Re: Flushing SMTPD's queue

[Damian McGuckin]

On Sat, 2 Sep 2017, Daniel Jakots wrote:


'smtpctl schedule all' should suit your need


This normally works.

Nothing budges email today.

The above command does nothing.

Any suggestions??

Thanks - Damian

# mailq
2c1b72365a0463cd|inet4|mta||scan@DOMAIN|USER@DOMAIN|USER@DOMAIN|1508367927|1508713527|1508381212|4|inflight|170|Connection
 closed unexpectedly
b92ce0855a5a19d3|inet4|mta||scan@DOMAIN|USER@DOMAIN|USER@DOMAIN|1508370233|1508715833|1508381212|3|inflight|170|Connection
 closed unexpectedly
e737b975f7929cbb|local|mta|auth|root@fire1.DOMAIN|USER@DOMAIN|USER@DOMAIN|1508380862|1508726462|1508381212|0|inflight|170|
# find . -mtime -1 -type f -ls 
43398284 -rw---1 _smtpq   wheel 384 Oct 19 13:10 ./queue/b9/b92ce085/b92ce0855a5a19d3

4339834 13792 -rw---1 _smtpq   wheel 7038282 Oct 19 10:44 
./queue/b9/b92ce085/message
43398644 -rw---1 _smtpq   wheel 384 Oct 19 12:28 
./queue/2c/2c1b7236/2c1b72365a0463cd
4339825 21088 -rw---1 _smtpq   wheel10765025 Oct 19 10:05 
./queue/2c/2c1b7236/message
43398694 -rw---1 _smtpq   wheel 348 Oct 19 13:41 
./queue/e7/e737b975/e737b975f7929cbb
43398714 -rw---1 _smtpq   wheel 436 Oct 19 13:41 
./queue/e7/e737b975/message
# date
Thu Oct 19 13:49:56 AEDT 2017
# smtpctl schedule all 
0 envelope scheduled
# rcctl restart smtpd 
smtpd(ok)

smtpd(ok)
# find . -mtime -1 -type f -ls 
43398284 -rw---1 _smtpq   wheel 384 Oct 19 13:10 ./queue/b9/b92ce085/b92ce0855a5a19d3

4339834 13792 -rw---1 _smtpq   wheel 7038282 Oct 19 10:44 
./queue/b9/b92ce085/message
43398644 -rw---1 _smtpq   wheel 384 Oct 19 12:28 
./queue/2c/2c1b7236/2c1b72365a0463cd
4339825 21088 -rw---1 _smtpq   wheel10765025 Oct 19 10:05 
./queue/2c/2c1b7236/message
43398694 -rw---1 _smtpq   wheel 348 Oct 19 13:41 
./queue/e7/e737b975/e737b975f7929cbb
43398714 -rw---1 _smtpq   wheel 436 Oct 19 13:41 
./queue/e7/e737b975/message
# mailq
2c1b72365a0463cd|inet4|mta||scan@DOMAIN|USER@DOMAIN|USER@DOMAIN|1508367927|1508713527|1508381418|4|inflight|14|Connection
 closed unexpectedly
b92ce0855a5a19d3|inet4|mta||scan@DOMAIN|USER@DOMAIN|USER@DOMAIN|1508370233|1508715833|1508381418|3|inflight|14|Connection
 closed unexpectedly
e737b975f7929cbb|local|mta|auth|root@fire1.DOMAIN|USER@DOMAIN|USER@DOMAIN|1508380862|1508726462|1508381418|0|inflight|14|


Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Flushing SMTPD's queue

[Damian McGuckin]

On Sat, 2 Sep 2017, Daniel Jakots wrote:


'smtpctl schedule all' should suit your need


Thanks. Silly me.

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Simple Filters

[Damian McGuckin]

Where are simple filters at? I noticed they are still experimental? Has 
anything progressed recently?


Just looking for something that will allow blocking on Sender, Recipient, and 
Subject (with pattern matching for all of these).


As a potential alternative, how much extra load is placed on the OpenSMTPD 
server by lots, i.e. tens, of lines of the 'reject from ..' mechanism with 
explicit sender/recipient names or domains.


Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Can't send mail (but receive OK)

[Damian McGuckin]

When they block port 25, they often provide you with a email gateway which 
you can use as a smart host through which you can forward your outbound 
email traffic. They often have a 'Power Pack' or 'Business Pack' for few 
bucks extra per month.


But the best solution is to have a VPN to your VPS through which you route 
your inbound/outbound email, assuming there are no such limitations on the

VPS.

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Can't send mail (but receive OK)

[Damian McGuckin]

On Fri, 20 Jan 2017, Andreas Thulin wrote:


My smtpd.conf:

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

# To accept external mail, replace with: listen on all
#
# listen on lo0
listen on all

# Uncomment the following to accept external mail for domain "example.org"
#
accept from any for domain "andreasthulin.se" alias  deliver to
mbox
accept for local alias  deliver to mbox
accept from local for any relay

What have I got wrong, and how can I trouble-shoot?


Can you send email locally?

Try

date | sendmail -v -f root root

and check root's mailbox in /var/mail, unless you have aliased root.

Then do the same with external username(s).

date | sendmail -v -f r...@andreasthulin.se USER@EXTERNAL-DOMAIN

And check all your logs.

- Damian

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Table(s) - speed of access and other things

[Damian McGuckin]

For faster access, I assume it is better to use

table aliases db:/etc/mail/aliases.db

instead of

table aliases file:/etc/mail/aliases

It would appear that if you use the latter syntax, OpenSMPTD does not even 
use the '.db' file, i.e. aliases.db. Am I correct? Sorry, I went through 
the source but I found it tough going.


Is ony of the other better form for smallish systems, i.e. under 100 
users, under 100 aliases?


I ask this because sending emails to an alias worked for me without an 
'aliases.db'. I note that some older OpenSMTPD discussions out on the 
internet gives the impression that 'aliases.db' is needed even it the 
latter form of the table definition is used. I think that those authors 
must have been confused with ugly old 'sendmail' which complains if the 
file 'aliases.db' is out of date relative to 'aliases'.


Note that with OpenSMTPD, if the first form appears in 'smtpd.conf', and 
the file 'aliases.db' does not exist, then calling 'newaliases' results in 
a message


/etc/mail/smtpd.conf:6: invalid configuration file /etc/mail/aliases.db for 
table aliases

This is a bit cryptic as the file is not invalid, just missing.

The quick fix is to

cd /etc/mail

and then either

makemap aliases
or
makemap -d hash -o aliases.db aliases

After that, 'newaliases' works nicely. I would have thought that one of 
the first things OpenSMTPD's version of 'newaliases' did was a 'makemap'.


Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Semantics in accept rule - strict meaning of "from local"

[Damian McGuckin]

What is the definition of a locally originating connection please?

It would appear that

accept from local for any relay

is not the same as

table myself { localhost }

accept from source  for any relay

I was trying to create a tighter version of the following 'smtpd.conf' 
which seems to work


table mylan { 10.10.1.0/24, 10.10.10.0/24 }

listen on 127.0.0.1
listen on 10.10.10.1

accept from source  for any relay
accept from local for any relay

This allows this host (10.10.10.1) running OpenSMTPD to send email that 
originates on either itself, or any system on the 10.10.10.0/24 physical 
internal network, or any system on the 10.10.1.0/24 virtual internal 
network as is specified by NPPPD which is also running on this same 
machine.


I was trying to have a tighter file and define 'mylan' as

table mylan { 10.10.1.0/24, 10.10.10.0/24, localhost }

which should let me drop the last line. It fails. Hence my first question.

There are other places, e.g.

for local virtual 

where the word 'local' does mean localhost and the default server name.

Thanks - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Configuration with a VPN

[Damian McGuckin]

Apologies is this is really dumb, but I have an OpenSMTPD running on an 
system with 1 real internal network (em1) and 1 sandbox network (pppx0)

which is the network that NPPPD uses to mess with packets.

em1 10.10.10.0/24
pppx0   10.10.1.0/24

My definition of a local is anything on those networks. I want any such 
machine to be able to send email internally and externally. The external 
interface 'em0' does not let SMTP packets through from the outside world.


I am using the very basic configuration

table aliases file:/etc/mail/aliases

listen on lo0
listen on em1

accept for local alias  deliver to mbox
accept from local for any relay

Anything from the VPN sandbox can get to anything on 10.10.10.0/24. No
firewall rules get in the way.

Doing a telnet to port 25 of the SMTPD server from a machine on the VPN, 
say 10.10.1.219 which resolves to the same network as the host, i.e.


telnet 10.10.10.1 25

and then grok'ing SMTP, you get

  helo ex219.example.com
  250 fire1.example.com Hello ex219.example.com [10.10.1.219], pleased to ..
  mail from:
  250 2.0.0: Ok
  rcpt to:
  550 Invalid Recipient

The same happens talking from say 10.10.10.98, a system on the local 
network.


Doing the same sequence on the system(10.10.10.1) on which OpenSMTP
does not result in an invalid recipient.

If I remove the last line and change it to

accept from any for any relay

Everything works. This seems a bit open to me.

What is defined as local and how do I convince OpenSMTPD's concept of 
local to reflect mine, i.e. both


10.10.10.0/24 and 10.10.1.0/24

I do not want to 'listen on' the NPPPD sandbox VPN network because I have
no idea what that does or how it does it.

I tried putting both the networks

10.10.10.0
10.10.1.0

into a file called networks and created a table

table networks file:/etc/mail/networks

and did

accept from source  for any relay

But that did not work. Makemap objected to the format. And using it raw,
i.e. without creating a '.db. version failed also (in the same way).

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: using '[al]pine' with OpenSMTP

[Damian McGuckin]

On Fri, 6 Jan 2017, Antoine Jacoutot wrote:


On Fri, Jan 06, 2017 at 02:35:46PM +1100, Damian McGuckin wrote:


Does the FAQ need a section of tweaks for email clients?

I tried to use 'alpine' on OpenBSD 6.0 with the standard SMTPD therein.

A pkg_add'ed 'alpine' just sits there trying and trying until you go into

Main-Menu -> Setup -> Config

and change the SMTP server to 'localhost'. I have never had to do that
in my life with 'alpine' on any other system that has used sendmail or
postfix.

How many other email clients need tweaking for OpenSMTPD?


It's probably due to the default sendmail flags used by alpine :
smtp_msa_flags="-bs -odb -oem"


Yes.


I'll have a look at the port today, there's a configure option to change the
defaults.


Then the knowledge gets hidden into the configuration build of the port.

The fix was easy, just hard to find.

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

using '[al]pine' with OpenSMTP

[Damian McGuckin]

Does the FAQ need a section of tweaks for email clients?

I tried to use 'alpine' on OpenBSD 6.0 with the standard SMTPD therein.

A pkg_add'ed 'alpine' just sits there trying and trying until you go into

Main-Menu -> Setup -> Config

and change the SMTP server to 'localhost'. I have never had to do that
in my life with 'alpine' on any other system that has used sendmail or
postfix.

How many other email clients need tweaking for OpenSMTPD?

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filters

[Damian McGuckin]

On Sat, 2 Jan 2016, Sunil Nimmagadda wrote:


Filters require you to be -current. On OpenBSD the simplest way to test...


Thanks. That's extremely very useful. That was never mentioned anywhere.

I'll wait until 5.9 comes out.

We never run '-current' to protect sites.

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Filters

[Damian McGuckin]

Hi everybody,

New to this list although I have been using OpenBSD thought since 2.1.
Contributed hardware (long ago) to the OpenBSD project.

I am trying to figure out how to use DNS BLs with OpenSMTPD. Until I can 
do that, I do not want to deploy it.


I can see the API code in the source try but not the instructions on how 
to use it.


I found the document 'opensmtpd-LinuxCon2015.conf' by Giovanni Bechis and 
it seems to imply that filters are operational. In fact, it says


"there are filters available for dnsbl, regex matching,
Spam Assassin, and Clamav integration and much more"

However, except for some limited images in the presentation, I cannot find 
any documentation. Even if I grep 'dnsbl' in the current release, nothing 
is there.


Any pointers as to where I can find this information?

Thanks - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org