald Dunkel  wrote:
> Hi folks,
> 
> I am a big fan of IPv6, so I wonder why smtpctl spf walk omits
> all the IPv6 addresses?
> 
>   # echo spf.protection.outlook.com | smtpctl spf walk
>   40.92.0.0/15
>   40.107.0.0/16
>   52.100.0.0/14
>   104.47.0.0/17
>   51.4.72.0/24
>   51.5.72.0/24
>   51.5.80.0/27
>   20.47.149.138/32
>   51.4.80.0/27
> 
>   # dig spf.protection.outlook.com TXT +short | tr \  \\n
>   "v=spf1
>   ip4:40.92.0.0/15
>   ip4:40.107.0.0/16
>   ip4:52.100.0.0/14
>   ip4:104.47.0.0/17
>   ip6:2a01:111:f400::/48
>   ip6:2a01:111:f403::/48
>   include:spfd.protection.outlook.com
>   -all"
> 
>   # echo spf.protection.outlook.com | smtpctl spf walk -6
>   invalid command
> 
> 
> Regards
> Harri

this is what i get on my machine:

~ echo spf.protection.outlook.com | smtpctl spf walk
40.92.0.0/15
40.107.0.0/16
52.100.0.0/14
104.47.0.0/17
2a01:111:f400::/48
2a01:111:f403::/48
51.4.72.0/24
51.5.72.0/24
51.5.80.0/27
20.47.149.138/32
51.4.80.0/27
2a01:4180:4051:0800::/64
2a01:4180:4050:0800::/64
2a01:4180:4051:0400::/64
2a01:4180:4050:0400::/64

no idea why you don't see the ipv6 addresses



Re: Old clients fail to establish SSL Connection to 6.9

2021-05-11 Thread nathanael
Eric Faurot  wrote:
> On Fri, May 07, 2021 at 01:42:52AM +0200, Markus Julen wrote:
> > Hi all!
> > 
> > Having just moved a small "outgoing only" mailserver to 6.9, I started to 
> > receive error messages:
> > 
> > > 80008bb60b9428ed smtp connected address=X.X.X.X host=z.z.z
> > > 80008bb60b9428ed smtp disconnected reason="io-error: handshake failed: 
> > > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number"
> > 
> > No filters, nothing, just plain smtpd. 6.8 worked flawlessly.
> > 
> > Has anyone managed to tweak the "cipher" option to the "listen" directive? 
> > Any other options to try?
> > 
> > Telling everyone to upgrade their mail client is probably no option as of 
> > now...
> 
> Hello.
> 
> Have a look at the tls_config_set_protocols(3) manpage for the protocols and 
> ciphers
> options. You can try with something like:
> 
> listen on ... tls protocols "legacy" ciphers "compat"
> 
> Eric.

i got a similar error:

> May 11 21:00:57 mail smtpd[54101]: 1dce957aa81938f4 smtp connected 
> address=65.55.52.250 host=co1gmehub09.msn.com
> May 11 21:00:58 mail smtpd[62909]: dnsbl: 1dce957aa81938f4 not listed
> May 11 21:00:58 mail smtpd[54101]: 1dce957aa81938f4 smtp disconnected 
> reason="io-error: handshake failed: error:140260C1:SSL 
> routines:ACCEPT_SR_CLNT_HELLO:no shared cipher"

the "fix" from eric worked, i received the email, thanks!

this is kind of funny, the email was from microsoft, i had to send
them an email that they remove me from a block list cause apparently
my neighbors aren't behaving peacefully and have sent some spam,
so microsoft decided to block the whole network, which prevented
me of sending emails to @hotmail.com addresses

this is the third time i had to send them an email (first time was
half a year ago, second time about 3 months ago, i am seeing a
pattern here... enough with the anectodes)

it seems like they are sending emails using some legacy ciphers?!
before 6.9 i received these emails without any change in my smtpd.conf