Re: are wildcard aliases possible?
I don't think that is even planned but change that - to a + and you trip over the SMTP tagging feature which does work as you are describing. I use jabarb+[site]@ to tag sites and see if they resell my email. Sent from a mobile device. On Dec 24, 2014 7:00 AM, James MacMahon j...@operand.ca wrote: Hi, Would it be possible to have an entry in /etc/mail/aliases like: jwm-*: jwm I use qmail currently which supports this, but am looking at OpenSMTPD as a replacement. The problem is that I have used on the order of 100 addresses of the form jwm-*@operand.ca so that unique emails are used and this is gating my change. To switch, I could use a script that will extract all unique jwm-* entries and populate /etc/mail/aliases but this means that I can't arbitrarily give out new unique addresses on demand. Is this feature in the works? Regards, James -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: are wildcard aliases possible?
Yeah qmail uses - for tagging for whatever reason. The rest of the internet uses +. Sent from a mobile device. On Dec 24, 2014 9:42 AM, James MacMahon j...@operand.ca wrote: Right, I tag sites for the same reason :) I just tried your recommendation with OpenSMTPD: $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 janssen.my.domain ESMTP OpenSMTPD helo localhost 250 janssen.my.domain Hello localhost [127.0.0.1], pleased to meet you mail from: jwm+test@localhost 250 2.0.0: Ok rcpt to: jwm+testmail@localhost 250 2.1.5 Destination address valid: Recipient ok Seems to work here, but not with qmail: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ So: as a temporary solution, I can use my script to populate /etc/mail/aliases and switch to giving out jwm+* addresses from now on. Thanks, James On 24 Dec 2014, Barbier, Jason wrote: I don't think that is even planned but change that - to a + and you trip over the SMTP tagging feature which does work as you are describing. I use jabarb+[site]@ to tag sites and see if they resell my email. Sent from a mobile device. On Dec 24, 2014 7:00 AM, James MacMahon j...@operand.ca wrote: Hi, Would it be possible to have an entry in /etc/mail/aliases like: jwm-*: jwm I use qmail currently which supports this, but am looking at OpenSMTPD as a replacement. The problem is that I have used on the order of 100 addresses of the form jwm-*@operand.ca so that unique emails are used and this is gating my change. To switch, I could use a script that will extract all unique jwm-* entries and populate /etc/mail/aliases but this means that I can't arbitrarily give out new unique addresses on demand. Is this feature in the works? Regards, James -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD Extras and libasr
What about having a separate branch for your each wip item or a wip branch with a ticket linked to the branch with a to do to make the items prod. On Nov 21, 2014 10:13 AM, Gilles Chehade gil...@poolp.org wrote: On Thu, Nov 13, 2014 at 04:36:09PM +0100, Gilles Chehade wrote: On Thu, Nov 13, 2014 at 03:59:19PM +0100, Emmanuel Vadot wrote: Hello list, Currently the build system for the extras (table, filters etc ...) is not really intelligent. It does not check is the required libs or interpreters in present on the machine and doesn't even use the correct path for the libs. This is a problem for user and packagers since now it's not possible to easily provide an OpenSMTPD package with mysql for example. After talking to gilles@ in private on IRC we tought on possibly make the following changes : 1) Each extras will provides it's own configure script 2) Each configure scripts will correctly check its dependancies 3) All extras will be shipped in a single archive 4) Maybe have just one branch in the git since OpenBSD doesn't ship with smtpd extras. For 1, it will simply keep the configure as simple as it need to be For 2, well ... For 3, I know that the FreeBSD ports infrastructures can handle this correctly (having multiple ports that depends on one distfiles, the Qt ports for plugins does that). Is there some ports/packages infrastructure that can't ? To make it more clear, right now people tend to clone / fetch the entire extras just to grab that one bit they need. The idea is to make each extra individual so that while they are all in the same repository, one can package a specific extra for his system so ultimately you can: pkg_add opensmtpd-filter-dkim, ... [...] At the moment, extras are not correctly integrated, it took us quite some effort to split them out of the smtpd tree but we have not yet worked on how to easily plug them. What I suggested with regard to the just one branch idea, is the following: smtpd is developed on OpenBSD and fixed for portability using the compat glue, so we need two branches to avoid the compat glue ending in the openbsd tree where it's not needed. -extras are different: they are developped on different systems by non-openbsd developers, they can have any dependencies and are supposed to be the same code on OpenBSD and other systems are they communicate with smtpd through a common API. therefore my idea was to drop the master/portable difference for extras and have a single branch for both. ok, so work has officially started in this area. Tonight I will focus on merging the portable and master branch together, then later the autotools glue will be added appropriately. One idea stepped in my mind and I would like to know what you guys think about it: There is currently no separation between extras that are considered prod ready and extras that are considered work in progress. Also, some of the extras which are considered prod ready are undocumented which isn't good and not to our standards. I suggest that we add a wip/ directory in -extras with the same layout and while we accept all contributions to wip/, only those documented and production ready gets moved out of wip/ what do you think ? -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPd mailinglist software
http://permalink.gmane.org/gmane.mail.opensmtpd.general/972 On Sun, Nov 9, 2014 at 1:00 PM, Denis Fondras open...@ledeuns.net wrote: Hi, I'd like to setup a simple mailing-list server. Is the code used by the OpenSMTPd available somewhere ? If not, what would you recommend to interface with OpenSMTPd ? Thank you in advance, Denis -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: [OpenSMTPD] portable snapshot opensmtpd-201410131657p1 available
So far in my limited testing it seems to work well with the way exchange likes to drop addresses Jason Barbier (Xtreme Consulting Group) v-jas...@microsoft.com Ill see if I can test more when I get home. On Tue, Oct 14, 2014 at 11:43 AM, Gilles Chehade gil...@poolp.org wrote: On Mon, Oct 13, 2014 at 05:06:04PM +0200, Gilles Chehade wrote: Erf, the most important part ... Please do test with different MUA's and report if the mails you send and receive come up with weird From, To and Cc fields. The parser is supposed to recognizes the following formats (all mixed): To: gilles, eric, gilles gilles, eric faurot eric, charles longeau chl Which should result in a rewrite to: To: gil...@opensmtpd.org, e...@opensmtpd.org, gilles gil...@opensmtpd.org, eric faurot e...@opensmtpd.org, charles longeau c...@opensmtpd.org on my machine. I have received 0 feedback so far :-( This needs to be part of our next release. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Incomplete error messages from bounced emails?
yeah to be fair I would agree with Gilles no knob other than trace. On Mon, Sep 29, 2014 at 1:37 PM, Gilles Chehade gil...@poolp.org wrote: On Mon, Sep 29, 2014 at 05:26:29PM -0300, Hugo Osvaldo Barrera wrote: On 2014-09-29 21:35, Gilles Chehade wrote: On Mon, Sep 29, 2014 at 11:50:41AM -0300, Hugo Osvaldo Barrera wrote: On 2014-09-05 19:22, Giovanni Bechis wrote: On 09/01/14 18:53, Hugo Osvaldo Barrera wrote: On 2014-09-01 11:46, Gilles Chehade wrote: On Sat, Aug 23, 2014 at 12:28:00PM -0300, Hugo Osvaldo Barrera wrote: On 2014-08-22 18:32, Giovanni Bechis wrote: On 08/22/14 14:30, Hugo Osvaldo Barrera wrote: I recently had some messages bounce from gmail.com. I went up to their forums to ask what's up, and on the replies, it was pointed out to my that gsmtpd actually sends a rather verbose explanation message when it bounces messages (eg: if it's spam, invalid return address, blacklisted address, etc). Here's the thread were this was pointed to me. I'm guessing that sending an email from a non-static IP range is enough to trigger a bounce harmelessly: https://productforums.google.com/forum/#!msg/gmail/SQQAbew5tfE/-ue8aO07sf8J Can somebody confirm if these explanations are being dropped by smtpd, if they're non-standard, or what's going on? gmail warnings are splitted in two or more lines and smtpd logs only one of them. See https://github.com/OpenSMTPD/OpenSMTPD/issues/365 for details. Cheers Giovanni -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org Looks like the devs were expecting this to make it to the list and it did not. Can we bring that up now? Are there any downsides to implementing this? Yes, we were waiting for the discussion to come up. There's a downside to implementing this: Imagine you create an account for me on your server. I then decide to go rogue and setup a remote MX which will reply with a HUGE response, say 1000s of lines. We need to log atomically so: a- log line can't be written until we're done reading response; b- session needs to remember every line of the response until done reading; Can't we not-log all of it, but keep the message and send it to the original sender? The logs could be something like: 550 Error... [25 more lines trimmed] I would like to have at maximum 5/6 lines of response on my log to be able to found if a problem is recurring and which could be the original cause. Cheers Giovanni -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org It looks like this thread died fast, and nothing was decided. Is there any interest on implementing this/making it configurable? Would these errors be outputed if smtpd is run with -v? Cheers, Ok, what about the following: - we read n lines, strip their newline and concat them; - if reply was n line, we log that output was truncated and needs to be analyzed through smtpctl trace Would that be ok for everyone ? -- Gilles Chehade https://www.poolp.org @poolpOrg Sounds good to me. Maybe some users will want this to be configurable (on/off). That's not something I like to do as you probably already know ;p -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Why use lda or lmtp at all?
While you don't need to use LDA/LMTP if you read the documentation about Dovecot and the IMAP index you'll find that your dovecot instance will use more resources if you don't run it through the Dovecot delivery agent since it will have to update the index at a later time where if it comes through the delivery agent it updates it as it comes in. That said again its not vital it just depends on how busy your instance is. If you have a several thousand user instance it may be better for you if you use the delivery agent, BUT if its just one or two you may not notice the difference. On Sat, Jun 7, 2014 at 1:25 AM, Clint Pachl pa...@ecentryx.com wrote: And thank you Martin for asking. I had the same ideas and questions as you. I don't use any incoming filtering with Dovecot and my mailboxes only have around 10k messages, so I just have OpenSMTPD setup as the MDA. Previously, I was using Postfix+Dovecot for years. I configured Postfix to pass mail to Dovecot. So when I recently converted Postfix to OpenSMTPD, I decided to put OpenSMTPD in charge. I did some testing both ways and found no difference in function or performance, so I revoked Dovecot's MDA rights so to speak. But I can understand Bryan's points below. Martin Braun wrote, On 04/16/14 20:51: I have now (finally) a successful setup in which opensmtpd delivers mail to dovecot-lda and dovecot handles imap, but I tried to have opensmtpd deliver the mail directly into the maildir, and NOT to dovecot, and just have dovecot serve IMAP. Keeping them separated and using OpenSMTPDs own MDA seems much nicer. So OpenSMTPD can focus on its job and Dovecot only has to serve IMAP. If - for some reason - Dovecot should crash, OpenSMTPD can still deliver email. One guy on this list wrote: It's better to either deliver via LMTP to dovecot or via dovecot's delivery binary because this will keep the indexes intact that dovecot needs to work efficiently. But I have testet Dovecots index and cache and both are kept intact and updated even when Dovecot doesn't handle the mail delivery. Each time a user checks his maildir via IMAP Dovecot scannes the directory and updates the index. So, currently I cannot see any reason as to why OpenSMTPD should deliver mail directly to Dovecot. Am I missing something? Kind regards. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Meaning of from local
From local means 2 things 1. From 127.0.0.0/8 or from authenticated, On May 30, 2014 5:09 AM, Clint Pachl pa...@ecentryx.com wrote: Clint Pachl wrote, On 05/30/14 05:02: The directive for from local in the smtpd.conf(5) man page states: The rule matches only locally originating connections. But what exactly does locally originating mean? My network consists of two subnets: 10.0.9.0/24 and 10.0.10.0/24. The OpenSMTPD server is at 10.0.9.20. The email client is at 10.0.10.24. The mail server will relay mail to the Internet for the client with the following single rule: accept from local for any relay Should the mail server be relaying mail for this client? Is the client, which is on a different subnet than the mail server, considered local? I also forgot to add that this client is also authenticating with the mail server using this rule: listen on mail port submission tls-require pki tm auth passwd Perhaps a successfully authenticated session automatically makes the client local? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD Problem
The answer is no since without the brackets is outside of the rfc. On May 23, 2014 1:18 PM, Nicholas Janzen n...@obsd.com wrote: I'm really looking forward to the new OpenSMTP included in OpenBSD. I'm having an issue with both the mail program and inbound SMTP both give the same error Is there a way for it accept: n...@test.com in addition to: n...@test.com ? # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 vpn.secure5.net ESMTP OpenSMTPD helo test.com 250 vpn.secure5.net Hello test.com [127.0.0.1], pleased to meet you MAIL FROM: n...@test.com 553 5.1.0: Sender address syntax error MAIL FROM: n...@test.com 250 2.0.0: Ok RCPT TO: n...@test.com 501 5.1.3: Recipient address syntax error RCPT TO: n...@test.com 250 2.1.5 Destination address valid: Recipient ok ^] telnet quit Connection closed. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: What's the idea behind not enough disk space temporarily rejecting messages
Hmm, I see. at worst you now locked yourself out. I've already got the ext4 reserved blocks covering for that. Of course, not every file system has something like that. Even with reserve blocks it is still quite possible to fill the disk up past the reserve blocks. Never rely on a feature like that to save you from yourself ;), Ive had a few systems that were a fun disaster because the disk hit 105% full. But also every MTA does this also and you will be hard pressed to find one that doesn't. Indeed. postfix, for example, has a limit of 1.5 × message_size_limit. Way more sane, imho. Im not advising the limit is sane, it should/could be a knob, which is probably a discussion to have now. To be fair I as the admin should be able to decide how much I want to fill my queue folder, since in all fairness my queue folder could not be in /var/spool I could have moved it to a san where it shares space with other mission critical applications and has 50 terabytes of storage, and I really don't care if the disk fills past 5% because really it wont effect anything for the disk to get to near zero and I will always be able to recover from it filling. but that means your script or app needs to learn to be more resilient Any standard solutions for cron/at to do that? Standard no, many ideas, yes. If you just bebop around the internet there are many great examples of scripts that are resiliant. Since Im not sure what your scripts are written in I can only give you generic advice which is if you use the sendmail sender as the wrapper it should return a success/fail result and you could case or if/else for that result so it becomes in essence: Check for unsent queue and try to send Try to send new mail if Success exit if fail count=1 try again if fail count=2 write mail to disk (maybe pickup directory so it will get sent at some point when the mailer recognizes it) -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: All messages on localhost bein rejected!
It seems to be wide spread eirc did you get a chance to look at it. On May 13, 2014 7:09 PM, Hugo Osvaldo Barrera h...@barrera.io wrote: Hi! After updating to the lastest snapshots, all messages sent (to be relayed) from my laptop are getting rejected, and I've no idea why: # smtpd -dvvv debug: init ssl-tree info: OpenSMTPD 201405121707p1 starting debug: bounce warning after 4h debug: using fs queue backend debug: using ramqueue scheduler backend debug: using ram stat backend info: startup [debug mode] libevent 2.0.21-stable (epoll) debug: parent_send_config_ruleset: reloading debug: parent_send_config: configuring pony process debug: parent_send_config: configuring ca process filter: building simple chains... filter: building complex chains... filter: done building complex chains filter: done building default chain debug: init ssl-tree debug: ca_engine_init: using RSAX engine support debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki debug: init private ssl-tree debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki debug: smtp: will accept at most 2022 clients debug: queue: done loading queue into scheduler debug: smtpd: scanning offline queue... debug: smtpd: offline scanning done debug: smtp: new client on listener: 0x104e4f0 smtp-in: New session ed6a077940f176d7 from host localhost.localdomain [IPv6:::1] smtp: 0x109fe30: fd 5 from queue smtp: 0x109fe30: fd 7 from filter debug: filter: tx data (198) for req ed6a077940f176d7 debug: filter: tx data (38) for req ed6a077940f176d7 debug: smtp: 0x109fe30: data io done (198 bytes) smtp: 0x109fe30: eom. datalen=198 filter: datalen mismatch on session ed6a077940f176d7: 236/198: No such file or directory smtp-in: Failed command on session ed6a077940f176d7: DATA = 530 Message rejected debug: filter: tx data (1534) for req ed6a077940f176d7 debug: filter: tx done for req ed6a077940f176d7 smtp-in: Received disconnect from session ed6a077940f176d7 debug: smtp: 0x109fe30: deleting session: disconnected # cat /etc/mail/smtpd.conf # $OpenBSD: smtpd.conf,v 1.5 2012/10/11 21:16:28 gilles Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # To accept external mail, replace with: listen on all # listen on lo table secrets db:/etc/mail/secrets.db accept for any relay via tls+auth://elys...@smtp.barrera.io:587 auth secrets verify # Ideas? -- Hugo Osvaldo Barrera A: No, it doesn't make sense. Q: Should I include quotations *after* my reply?
Re: Compile errors compiling opensmtpd-latest on the most recent openbsd -current
woo thanks \o/ On Mon, May 12, 2014 at 8:08 AM, Gilles Chehade gil...@poolp.org wrote: took a while longer but here they are ;-) On Thu, May 08, 2014 at 07:31:49PM +0200, Gilles Chehade wrote: ok, new snapshot will be generated tomorrow, not today Gilles On Thu, May 08, 2014 at 06:16:48AM -0700, Barbier, Jason wrote: So I have the most recent snap installed to my machine and when I try to compile latest I get /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function 'dns_imsg': /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:219: warning: assignment from incompatible pointer type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:246: warning: assignment from incompatible pointer type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:269: warning: assignment from incompatible pointer type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function 'dns_dispatch_host': /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:297: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:306: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:307: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:309: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:310: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function 'dns_dispatch_ptr': /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:330: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:331: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function 'dns_dispatch_mx': /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:352: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:354: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:360: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:378: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function 'dns_dispatch_mx_preference': /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:396: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:397: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:399: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:400: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error: dereferencing pointer to incomplete type /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:423: error: dereferencing pointer to incomplete type *** Error 1 in smtpd (sys.mk:87 'dns.o') *** Error 1 in /home/kusuriya/opensmtpd-201405071639 (bsd.subdir.mk :48 'all') any ideas? -- Jason Barbier | jab...@serversave.us -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Gilles Chehade https://www.poolp.org @poolpOrg -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: What's the idea behind not enough disk space temporarily rejecting messages
Well the idea is much like what the RFC says to do, if your server is resource constrained you send a temp fail and let the other side keep trying until the receiving end is good or you hit the TTL on the sending side. In practice this is a good idea since in you fill the queue disk you will have problems deleting files from it at best, at worst you now locked yourself out. There maybe cases where this behavior may feel undesirable but that means your script or app needs to learn to be more resilient not that your MTA needs to clobber the system. But also every MTA does this also and you will be hard pressed to find one that doesn't. On May 10, 2014 2:43 AM, Julius opensm...@liftm.de wrote: Hello opensmtpd-misc! If there is less than 5% of disk space left, OpenSMTP rejects messages. That is a compile-time/in-source constant. The restriction is simple to remove from smtpd/queue_fs.c but I want to know what the big idea behind this is. Mail is very precious, even the output from cronjobs, which will be directly lost in such a situation. More Info: I'm running opensmtpd on my NAS where the var-partition is close to full. All mail is relayed, so I find the restriction especially annoying. Also, at 5%, I still have 200GB of space left. I could store 100 000 000 of the average mail that machine handles. Mai 10 11:15:58 micpi1 smtpd[559]: smtp-in: New session 5fc97cda452fbcee from host 0@localhost [local] Mai 10 11:15:59 micpi1 smtpd[551]: warn: not enough disk space: 4% left Mai 10 11:15:59 micpi1 smtpd[551]: warn: temporarily rejecting messages Mai 10 11:15:59 micpi1 smtpd[559]: smtp-in: Failed command on session 5fc97cda452fbcee: MAIL FROM:b Mai 10 11:15:59 micpi1 smtpd[559]: smtp-in: Closing session 5fc97cda452fbcee Julius -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Should we use DKIM and SPF?
In theroy that idea isnt even that great, and in practice a hygene server is a better place to do the most course obvious spam. There is stuff that is very obviously not wanted such as items coming from rouge servers that we can prove thanks to SPF or Sender-ID being setup correctly. There is no reason that a server that can verify that another server has no right to send should pass on a potentially risky email to the user, it is actually very irresponsible to do so especially since you are going to treat a user that may have no clue about email headers as an idiot because they clicked on a message that if you had a script take two milliseconds to look at could have told you it was spam. Not everyone is a computer scientist, and stuff that is obvious should be dealt with long before your users have to deal with it manually. On Wed, Apr 30, 2014 at 6:59 PM, Martin Braun yellowgoldm...@gmail.comwrote: IMHO spam should be dealt with only on the client, not on the server. It is not the task of the server to determine what is spam and what is not. I know everyone does it, I used to do it too, but it is wrong. 2014-04-26 16:26 GMT+02:00 Stéphane Guedon steph...@22decembre.eu: Le samedi 26 avril 2014 07:20:19, vous avez écrit : Hi John, At 06:04 26-04-2014, John Cox wrote: Unfortunately the whole point of SPF (unlike Sender-ID which works much better and on much the same principles) is that you can reject the message before receiving it so you wouldn't have the DKIM stuff (which I think requires you to have the entire message?). SPF allows processing using envelope information. DKIM processing can only occur after the entire message has been received. Regards, -sm I am myself in need for a good antispam solution with opensmtpd. if dkim (which I don't use yet) and spf are not really working, what's the good way (I am already using spamd, not enough !) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Should we use DKIM and SPF?
forgot the list sorry, you can very easily tell what should or should not be flagged for review with the most granular rules, anything with virus attachments should NEVER get to the user, period, ever. Id rather have 100 false positives for viruses than my network get turned into a zombie because I threw my users to the wolves. Also as best practices state, you never discard messages because you flagged them as spam unless you have a valid high confidence threat on them such as a well known virus, you flag them and let the user determine what to do with said flagged mail, but virus spam should always be dealt with much sooner than on the users machine. If a payload has reached the user you are already too late to deal with it. On Wed, Apr 30, 2014 at 9:04 PM, Barbier, Jason jab...@serversave.uswrote: you can very easily tell what should or should not be flagged for review with the most granular rules, anything with virus attachments should NEVER get to the user, period, ever. Id rather have 100 false positives for viruses than my network get turned into a zombie because I threw my users to the wolves. Also as best practices state, you never discard messages because you flagged them as spam unless you have a valid high confidence threat on them such as a well known virus, you flag them and let the user determine what to do with said flagged mail, but virus spam should always be dealt with much sooner than on the users machine. If a payload has reached the user you are already too late to deal with it. -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Should we use DKIM and SPF?
there isnt a single one, but you have to do it somthing similar to what gilles did for dkim dkim. so you chose somthing like in my case I use amavisd since I never got spampd to work reliably listening on port 2000 listen on lo port 2001 tag clean accept tagged clean for deliver to mbox accept for domain contoso.tld relay via smtp://127.0.0.1:2000 Im doing that part from memory but that is the essence of it, the first run of the message it kicks out to amavisd, which runs it through spamassassin then back into smtpd which tags it as clean which gets picked up by the rule that takes tagged messages and delivers them. On Sat, Apr 26, 2014 at 9:10 AM, Stéphane Guedon steph...@22decembre.euwrote: Le samedi 26 avril 2014 07:51:42, vous avez écrit : you want to use SPF at the very least, but then back it with spampd or amavisd and run it though spamassassin that is pretty much a standard stack right there, I tried to set it up yesterday. Complete failed ! I would really like to have spamassassin cause it has a lot of features that may be useful : check FROM address in an address book check gpg sig obviously, I looked if spamd can look in a mail adress list. It can't ! Do you know some doc explaining how I can integrate spamassassin in opensmtpd ? On Sat, Apr 26, 2014 at 7:26 AM, Stéphane Guedon steph...@22decembre.euwrote: Le samedi 26 avril 2014 07:20:19, vous avez écrit : Hi John, At 06:04 26-04-2014, John Cox wrote: Unfortunately the whole point of SPF (unlike Sender-ID which works much better and on much the same principles) is that you can reject the message before receiving it so you wouldn't have the DKIM stuff (which I think requires you to have the entire message?). SPF allows processing using envelope information. DKIM processing can only occur after the entire message has been received. Regards, -sm I am myself in need for a good antispam solution with opensmtpd. if dkim (which I don't use yet) and spf are not really working, what's the good way (I am already using spamd, not enough !) -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: Should we use DKIM and SPF?
On Thu, Apr 24, 2014 at 11:13 AM, Ashish SHUKLA ashish...@lostca.se wrote: On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun yellowgoldm...@gmail.com said: Hi I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I have previously run with those, but I am in doubt. I am thinking about the worth of those technologies? I used to think SPF was a good idea, but SPF fails if someone forwards email to another server. Then the forwarding server is not listed in the SPF entry and the destination mail server will reject the email. SRS[1][2]. References: [1] http://www.openspf.org/SRS [2] http://www.libsrs2.org/ SPF itself is a decent idea this was just bound to happen since it makes the assumption that all valid mail from a domain only comes from servers that the domain knows about which may not necessarily be the case (see mailing lists) but this is one of the reasons to use both DKIM and SPF. generally if one passes it scores high enough to cancel out that the other failed. DKIM is supposed to prove that messages are authentic, not SPF. SPF is setup to prove that a sending server has the right to send on behalf of a domain. They really are meant to work hand in hand and solve different problems. So if you were using DKIM and SPF SRS would not be an issue since the DKIM info in the header proves the message came from a valid source. -- Jason Barbier | jab...@serversave.us Pro Patria Vigilans
Re: wanna help with filters ?
ALL RIGHT now time to wesel out of work! On Mon, Apr 14, 2014 at 7:20 AM, Gilles Chehade gil...@poolp.org wrote: Ohai, In June, we will be having a private hackathon with Charles and Eric, to work on the filter API and infrastructure. This will happen at my place, it's kind of unofficial and it's unrelated to OpenBSD's hackathons. Why do you care ? If you want filters support in OpenSMTPD, well ... this is a great opportunity for you to actually help us ! During this hackathon, we intend to make the API usable by the public so we kind of need the public to make sure we're doing it right ;-) How do you help ? From JUN-16 to JUN-22, you can join us on #OpenSMTPD @ irc.freenode.net mark these dates If you know C, Perl, Python or Lua, you can write filters with us, then we can spot functions that we need to add to the API to make your lives simpler and we can spot bugs in our API that make your filters explode. If you have questions with the API, we'll help. Don't know how to code ? You can help us in other ways, by testing filters written by those that can code, by testing snapshots we publish and make sure that they don't break when run without filters, etc ... What's in for you ? Filters obviously ... ... and _maybe_ some goodies for some of you ! Let us know by replying to this mail if you intend to participate, so we have an idea how many people would be joining us ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier Pro Patria Vigilans
Re: two accept rules for one domain
That is possible as long as the mail never matches the first rule. OpenSMTPD is setup as a first match rule set so if you get a message that matches rule one and you really want it to match rule 2 that wont work. but with what you are describing that would work. On Wed, Dec 11, 2013 at 6:31 AM, Maurice Janssen maur...@z74.net wrote: Hi, I was wondering if something like this is possible: +-- |listen on all | |table aliases db:/etc/mail/aliases.db |table vmap file:/etc/mail/virtual-users | |accept from any for domain domain.tld alias aliases deliver to maildir |accept from any for domain domain.tld virtual vmap deliver to maildir |accept from any for domain other_domain.tld virtual vmap deliver to maildir |accept for local alias aliases deliver to maildir |accept for any relay +-- So two accept rules for one domain. The idea behind this is as follows: The alias table contains the more or less default aliases for root, postmaster, etc. The vmap table contains aliases for the regular user account, such as m.janssen maurice I prefer to keep these separate, because I'd like to use the same virtual users for some other virtual domains as well. Is this possible? Thanks, Maurice -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Jason Barbier Pro Patria Vigilans
