Re: help me understand local mail please

2021-03-18 Thread Илья Коскин
чт, 18 мар. 2021 г. в 02:27, Thomas Bohl :

>
> > what is address=local? is this smtpd.sock?
>
> As far as I understand it, yes.
> (Which makes the first part of my original answer somewhat wrong. I was
> thinking about something else while answering.)
>
>
> > I cannot understand in what moment connection automatically authenticates.
>
> When you use mail, sendmail is used, which is smtpctl (see
> /etc/mailer.conf). smtpctl uses /var/run/smtpd.sock to communicate with
> smtpd. Connections via /var/run/smtpd.sock are (as you can see in your
> logs) from local. This local connections are automatically authenticated.
> As far as I understand, connections over IP (even from 127.0.0.1) are
> never automatically authenticated, in order to prevent accidental open
> relays.
>

Thank's a lot! Now everything is clear!



Re: help me understand local mail please

2021-03-16 Thread Илья Коскин
Thank you for clarifying this.
But, now i have another question.
If I try to connect via telnet to mx.kasakoff.net port 25 (from
mx.kasakoff.net of course), my connection is not "automatically"
authenticated.
but, when sending mail via "mail" program, it works.
Here is some log information:
Mar 16 22:52:21 mx smtpd[13842]: 165f8a5170b2254b smtp connected
address=91.210.228.4 host=mx.kasakoff.net - not sending to world
Mar 16 22:54:43 mx smtpd[13842]: 165f8a5289de9eec smtp connected
address=local host=mx.kasakoff.net - sending to world
what is address=local? is this smtpd.sock?
I cannot understand in what moment connection automatically authenticates.

пн, 8 мар. 2021 г. в 01:11, Thomas Bohl :

> Hello,
>
> > match action "mbox"
> > match from any for domain  action "deliver"
> > match auth from any for any action "relay"
> >
> > --
> > as i can imagine, the "mbox" match is expanded to
> > match from local to local action "mbox"
> > if I understand it correctly, "from local" means that mail has come from
> > 127.0.0.1(or what?),
>
> Connections from mx.kasakoff.net are "from local".
>
>
>  > and "for local" is what?
>
> Mails going to @mx.kasakoff.net.
>
>
> > I am asking, because actually, with this config, i can send mail to any
> > server, look:
> > mx$ mail -v -r nore...@kasakoff.net  -s
> > "test mail" kos...@tvema.ru 
> > test
> > .
> > EOT
> > <<< 220 mx.kasakoff.net ESMTP OpenSMTPD
> >  >>> EHLO localhost
> > <<< 250-mx.kasakoff.net Hello localhost
> > [local], pleased to meet you
> > <<< 250-8BITMIME
> > <<< 250-ENHANCEDSTATUSCODES
> > <<< 250-SIZE 104857600
> > <<< 250 HELP
> >  >>> MAIL FROM:mailto:nore...@kasakoff.net>>
> > <<< 250 2.0.0 Ok
> >  >>> RCPT TO:mailto:kos...@tvema.ru>>
> > <<< 250 2.1.5 Destination address valid: Recipient ok
> >  >>> DATA
> > <<< 354 Enter mail, end with "." on a line by itself
> >  >>> .
> > <<< 250 2.0.0 6bc3d534 Message accepted for delivery
> >  >>> QUIT
> > <<< 221 2.0.0 Bye
> >
> > "tvema.ru" is not local, then, why does it work?
>
> Because of this line in your config:
>
> match auth from any for any action "relay"
>
> Your connection is local, so it's automatically authenticated and
> matches with "auth".
> Mail from is "nore...@kasakoff.net" so it matches with "from any".
> Rcpt to is "kos...@tvema.ru", which is not in the domains table, so it
> matches with "for any".
> Ergo the the mail will be relayed to mail.tvema.ru.
>
>


Re: help me understand local mail please

2021-03-05 Thread Илья Коскин
i have an additional info!
i have checked logs when mail is sent from mail utility:
Mar  5 18:52:23 mx smtpd[13842]: 165f7946b5b2e582 smtp connected
address=local host=mx.kasakoff.net
Mar  5 18:52:23 mx smtpd[13842]: 165f7946b5b2e582 smtp message
msgid=6bc3d534 size=338 nrcpt=1 proto=ESMTP
Mar  5 18:52:23 mx smtpd[13842]: 165f7946b5b2e582 smtp envelope
evpid=6bc3d53407114548 from= to=
and when i try to connect via 127.0.0.1:
Mar  5 19:39:20 mx smtpd[13842]: 165f798f0dfd229b smtp connected
address=127.0.0.1 host=localhost
Mar  5 19:39:52 mx smtpd[13842]: 165f798f0dfd229b smtp failed-command
command="RCPT TO:" result="550 Invalid recipient: <
kos...@tvema.ru>"
i see a difference in "connected address" where "local" can send everything
and "127.0.0.1" work as expected.
but then, what "local" is?

пт, 5 мар. 2021 г. в 19:25, Илья Коскин :

> Hello everybody! I have this simple config in use:
>
> table aliases file:/etc/mail/aliases
> table domains { kasakoff.net }
>
> listen on lo0
>
> listen on egress inet4 tls pki kasakoff.net auth-optional
> listen on egress inet4 port submission tls-require pki kasakoff.net auth
>
> action "mbox" mbox alias 
> action "deliver" mda "/usr/local/libexec/dovecot/dovecot-lda
> action "relay" relay
>
> match action "mbox"
> match from any for domain  action "deliver"
> match auth from any for any action "relay"
>
> --
> as i can imagine, the "mbox" match is expanded to
> match from local to local action "mbox"
> if I understand it correctly, "from local" means that mail has come from
> 127.0.0.1(or what?), and "for local" is what?
>
> I am asking, because actually, with this config, i can send mail to any
> server, look:
> mx$ mail -v -r nore...@kasakoff.net -s "test mail" kos...@tvema.ru
> test
> .
> EOT
> <<< 220 mx.kasakoff.net ESMTP OpenSMTPD
> >>> EHLO localhost
> <<< 250-mx.kasakoff.net Hello localhost [local], pleased to meet you
> <<< 250-8BITMIME
> <<< 250-ENHANCEDSTATUSCODES
> <<< 250-SIZE 104857600
> <<< 250 HELP
> >>> MAIL FROM:
> <<< 250 2.0.0 Ok
> >>> RCPT TO:
> <<< 250 2.1.5 Destination address valid: Recipient ok
> >>> DATA
> <<< 354 Enter mail, end with "." on a line by itself
> >>> .
> <<< 250 2.0.0 6bc3d534 Message accepted for delivery
> >>> QUIT
> <<< 221 2.0.0 Bye
>
> "tvema.ru" is not local, then, why does it work?
> thanks in advance for help, and personally thanks devs for the great
> software
>


help me understand local mail please

2021-03-05 Thread Илья Коскин
Hello everybody! I have this simple config in use:

table aliases file:/etc/mail/aliases
table domains { kasakoff.net }

listen on lo0

listen on egress inet4 tls pki kasakoff.net auth-optional
listen on egress inet4 port submission tls-require pki kasakoff.net auth

action "mbox" mbox alias 
action "deliver" mda "/usr/local/libexec/dovecot/dovecot-lda
action "relay" relay

match action "mbox"
match from any for domain  action "deliver"
match auth from any for any action "relay"

--
as i can imagine, the "mbox" match is expanded to
match from local to local action "mbox"
if I understand it correctly, "from local" means that mail has come from
127.0.0.1(or what?), and "for local" is what?

I am asking, because actually, with this config, i can send mail to any
server, look:
mx$ mail -v -r nore...@kasakoff.net -s "test mail" kos...@tvema.ru
test
.
EOT
<<< 220 mx.kasakoff.net ESMTP OpenSMTPD
>>> EHLO localhost
<<< 250-mx.kasakoff.net Hello localhost [local], pleased to meet you
<<< 250-8BITMIME
<<< 250-ENHANCEDSTATUSCODES
<<< 250-SIZE 104857600
<<< 250 HELP
>>> MAIL FROM:
<<< 250 2.0.0 Ok
>>> RCPT TO:
<<< 250 2.1.5 Destination address valid: Recipient ok
>>> DATA
<<< 354 Enter mail, end with "." on a line by itself
>>> .
<<< 250 2.0.0 6bc3d534 Message accepted for delivery
>>> QUIT
<<< 221 2.0.0 Bye

"tvema.ru" is not local, then, why does it work?
thanks in advance for help, and personally thanks devs for the great
software


Re: need help to understand the logic of new grammar

2018-10-31 Thread Илья Коскин
I'll try to answer myself.
As i see, the options "from local" and "for local" is the defaults, and can
be omitted?
So, the first match can be cut to
match action "mbox" ??
the my first question i have understood, if "from local" is the default,
than it will not work without "from any"
the second question was about "from any" in the 4th match. I see, if i try
to send email, i connect to egress, so this is not local, and will not
work. also i cant use "from "
and in trird match, mails from dkim proxy come to lo0, so they are
processed as local and the rule can be extended to:
match from local tag DKIM for any action "relay" am i right?

so the last question, can i limit mta to inet4 only?

ср, 31 окт. 2018 г. в 15:04, Илья Коскин :

> Hello list! Please look at my match-action definitions:
>
> action "mbox" mbox alias 
> action "mda" mda "/usr/local/bin/procmail" alias 
> action "relay" relay
> action "relay_dkim" relay host smtp://127.0.0.1:10027
>
> match for local action "mbox"
> match from any for domain  action "mda"#2nd match
> match tag DKIM for any action "relay"   #3rd match
> match auth from any for any action "relay_dkim"  #4th match
>
> I have some questions about matches.
> 1) If I remove "from any" in the second match, smtpd will not accept any
> mail from internet. Why?
> 2) In the 4th match, again, without "from any" I can't send mail to
> anywhere. How can I know, where i need to use "from any" and where i don't?
> For example 3rd match work without "from any"
> 3) is this config comosed secure and correctly?
> maybe it is option to use
> match auth from  for any action "relay_dkim" ?
> if this work, it can partially help to prevent spamming from compromised
> users.
>
> Also, is there any way to limit mta sending only from ipv4?
>
> Thank's!
>
>


need help to understand the logic of new grammar

2018-10-31 Thread Илья Коскин
Hello list! Please look at my match-action definitions:

action "mbox" mbox alias 
action "mda" mda "/usr/local/bin/procmail" alias 
action "relay" relay
action "relay_dkim" relay host smtp://127.0.0.1:10027

match for local action "mbox"
match from any for domain  action "mda"#2nd match
match tag DKIM for any action "relay"   #3rd match
match auth from any for any action "relay_dkim"  #4th match

I have some questions about matches.
1) If I remove "from any" in the second match, smtpd will not accept any
mail from internet. Why?
2) In the 4th match, again, without "from any" I can't send mail to
anywhere. How can I know, where i need to use "from any" and where i don't?
For example 3rd match work without "from any"
3) is this config comosed secure and correctly?
maybe it is option to use
match auth from  for any action "relay_dkim" ?
if this work, it can partially help to prevent spamming from compromised
users.

Also, is there any way to limit mta sending only from ipv4?

Thank's!


Re: strange behavior on delivering messages

2015-01-18 Thread Илья Коскин
I was able to solve problem by myself. 

All i do is swap lines in config. So: 

accept for local alias aliases deliver to mbox
accept for any relay
accept from any for domain domains alias aliases deliver to mda 
/usr/local/bin/procmail


will NOT work, and:

accept for local alias aliases deliver to mbox
accept from any for domain domains alias aliases deliver to mda 
/usr/local/bin/procmail
accept for any relay

works properly. 

I did not know that it matters, sorry

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Question about auth and auth-optional

2014-05-24 Thread Илья Коскин
The manual for auth-optional looks like this:

If auth-optional is specified, then SMTPAUTH is not required to establish an 
SMTP transaction. This is only useful to let a listener accept incoming mail 
from untrusted senders and outgoing mail from authenticated users in situations 
where it is not possible to listen on the submission port.

What is submission port? I noticed, that if option auth is specified, than 
nobody can send messages to my server without password, even gmail or other 
external services. If option auth-optional is specified, i successfully receive 
mail from gmail, yandex and everything else. So, I think auth-optional is the 
only choise for most of servers, am i right? 

I'm very happy using OpenSMTPD! This is the best MTA ever! 

Could you help me with one more question, please. Will OpenSMTPD ever support 
non-tls PLAIN login auth mechanism? For me it is not a problem to use tls, but 
some old or thin mua does not support tls or ssl, i know this is not secure, 
but for the OpenSMTPD full greatness it would be nice. 

Thank you for all!  

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org