Google domain ownership tokens for an mx. domain
To: misc@opensmtpd.org From: Chris Bennett Subject: Google domain ownership tokens for an mx. domain Date: Sun, 12 Dec 2021 12:24:12 -0800 Hi, I use these for my website domains, but it just occurred to me that I could also get those for my mail only domains. I will, now that I thought of it, but I was wondering. Does this make any difference to my domains (A records) avoiding getting sent messages SPAM blocked, especially by the BIG GUYS? -- Thanks, Chris Bennett
Re: Pluses in addresses do not work as expected
On Sun, Jan 31, 2021 at 08:39:18PM -0600, Edgar Pettijohn wrote: > > action "outbound" relay host smtp+tls://b...@smtp.example.com auth secrts > > ^^^ > > Along with your other 100 users. You would then need to have match rules to > correspond to > their action rules. I don't really see much need since you could just > configure > their mua's to do this. > I think the majority of people use this so that their system > mail reaches them. Such as the output from /etc/daily and the like. OK, that makes a lot of sense using it for system mail or with just one or two users. Thanks Chris > > Edgar >
Re: Pluses in addresses do not work as expected
On Sun, Jan 31, 2021 at 03:51:01PM +0100, Pascal Huisman wrote: > Which got me out of the mess. See man smtpd.conf > It now switches to the user before delivering. So it's not vmail as > directory owner, but the username who is directory owner. In the trace > you can see the switch in user in the trace. > > My virtual user config: > pascal:someencryptedpasswdhash:pascal:1000:1000:/home/pascal::userdb_ma > il=maildir:/home/pascal/Maildir > The example in smtpd.conf shows: action "outbound" relay host smtp+tls://b...@smtp.example.com auth secrts ^^^ Having bob here completely confuses me. I'm not using this method, but I have to ask the question: What happens if you have two users, bob and jane? Or a hundred users? It seems to me that there needs to be a table or something in smtpd.conf. Could someone explain this example to me, please. I'd really like to remove my dunce cap on this one. Thanks, Chris Bennett
Re: your mail
On Tue, Nov 17, 2020 at 05:29:36PM +0100, Matthieu C wrote: > Hi, > > I am new to mail servers, and I ran into a nice tutorial from a French NGO. > However, I'd like to tweak a bit my configuration, and I cannot find a > proper way to achieve my goal: I want to discard mails whose recipient is > the address my_system_u...@my-domain.net (and r...@my-domain.net and so > on), while accepting mails to be routed to my_system_user, through a list > of aliases or virtual users. In fact, I want all the mails to go through > this system user, and to be read by a unique dovecot account (hence, I'd > say the simplest way to do is to have an unique Maildir?). You don't have to use virtual users, but if you want separate Maildir's, then virtual users through dovecot works nice. I use usernames as chris@bennettconstruction instead of just chris. But this is mostly a matter of preference. I have multiple domains, so that is pretty necessary for me to avoid confusion. Dovecot explains this moderately well and has a mailing list that's active. > > I created a thread on Stack Overflow for that matter: > https://stackoverflow.com/questions/64715521/prevent-mailing-to-my-username-in-opensmtp-config > ; its content is below: > > > I just set up my own mail server at home with OpenSMTP and Dovecot (I used > > this > > tutorial > > <https://framacloud.org/fr/auto-hebergement/installation.html#courrier-%C3%A9lectronique> > > from Framasoft). I don't like the idea that people can mail to > > *my_system_u...@my-domain.net > > * or *r...@my-domain.net > > * (or any other system user), although I'll use this > > only *my_system_user* account to receive my mails. > > > > That's why I added root: /dev/null and my_system_u...@my-domain.net: > > /dev/null to my /home/my_system_user/.myaliases file (+ makemap -t > > aliases ~/.myaliases). But I still receive the mails for > > *my_system_u...@my-domain.net > > *. Maybe I shouldn't go through the hassle > > of preventing this? Probably not easily, but my-domain.net is the server's domain. That's tacked on by default. Someone probably has a fix for this. > > > > table aliases file:/etc/aliases > > table own_aliases file:/home/my_system_user/.myaliases > > > > pki mail.my-domain.net key > > "/etc/letsencrypt/live/mail.my-domain.net/privkey.pem" > > pki mail.my-domain.net certificate > > "/etc/letsencrypt/live/mail.my-domain.net/cert.pem" > > > > # Deliver > > listen on lo > > listen on lo port 10029 tag DKIM > > listen on lo port 10036 tag ANTISPAM > > listen on eth0 port 25 hostname mail.my-domain.net tls pki > > mail.my-domain.net > > listen on eth0 port 587 hostname mail.my-domain.net tls-require pki > > mail.my-domain.net auth > > > > accept tagged ANTISPAM for any alias deliver to maildir > > "~/Maildir" > > accept from local for local alias deliver to maildir "~/Maildir" > > #accept from any for domain "my-domain.net" alias deliver to > > maildir "~/Maildir" > > > > # antispam > > accept from any for domain "my-domain.net" relay via smtp://127.0.0.1:10035 > > > > # Relay > > # dkim tagged can be sent > > accept tagged DKIM for any relay hostname mail.my-domain.net > > # if not dkim tagged, send it to dkimproxy > > accept from local for any relay via smtp://127.0.0.1:10028 hostname > > mail.my-domain.net > > > > In my search, I found out that virtual users could be a solution (source) > > <http://z5t1.com:8080/cucumber/cucumber-1.1/source/net-extra/opensmtpd/doc/example1.html#stats>, > > but it seems overkill to me (setting up a new *vmail* user, new password > > table, new services...): I have only one repicient account with multiple > > (~10) aliases. I use neomutt. It's a bit confusing, but it's very easy to setup account and folder hooks to let you put all 10 aliases into one .neomuttrc I have 5 in one .neomuttrc. Other email clients should be able to do the same. neomutt-users mailing list is also active and helpful. I thought using vmail was weird myself at first, but it works like a charm. I use /home/vmail, others /var/vmail. It doesn't really matter where as long as you set HOME for it right. I actually decided to use postgresql with dovecot for passwords and users, etc. BSD auth is scheduled to be removed at some point in the future, so consider not using it for dovecot or you *might* have to change it later. Good luck, Chris Bennett > Any help is appreciated! > Best regards, > > choumat
Confused about results of changing hostname of server on delivery works or rejected
Hi! I've made changes to work off of virtual users with IMAP to dovecot. All of that works great. But I haven't been able to get auth to work yet, so I'm just sending through smtpd from the server that contains the mail or mx domains and also some of the regular domains also. Delivery is sorta working. I have been able to get delivery to work properly now only by changing to a mail. hostname and the same in /etc/myname. The server's primary IP is a non mail IP, the rest are IP aliases. However, something strange is happening that I don't understand. My subscription to neomutt-users wasn't working all of a sudden. After changing the email and contacting the list owner, he was able to approve the current situation and sending and receiving from the list worked. Then I changed the hostname to a different mail. and delivery was once again blocked by policy of the mailing list. (I'll also mention that using the shithole table totally failed until I moved the match for it way up to where it is now, so I think I'm really having problems also with ordering match rules.) What is happening here? How can I see what is going on? I can send anything else helpful, just ask. Thanks for any help. Chris Bennett The main IP address here is: 172.107.198.226 cowboyup.xyz 172.107.198.227 no-seas-necio.ninja 172.107.198.228 consulting-diy-construction.com 172.107.198.229 mail.consulting-diy-construction.com 172.107.198.230 mx.no-seas-necio.ninja 172.107.198.231 mail.freedomforlife.rocks 172.107.198.232 mail.bennettconstruction.us 172.107.198.233 bennettconstruction.us 172.107.198.234 capuchado.com 172.107.198.235 strengthcouragewisdom.rocks /etc/hosts 127.0.0.1 localhost ::1 localhost 172.107.198.226 cowboyup.xyz cowboyup 172.107.198.227 no-seas-necio.ninja no-seas-necio 172.107.198.228 consulting-diy-construction.com 172.107.198.229 mail.consulting-diy-construction.com 172.107.198.230 mx.no-seas-necio.ninja 172.107.198.231 mail.freedomforlife.rocks 172.107.198.232 mail.bennettconstruction.us 172.107.198.233 bennettconstruction.us 172.107.198.234 capuchado.com 172.107.198.235 strengthcouragewisdom.rocks /etc/mail/smtpd.conf # $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # TABLES ## table aliases file:/etc/mail/aliases table vdomains file:/etc/mail/vdomains table vusers file:/etc/mail/vusers table passwd file:/etc/mail/passwd table vaddr file:/etc/mail/vaddr table addrnames file:/etc/mail/addrnames table shithole { "@your.riteaid.com", "@abacusnext.com", "@immo-eden.com", "@cofferman.net", \ "@cmitsolutions.com", "@mail-seruices.cf", "@advantrack.com", "@e.officedepot.com", \ "@bts-tx.com", "@protectivesupplyplus.com", "@cointelegraph.com", "@jets.com", \ "@digitalluxuryagency.com", "@abbeywealth-news.com", "@findrussianbuyers.ru", \ "@summitshirts.net", "@bookkeepingandfinancials.com", "@phsmobilesolutions.com", \ "@inquiry.haizol.com", "@info.geappliances.com", "@planhub.com", "@refundguide.io" } ## PKI pki mail.consulting-diy-construction.com cert "/etc/ssl/mail.consulting-diy-construction.com.fullchain.pem" pki mail.consulting-diy-construction.com key "/etc/ssl/private/mail.consulting-diy-construction.com.key" pki mx.no-seas-necio.ninja cert "/etc/ssl/mx.no-seas-necio.ninja.fullchain.pem" pki mx.no-seas-necio.ninja key "/etc/ssl/private/mx.no-seas-necio.ninja.key" pki mail.freedomforlife.rocks cert "/etc/ssl/mail.freedomforlife.rocks.fullchain.pem" pki mail.freedomforlife.rocks key "/etc/ssl/private/mail.freedomforlife.rocks.key" pki mail.bennettconstruction.us cert "/etc/ssl/mail.bennettconstruction.us.crt" pki mail.bennettconstruction.us key "/etc/ssl/private/mail.bennettconstruction.us.key" # FILTERS AND FILTER CHAINS ### filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \ disconnect "550 no residential connections" filter check_rdns phase connect match !rdns \ disconnect "550 no rDNS is so 80s" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 no FCrDNS is so 80s" filter senderscore \ proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000" filter c01 chain { che
Re: Single PR or many smaller PRs?
On Thu, Oct 15, 2020 at 01:14:00PM -0400, Demi M. Obenour wrote: > On 10/15/20 12:05 PM, Joerg Jung wrote: > > As mentioned by Gilles earlier, please send them as unified diffs > > to t...@openbsd.org <mailto:t...@openbsd.org> if you want to have them > > reviewed. > > My branch is based on the portable branch. Do I need to rebase off > of the OpenBSD repository first? > > Demi Your diff's must come off of src for OpenBSD -current and you must also be running the latest and constantly moving -current. See the FAQ on https://www.openbsd.org Git is not relevant for this work. Thanks for your work. Chris Bennett
Re: Unable to remove mail from queue
On Sun, May 31, 2020 at 05:24:18PM +0200, Mischa Peters wrote: > Hi All, > > I just noticed something strange on one of my mailservers running OpenSMTPd > 6.7.0p1 (OpenBSD 6.7). > The mailserver was trying to deliver a spam mailbounce to fedex, it kept > failing so I removed it from the queue. > The logs kept showing it was being delivered, eventhough nothing was showing > in the queue. > After a restart of smtpd the message did show up in the queue again. > > root@smtp1:~ # smtpctl show queue > cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937323|0|inflight|99| > > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove > cd9b0933db878954 > 1 envelope removed > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove > cd9b0933db878954 > 0 envelope removed > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la > total 52 > drwx-- 2 _smtpq wheel512 May 28 16:26 . > drwx-- 3 _smtpq wheel512 May 30 20:49 .. > -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 > -rw--- 1 _smtpq wheel 19296 May 28 16:26 message > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # rcctl restart smtpd > smtpd(ok) > smtpd(ok) > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue > cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937456|0|inflight|1| > root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la > total 52 > drwx-- 2 _smtpq wheel512 May 28 16:26 . > drwx-- 3 _smtpq wheel512 May 30 20:49 .. > -rw--- 1 _smtpq wheel316 May 28 16:26 cd9b0933db878954 > -rw--- 1 _smtpq wheel 19296 May 28 16:26 message > > I assume this is not the expected result. :) > What else can I collect to pinpoint what is going on, before I rm the files? > > Mischa > > I also had this same problem. I rm'd the files. However, what is the right solution? (I was in a big rush and had to quickly solve the problem.) Chris Bennett
New Server, looking for some general advice
Hi, I just added a new /27 server. So I haven't started anything except local for right now. It's using amd64 -current. I'm using A records for domain and mail.domain. No problem there. It has one mail. address assigned right now. Different than domain IP. What I want to achieve: 1. Use Maildir 2. Use dkimproxy. I will add more domains after getting one setup right. 3. Retrieve mail both locally and remotely. I am using neomutt over SSH right now, but I'm just not getting the conf file exactly right. Perhaps using IMAP address instead of the local directories would work better? Right now it recognizes mailboxes only partially correctly. This question might be better to ask on neomutt mailing list? I'm guessing that dovecot will be best for remotely and locally. I previously used it for mbox quite a while ago over POP3. 4. Use both local and virtual users. So I would like to prepare for the virtual users part at the start if possible. One step at a time is fine. As far as DKIM, should I add the signature to the domain or mail.domain? I have already successfully added to mail.domain elsewhere, but is that right? dkimproxy man pages suggest just domain part 5. Should I use lmtp? 6. Should I start with files first and move over to postgresql or straight to postgresql? I have infinite (almost :-}) patience on this server since not a single important email will be going to it anytime soon. I haven't setup spamd yet and I'm unsure that I want to. It seems to cause me more grief than help. I'm using the opensmtpd filters elsewhere and they are fantastic! I also don't have a problem reading code for answers as best as I can. I also have some filter code from others I need to look at (Thanks Edgar!) I'm off to read the latest man pages. Thanks so much for having such excellent software freeing me from the sendmail nightmare! Tons of work and I love it. Thanks, Chris Bennett
Re: OpenSMTPD::Password perl module now supports openbsd
Thanks, I'll give them a try and if nothing else, learn more about writing filters. Perl is my language of choice. Much Apppreciated, Chris Bennett
Re: unable to send mail from desktop mail client to remote email addresses
On Thu, Oct 03, 2019 at 09:31:08AM +0200, Peter N. M. Hansteen wrote: > > Also, > > [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app > Host example.app not found: 3(NXDOMAIN) > [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app > Host mx.example.app not found: 3(NXDOMAIN) > I was randomly getting this error myself, I think there was or is some other, non-related prpblem causing this error. I'm also having some problems myself, but I'm camping right now. I'll post something when I'm not typing from a phone. Chris Bennett
Re: need help
./spf no-seas-necio.ninja 162.255.139.10: pass ./spf no-seas-necio.ninja 162.255.139.11: soft-fail Which matches my spf entry. v=spf1 mx ~all. Is that the correct response? Chris Bennett
Re: Virtual users with Dovecot/Neomutt/OpenSMTPD
So, hazarding a guess, OpenSMTPD handles outgoing mail. It then hands off incoming mail directly to dovecot? Then I just need to get .neomuttrc correct to pull from dovecot. Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Virtual users with Dovecot/Neomutt/OpenSMTPD
Hi, I'm pretty confused on what I need to do to make all of this work. I want to use IMAP. So far, my attempts to use Maildir with just OpenSMTPD and neomutt haven't worked correctly (no dovecot yet). This is just using regular users and their home folders with Maildir. Mail gets delivered and sent correctly, but the mailboxes aren't working right. Dovecot says to use virtual users and Maildir like this: Ways to set up home directory The directory layouts for home and mail directories could look like one of these (in the preferred order): Mail directory under home, for example: home=/var/vmail/domain/user/ mail=/var/vmail/domain/user/mail/ Completely distinct home and mail directories: home=/home/virtual/domain/user/ mail=/var/vmail/domain/user/ Home directory under mail, for example: Maildir: home=/var/vmail/domain/user/home/ mail=/var/vmail/domain/user/ mbox: There's really no good and safe way to do it. The home directory is the same as the mail directory. If for example: home=/var/vmail/domain/user/ mail=/var/vmail/domain/user/mail/, set: mail_home = /var/vmail/%d/%n mail_location = maildir:~/mail OK. I've got regular users each getting mail from many sources under aliases, i.e. from root, webmaster, etc. to one user. I don't really have any experience with IMAP. So will a single user be using the IMAP requests to get each one of the sources that right now are in aliases? I am having trouble seeing how to pull all three of these pieces of software together. I am getting all my mail over SSH right now, but I would prefer to be able to get it with neomutt directly to my laptop. I've also seen many references to getting certificates from Let's Encrypt for mail for both Dovecot and OpenSMTPD using the same one. How do I do that? I'm just not sure what documentation I should be using to guide the process along. I've got a server setup without any critical email, so I'm not in a rush to get things working. Any help apreciated, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Using Maildir and IMAP, I am losing my older threads
I did not receive any of the reply's before this one. Could you send them again for me if there are any. Thanks. I've fixed the problem now. Off-list is probably best. On Tue, May 21, 2019 at 06:53:12AM +0100, Raf Czlonka wrote: > On Mon, May 20, 2019 at 03:30:18PM BST, Chris Bennett wrote: > > I was planning on using IMAP with dovecot (not setup yet), but when > > using Maildir and neomutt, the mail gets moved to cur and I can't access > > it from neomutt. Thus I have been losing access to my mailing list older > > parts of threads I really want to see. > > Hi Chris, > > Not sure if I understand the above correctly but you do *not* access > 'cur' - you access the directory where 'cur' resides in. As long > as the MUA supports MAildir properly, you should see your emails. > Should getting Dovecot setup fix this problem? Maybe? > > Am I setting up neomutt incorrectly? > > Impossible to tell without seeing the config file. That is a temporary problem. I had to upgrade that server and everything went completely fine (6.3 -> 6.4) until the final reboot, and then it failed to finish rebooting. That company uses a newer version of Java than I have under 6.4 at home. I'm hoping that 6.5 fixes that problem. If not, any advice for that problem? I should have access to Windows in a library Thursday since we are going camping Wednesday. I don't know how to use Linux. All of those config files are on that server. Otherwise I'll ask support to help me work that out. > > > Do I need to use a script to move the thread entries back to new? > > Unless I'm missing something, you shouldn't need to. > > > I have searched about this, but it seems that few people want to move in > > this direction, but it can be done with a script. > > I'm thinking I have messed up something in configuration. > > Apparently mutt/neomutt can be set to access cur too. > > > > Any help appreciated, > > Chris Bennett > > My guess is that you are simply not looking in the right place. I've had a consistent problem with getting almost most of my problems when searching under DuckDuckGo or Google or marc.info. Most likely I'm just not thinking of the right searches. Thanks, Chris Bennett > > Regards, > > Raf > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How to setup a "clean MTA" in 2019?
On Wed, Apr 03, 2019 at 11:36:22AM +0200, Gilles Chehade wrote: > My very own minimal would be: > - have a dedicated IP address for mail with correct rDNS and fc-rDNS Right now I am using the same IP as the websites I have for each. Should I use a different IP just for email? This is not a problem to do. > - setup the mta to support TLS (if needed, not the case on OpenSMTPD) Got this > - setup the mta to use a EHLO name matching DNS for the IP I continually get that the two do not match using the various email testers. Yet the domain names do indeed match. I don't know what to make of this. I have no problems sending or receiving email at all. Godaddy is where I have my domains registered, but they specifically say that they do not support DNS for sites not hosted on their servers. That has led me down the path of learning to be my own hostmaster. I have finally found a page that explains the strange setup I need to request for only a small range of IP addresses. Hurrah! But I'm not quite ready to venture out into that myself. But learning this has been fun so far. Do you think that being hostmaster will solve that problem? > - setup SPF Good here > - setup DKIM Not yet, given above problems > > That would be my very very very very minimum requirements. > Thanks, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How can I integrate opensmtpd with opendkim?
On Wed, Jan 30, 2019 at 05:45:35PM +0300, Sergey Seacher wrote: > Hello, All! > > How can I integrate opensmtpd with opendkim? > There is also dkimproxy and a Perl module p5-Mail-DKIM. Which one do you recommend, you hinted that there will be changes from 6.4 to 6.5 for dkimproxy setup when it comes out, if I understood correctly. I've got things working for 6.4 right now, but I will post a couple of questions about using auth and some other stuff I expect/want to use shortly. Thanks, I'm really thrilled to have this massive improvement over sendmail!! All of your time doing this work has been so helpful, I really hated sendmail with that huge book I had for it. Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
6.3 not coming from proper domains
Oops, I forgot to su -l first. Send back to ch...@bennettconstruction.us To: misc@opensmtpd.org Subject: 6.3 not coming from proper domains I am also working on 6.4 syntax to be used shortly, but after doing testing. Right now, with 6.3amd64-stable, I am not getting any emails sent from any domains except bennettconstruction.us. 6.3 files soon to be gone, but this is the set of files I have in production. I can also send my 6.4 files, which may be much better, but I want to fix this now, vs later. I appreciate any help. I think I included everything. mail-to address is designed to fail in order to get good log messages. Thanks, Chris Bennett gory ~ # dig -tANY bennettconstruction.us ; <<>> DiG 9.4.2-P2 <<>> -tANY bennettconstruction.us ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42993 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bennettconstruction.us.IN ANY ;; ANSWER SECTION: bennettconstruction.us. 833 IN A 104.217.196.250 bennettconstruction.us. 833 IN NS ns65.domaincontrol.com. bennettconstruction.us. 833 IN NS ns66.domaincontrol.com. ;; Query time: 459 msec ;; SERVER: 192.168.43.1#53(192.168.43.1) ;; WHEN: Wed Dec 26 19:47:25 2018 ;; MSG SIZE rcvd: 111 gory ~ # dig -tANY capuchado.com ; <<>> DiG 9.4.2-P2 <<>> -tANY capuchado.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24176 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;capuchado.com. IN ANY ;; ANSWER SECTION: capuchado.com. 3600IN TXT "v=spf1 a mx:capuchado.com ip4:104.217.196.251 ~all" capuchado.com. 3600IN MX 10 capuchado.com. capuchado.com. 600 IN SOA ns65.domaincontrol.com. dns.jomax.net. 2018121317 28800 7200 604800 600 capuchado.com. 3600IN A 104.217.196.251 capuchado.com. 3600IN NS ns66.domaincontrol.com. capuchado.com. 3600IN NS ns65.domaincontrol.com. ;; Query time: 847 msec ;; SERVER: 192.168.43.1#53(192.168.43.1) ;; WHEN: Wed Dec 26 19:47:58 2018 ;; MSG SIZE rcvd: 227 gory ~ # dig -tANY line-printer-daemon.net ; <<>> DiG 9.4.2-P2 <<>> -tANY line-printer-daemon.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40266 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;line-printer-daemon.net. IN ANY ;; ANSWER SECTION: line-printer-daemon.net. 3600 IN TXT "v=spf1 a mx:line-printer-daemon.net ip4:104.217.196.252 ~all" line-printer-daemon.net. 3600 IN MX 10 line-printer-daemon.net. line-printer-daemon.net. 600IN SOA ns63.domaincontrol.com. dns.jomax.net. 2018122000 28800 7200 604800 600 line-printer-daemon.net. 3600 IN A 104.217.196.252 line-printer-daemon.net. 3600 IN NS ns64.domaincontrol.com. line-printer-daemon.net. 3600 IN NS ns63.domaincontrol.com. ;; Query time: 710 msec ;; SERVER: 192.168.43.1#53(192.168.43.1) ;; WHEN: Wed Dec 26 19:48:54 2018 ;; MSG SIZE rcvd: 247 maillog: Dec 26 19:27:36 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve MX for [relay:openspf.net]: No MX found for domain Dec 26 19:27:36 bennettconstruction smtpd[37757]: mta event=delivery evpid=5a4d097a06f98d40 from= to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s result="TempFail" stat="No MX found for domain" Dec 26 19:32:13 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve MX for [relay:openspf.net]: No MX found for domain Dec 26 19:32:13 bennettconstruction smtpd[37757]: mta event=delivery evpid=6d1d125a0d253a0b from= to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s result="TempFail" stat="No MX found for domain" Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp event=connected address=local host=bennettconstruction.us Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp event=message address=local host=bennettconstruction.us msgid=5a4d097a from= to= size=509 ndest=1 proto=ESMTP Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp event=closed address=local host=bennettconstruction.us reason=quit Dec 26 19:20:56 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve MX for [relay:openspf.net]: No MX found for domain Dec 26 19:20:56 bennettconstruction smtpd[37757]: mta event=delivery evpid=5a4d097a06f98d40 from= to= rcpt=<-> source=&q
Re: Vultr has all blacklisted IP's for email
On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote: > Poke vultr about it , if its not good, just switch provider ( openbsd > amsterdam?)) > They say it's my fault and that they have spent a tremendous amount of time trying to get me off of the blacklist. (exaggeration included on purpose). As you can see below, I guess it is all my fault. I'm just going to put the DNS records back to where they were before. What's the website for OpenBSD Amsterdam? Looks like I may just have to move my server from the USA to the not USA. Why is such a simple thing as a server so hard to get??? Fun Fun Fun entered below: --- Information about 108.61.242.230 Below is the information we have on record about 108.61.242.230 Standards Compliance Does IP Address resolve to a reverse hostname... Passed! Does IP Address comply with reverse hostname naming convention... Passed! List Status RATS-Dyna - On the list. Worst Offender Alert. RATS-NoPtr - Not on the list. RATS-Spam - Not on the list. RATS-Auth - Not on the list. Alert: Your IP is part of a network listed as a Worst Offender This is a Worst Offender Alert and this means that not only this IP address, but the whole class 'C' is also on the indicated SpamRats List. Usually this means the whole range has the same issue of naming conventions or no reverse DNS AND that many IP's from this Class C have been used in Spam Attacks, Dictionary attacks or other forms of attacks, as detected by Mail Servers in the Data Collection Grid. You will NOT be able to use the removal form to remove your IP Addresses. If you have recently been assigned the IP Addresses, or have changed what these IP Addresses are used for, you can use the contact form and ask for a reclassification, but you will have to provide full disclosure, including whois for the ip addresses, your affiliation with the company that owns them, and a description of what the IP's were previously used for, and what they will be used for, in order for a Spam Auditor to consider reclassification. Remember, the majority of the IP's in this space WERE detected as being involved in some form of attack or abusive behaviour, so you had better have a good reason to ask for removal, and you need to own or control the IP addresses, as evidenced by ARIN whois. - 2nd IP is blacklisted on 7 lists. I'm sure they can quickly fix this too! Chris -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Vultr has all blacklisted IP's for email
On Wed, Dec 19, 2018 at 09:58:54PM +, Charles Collicutt wrote: > On Wed, Dec 19, 2018 at 01:41:40PM -0800, Chris Bennett wrote: > > On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote: > > > I’ve just checked mine and it’s 100% non-blacklisted, according to > > > mxtoolbox. > > > And, so far, I don’t have any issues sending/receiving mail. > > > > I really must have workable email and baremetal > > Maybe it is a baremetal versus VPS thing? Like others here, I have been > running a mail server on Vultr VPS for years without problems. > I was wondering the same thing. Baremetal for them is new and maybe they haven't worked out the bugs and procedures for that yet? If that's the case, any suggestions on a good way to word the conversation? I tend to come across as a bit rude by accident. Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Vultr has all blacklisted IP's for email
On Wed, Dec 19, 2018 at 04:46:17PM -0500, Implausibility wrote: > Vultr specifically blocks mail-specific ports in an attempt to keep their > network free of spam. You can ask them to enable eMail ports on your VMs, > Yes, I spoke to them about the problem before grabbing an additional IP address. They said they would try to get the original IP un-blacklisted. That did not happen, unfortunately. They now also offer one model of bare metal, which is not a VM. I specifically need a single dedicated server for what I am doing. The work I'm doing is all situated inside of the USA, so something locally oriented is a better choice for me. My email ports are open, as I can send mail back and forth with my other server. Thanks, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Vultr has all blacklisted IP's for email
On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote: > I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox. > And, so far, I don’t have any issues sending/receiving mail. > I really must have workable email and baremetal Right now the second IP I requested is 45.76.27.230 This is much worse than the first one I also have which is 108.61.242.230 I am using a server in Chicago. Where is yours located? Maybe the location is related? Other than this problem, I am quite happy. If I can solve this, I will move off of my other server, which is stuck on crappy Java KVM. I don't have any problem with another location. Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Vultr has all blacklisted IP's for email
I was very happy with what I got for a baremetal server at Vultr. Unfortunately, even after getting a second IP that was not from the same range as the first one, all of these IP ranges, not single IP's, are blacklisted in the worst category. If you want a web/etc server, great. If you want anything to do with email, forget them. Shame. I need another baremetal that doesn't have Java KVM. Any recommendations? Thanks. Looks like anything related to Cloud may be a problem??? Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: FAQ gone?
On Wed, Dec 12, 2018 at 10:35:21PM +0100, Gilles Chehade wrote: > > The FAQ has been removed from the website twice for the same reason, and > if you work on it but it then goes unmaintained and people start mailing > me that I should fix the FAQ, I'll have to remove it again a third time. > > I'm all for having an FAQ but it must come from people willing to become > maintainers and not release a version of it and leave. Yes, I was very disappointed when the previous FAQ didn't have accurate information. I would much rather see you working on OpenSMTPD itself rather than a FAQ, which is a lot of work just to make, much less maintain. I have found various FAQ's all over the place that just don't have accurate information and throw in anti-spam programs I just don't want to use. Of course, not enough information to understand how to skip one of those unwanted ones. So I have essentially found all of them basically useless, which is sad but true. I'm in a bit of a conundrum. I'm trying to pull together a bunch of things besides just email all at once. I grabbed a baremetal at Vultr in addition to the one I am actually using elsewhere. I'm trying to get everything running as I need it to at Vultr before moving everything onto it officially. Having two baremetals gives me a great way to bounce things back and forth until everything is really truly working correctly. But I have lots of questions about things I have never done before. I'm very puzzled by how to correctly set up DKIM and DMARC. Which programs should I be using and why? I looked at opendkim and the manual pages are so long and convoluted with so many options that it leaves me throwing up my hands in frustration. I know that once I understand all of it, it will probably be completely clear, but not yet. So which program(s) for DKIM to use? Is this something for example that would be reasonable to add as a port like opensmtpd-dkim? I'm perfectly happy to use postgresql with OpenSMTPD and Dovecot. I have yet to find any example SQL tables anywhere for either. This would work great for me to integrate certain customers with in a larger database set up. Maildir, mbox, dovecot's own mailboxes. I seem to find arguments for and against each choice. Right now I can make a choice, but which one? I also have found a probable need to use auth to allow only special users to relay mail. Right now, I have two servers. IP addresses which can get burned if I screw up and two domains that can also get burned since I'm not using them. I'm 100% willing to run through all kinds of different configurations and I have lot's of questions that would probably be great ones for a FAQ. So I volunteer for guinea pig. I'll try it all for the FAQ. BUT, if there is a FAQ, it's going to need to be set up with tests to see when previous advice fails. Otherwise, I just don't see anyone even knowing when and what to fix. "Oh, that didn't work. I'll do this other way instead." isn't going to get anything maintained. I'm happy (and needful) to try all the different ways. I can't commit to writing the FAQ myself. So, if I see this correctly, someone needs to grab two or three servers every six months, run though all the options, see what fails and report back, drop the servers? I'll help, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Tables syntax in new config
Thanks! This was a good thread. And of course I didn't notice man table. I'm getting really important emails right now, but I want to upgrade to 6.4 from 6.3, so I'm being really cautious about making a mess. Server company is using IPMI with Java, so that's been a problem since I can't get OpenBSD's version to work. Which was really hard to get to even work with someone's old windows version when I first installed. Chris Bennett Thanks for the great work! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTP as mx backup
+2 on that! Sorry +1 is just not enough! I have a backup, but that's only IF I know there's a problem. If I have any net access, if I'm not traveling. If . Most of my email is unimportant. But when it is, it's $$ or some emergency. Chris -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Forced to stay at 6.3 but I want 6.4.0
I have a problem with OBSD 6.4 release and so far cannot get the display to work properly. I would like to use the 6.4.0 on 6.3. I haven't look over the source at all yet, I will. Will I have any problems getting this to work on OBSD 6.3? As much as possible, I would like to bring my server closer to OBSD 6.4 but I want my laptop and server working with the same software. Thanks, Chris Bennett PS, I'll explain in my next email why this matters a bit to me. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: moving to 6.4, want to be sure that one domain can't be "traced" back?
I've received some good advice to not pursue this right now. I'm not myself with this medication. So I'm not going to move forward with this. I am just not thinking clearly enough to make decisions about such important things. My apologies. Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
moving to 6.4, want to be sure that one domain can't be "traced" back?
Hi, I am about to manually update 6.3 to 6.4 and update new configurations. I realize that getting the IP address is not concealable. The domain has private registration. It is likely that certain people will assume that I am behind the site, but I would like keep from having any actions taken against the site. My concern is that the site will bring up a very negative viewpoint and also some good suggestions about fixing the problems. The site does not deal with anything illegal or violent or anything like that. It will just make some controversy. I am still making sure I really want to do this site into production. My hip is being replaced December 3rd. I'm taking a lot of Morphine and Oxycodone right now, so I am probably going to ask some stupid RTFM questions out of need. Thank you so much for making OpenSMTPD! I love it. If you need any help testing, let me know. I'd love to help with catching errors or the lack of an error message when something is wrong. Thanks, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
On Sat, Sep 01, 2018 at 05:50:27PM +, Gilles Chehade wrote: > > I'll describe how things work in this mail so it serves as reference for > future questions regarding aliases, virtual and userbase: > > Aliases and virtuals are mutually exclusive features that operate at the > same level, converting an e-mail address into a local user. > > Userbases operate at a lower level, allowing to lookup system details of > a local user such as uid, gid and home directory. > > You don't have to have aliases or virtuals, but you MUST have a userbase > which defaults to the system user database when you don't specify one. > > Aliases and virtuals can be seen as functions that take an e-mail as the > input and produce usernames that _MUST_ exist in the underlying userbase > as the output, otherwise the recipient will be rejected. > > The difference between aliases and virtuals is subtle but simple: > > - aliases assume that all users on the system are allowed to get e-mails > and that the user-part of recipient e-mail addresses are the usernames > on the system. the mechanism allows you to provide an OPTIONAL list of > transformations in case some recipients have user-parts that are not a > system user, and it assumes that if no alias is found, then user-parts > must be looked up as real usernames. > > - virtuals assume that users are NOT allowed to get e-mails, unless they > are EXPLICITELY allowed on a list. either a transform is found and the > recipient is converted into a username, or the recipient is rejected. > > > You can receive e-mail if you're not in the aliases list, if you have an > account on the system with a username matching the user-part. > > You can't receive e-mail if you're not in the virtuals list, EVEN if you > have an account matching the user-part. > > > Now with that being said, converting a recipient into a username doesn't > help us much if that username doesn't exist for real. We need a uid, gid > and a home directory, so no matter if you used aliases, virtuals or none > of them, the username behind a recipient must be found in the user base. > Thanks, this helps a lot Just one more question. You reply sounds like I should choose either aliases or virtual, but not both. Is this correct? What about programs such as femail? Do they work fine with just virtuals? Thanks Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Problem with OpenSMTPD/Amavisd and mails with multiple recipients.
On Mon, Apr 02, 2018 at 05:25:29PM +, Vijay Sankar wrote: > Hi Reio, > > It may be better to continue this discussion on the list. That will allow > people more knowledgeable than I to help you out. > > Re. configuration, I actually use the defaults. Amavisd and OpenSMTPD always > use SMTP in my case. Re. versions, it is just OpenBSD 6.1 -stable. Yes, please put everything up. Now that 6.3 is out I want to know how to get all of this working for my mail. What is wrong is every bit as helpful as what is right. For example, should I continue using mbox or change to maildir. It seems that IMAP may be a better choice. I currently use neomutt and want to turn on Dovecot for using remote email readers, but not sure what steps are best. Thanks, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Help setting up anti-spam using Dovecot and whatever with 6.3
I'd love some help setting up some spam filtering before I turn on spamd. I've seen lots of guides, but I really don't know what configuration would be best. The guides, of course, don't give enough detail that I can follow. I'm fine using dovecot with postgresql, but I don't know how to setup the neccesary tables. I have a very low volume of email, but I'd like to be good should the volume change (which it possibly might). Right now, I've only had the server I'm using up for a short period of time, so I'm fine with any type of changes. If there is any archive with useful info, where would that be? marc.info doesn't have anything recent. Oh yeah, as asked, Hi! This is so much nicer than the sendmail monster! Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org