Re: how to ignore TLS1.3 for test purposes?

2020-07-29 Thread Harald Dunkel
On 2020-07-29 04:12, Larkin Nickle wrote: Looking at smtpd.conf(5), you should be able to put `smtp ciphers control` (control being the control string of allowed ciphers). The default is "HIGH:!aNULL:!MD5". I think "HIGH:!aNULL:!MD5!TLSv1.3" should be valid in removing TLSv1.3 as far as I can

how to ignore TLS1.3 for test purposes?

2020-07-28 Thread Harald Dunkel
Hi folks, there seems to be a compatibility issue between opensmtpd on OpenBSD 6.7 and exim4 on Debian's bugtracker, see https://lists.debian.org/debian-user/2020/07/msg01091.html Most recent syspatches are applied, of course. I cannot reproduce this problem with opensmtpd 6.7.1-p1 on

Re: smtp-out: Address family mismatch

2020-07-26 Thread Harald Dunkel
The Network error on destination MX has been resolved. The Address family mismatch is still open. smtpctl show queue gives me a9f755dd88e88083|inet4|mta||u...@example.com|cont...@bugs.debian.org|cont...@bugs.debian.org|1595227438|1595227438|0|27|pending|29446|Address family mismatch on

Re: opensmtpd appears to be IPv4-only

2020-07-26 Thread Harald Dunkel
Hi Slavik, On 2020-07-22 18:26, Slavik Svyrydiuk wrote: I do not have any issues with IPv6. It works for me. Ubuntu == opensmtpd 6.0.3p1-1ubuntu0.2 smtpd.conf lines: listen on 0.0.0.0 port 25 listen on ::0 port 25 $ netstat -lnt | grep ':25' tcp0 0 0.0.0.0:25

opensmtpd appears to be IPv4-only

2020-07-22 Thread Harald Dunkel
Hi folks, I've got a problem with IPv6 support for opensmtpd 6.7.1p1 on Debian: Apparently opensmtpd seems to ignore IPv6 after a reboot. My smtpd.conf says : xname = "mailhost.example.com" pki $xname cert "/etc/mail/ssl/mailhost.example.com.cert" pki $xname key

Re: smtp-out: Address family mismatch

2020-07-21 Thread Harald Dunkel
Currently I have 100+ EMails queued with "Network error on destination MX". This is a severe regression since OpenBSD 6.6. Every insightful comment is highly appreciated Harri On 7/6/20 9:01 AM, Harald Dunkel wrote: Hi folks, I see a lot of outgoing EMails queued with a message

Re: smtp-out: Address family mismatch

2020-07-11 Thread Harald Dunkel
Hi Thomas, On 7/7/20 2:12 AM, Thomas Bohl wrote: My guess would be that the target domain, at the time of the DNS query, only returned a IPv6 address. I have a similar problem. My config is action "relay2Internet" relay \     helo $hostn \     src {$v4adr, $v6adr} as I want to

smtp-out: Address family mismatch

2020-07-06 Thread Harald Dunkel
Hi folks, I see a lot of outgoing EMails queued with a message "smtp-out: Address family mismatch" in the log file. My colleagues don't like EMails being put on hold at all. Prior to 6.4 there was a limit mta inet4 The upgrade guide to the new smtpd.conf syntax

syslog logging changed ?

2020-06-26 Thread Harald Dunkel
Hi folks, before 6.7 the smtpd log file entries were easy to find: Just look for "smtpd" in /var/log/mail.log. With 6.7 this became "y express". On OpenBSD 6.7 its still "smtpd" as expected, so I wonder wth? Regards Harri

Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability

2020-01-30 Thread Harald Dunkel
Hi Jason, On 2020-01-29 14:33, Jason Barbier wrote: According to the CVE everything since the commit in May 2018 that established the new grammar. The EMail did not mention a CVE. I was very concerned that I had to upgrade my "old" hosts to the new smtpd.conf syntax, so this is good news.

Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability

2020-01-29 Thread Harald Dunkel
Hi Gilles, On 2020-01-28 23:30, gil...@poolp.org wrote: Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll

improve smtpd.conf syntax check at startup?

2020-01-24 Thread Harald Dunkel
Hi folks, Do you think it would be possible to improve checking the syntax of the config file? A line like action "relay" relay host smtp+tls"//t...@example.com auth did not trigger an error message at startup time. When there was an EMail to send I got an error message in mail.log

Re: tags on the portable branch?

2019-08-24 Thread Harald Dunkel
Hi Gilles, On 8/24/19 9:14 PM, Gilles Chehade wrote: > > This is expected. > > Version 6.4.x only builds with LibreSSL or OpenSSL 1.0.x > do you think it would be possible to set a tag matching support for openssl 1.1.1c as well? The version I am using right now now is based on

Re: tags on the portable branch?

2019-08-24 Thread Harald Dunkel
On 8/23/19 9:55 PM, John Cox wrote: > Hi > > Whilst I know it doesn't help you I just git cloned that URL and the > tag checkout just worked for me. What happens if you make another new > (temporary) repo with clone and try again? > > Regards > > John Cox > Using a new clone, as suggested:

Re: tags on the portable branch?

2019-08-23 Thread Harald Dunkel
On 8/23/19 1:37 PM, Harald Dunkel wrote: {hdunkel@dpcl082:OpenSMTPD (portable) 518} git remote -v origin  https://github.com/OpenSMTPD/OpenSMTPD.git (fetch) origin  https://github.com/OpenSMTPD/OpenSMTPD.git (push) {hdunkel@dpcl082:OpenSMTPD (portable) 519} git checkout opensmtpd-6.4.2p1 error

Re: tags on the portable branch?

2019-08-23 Thread Harald Dunkel
On 8/22/19 10:34 AM, Gilles Chehade wrote: On Thu, Aug 22, 2019 at 10:24:30AM +0200, Harald Dunkel wrote: Hi folks, would it be possible to set tags on the portable branch as well? Something like portable-6.4.1 would do. This could help alot for creating some kind of "off

tags on the portable branch?

2019-08-22 Thread Harald Dunkel
Hi folks, would it be possible to set tags on the portable branch as well? Something like portable-6.4.1 would do. This could help alot for creating some kind of "official" source package for Debian and Fedora/RedHat. Thanx in advance Harri

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-14 Thread Harald Dunkel
On 8/14/19 3:43 PM, Harald Dunkel wrote: > > This is Debian sid (amd64), including openssl version 1.1.1c . > Here is the list of packages providing shared objects for smtpd: > > ||/ Name VersionArchitect

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-14 Thread Harald Dunkel
On 8/13/19 9:02 PM, gil...@poolp.org wrote: > 13 août 2019 12:35 "Harald Dunkel" a écrit: > >> >> Surely I don't have a highly complex EMail configuration, but >> the new version is running on my MTA and the nullclients since >> Aug 7th: No issues by no

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-13 Thread Harald Dunkel
Hi folks, On 7/24/19 1:16 PM, Gilles Chehade wrote: > On Wed, Jul 24, 2019 at 10:29:34AM +0200, Harald Dunkel wrote: > >> I will check runtime ASAP. >> > > Great ! > > Keep on providing feedback please ! > Surely I don't have a highly complex EMail c

Re: git portable branch: Failed to parse smarthost

2019-08-06 Thread Harald Dunkel
Hi Gilles, On 8/6/19 1:35 PM, Gilles Chehade wrote: > > you're using an auth label but this requires a secure transport. > > from smtpd.conf(5): > > The label corresponds to an entry in a credentials table, > as documented in table(5). It is used with the > "smtp+tls" and

unsubscribe old email address?

2019-08-06 Thread Harald Dunkel
Hi folks, https://www.opensmtpd.org/list.html doesn't tell how to unsubscribe an old EMail address, that cannot be used for sending EMails anymore. The same page doesn't list an administrative user, either, so please excuse sending this question to this mailing list. I tried to send an EMail

git portable branch: Failed to parse smarthost

2019-08-05 Thread Harald Dunkel
Hi folks, trying the new smtpd with openssl support on Debian I get the following error: Aug 5 18:56:26 mailhost smtpd[712]: warn: Failed to parse smarthost smtp://someh...@mail.somehost.de Mail is not forwarded, of course. The config file says : table localnet { 10.0.0.0/24,

Re: openssl support

2019-05-17 Thread Harald Dunkel
Hi Gilles, I understand that ssl support is a highly complex issue, making it necessary to focus and to get rid of the cruft. It would be a pity if opensmtpd becomes "OpenBSD-only", though. Regards Harri -- You received this mail because you are subscribed to misc@opensmtpd.org To

openssl support

2019-05-17 Thread Harald Dunkel
Hi folks, I wonder what became of https://github.com/OpenSMTPD/OpenSMTPD/issues/534 ? IMHO this issue was closed way too early. Are all OS distros happy with opensmtpd going libressl-only? Will the rest follow? Regards Harri -- You received this mail because you are subscribed to

Re: opensmtpd 6.0.3: redirect outgoing EMails to an internal account

2019-05-13 Thread Harald Dunkel
On 5/10/19 10:55 AM, Harald Dunkel wrote: Hi folks, for testing purposes I have to setup opensmtpd 6.0.3 to redirect all outgoing EMails from a list of stage systems to a dedicated internal account. smtpd.conf is attached. I have found it: : table aliases file:/etc/aliases table vmap file

Re: opensmtpd 6.0.3: redirect outgoing EMails to an internal account

2019-05-10 Thread Harald Dunkel
Hi Gilles, On 5/10/19 11:30 AM, Gilles Chehade wrote: without your configuration it's hard to determine what's wrong Config file was attached. You can find it in the archive as well, e.g. on https://www.mail-archive.com/misc@opensmtpd.org/msg04343.html Regards Harri -- You received this

opensmtpd 6.0.3: redirect outgoing EMails to an internal account

2019-05-10 Thread Harald Dunkel
Hi folks, for testing purposes I have to setup opensmtpd 6.0.3 to redirect all outgoing EMails from a list of stage systems to a dedicated internal account. smtpd.conf is attached. Problem is, there is an invalid recipient error for sending an EMail from such a stage system: % netcat

Re: kill -HUP not working as expected

2018-11-29 Thread Harald Dunkel
Hi Gilles, On 11/29/18 9:17 AM, Gilles Chehade wrote: there are multiple reasons behind that: - smtpd can be killed/restarted right away without having to do cleanups and given that other MTA are supposed to retry transfers if connection drops, the complexity of dealing with reloading

kill -HUP not working as expected

2018-11-28 Thread Harald Dunkel
Hi folks, I learned some time ago that daemons restart or reload their config file, when they receive a HUP. sendmail, sshd and tons of others do. smtpd doesn't. :-( Regards Harri -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to:

Address family mismatch on destination MXs

2018-11-07 Thread Harald Dunkel
Hi folks, sometimes opensmtpd (OpenBSD 6.3) queues an EMail with Address family mismatch on destination MXs even though smtpd.conf says limit mta inet4 The destination MX on my testcase (running OpenBSD 6.3 and opensmtpd as well) has both IPv4 and IPv6 address. According to

Re: 6.4 broke procmail .forward

2018-10-31 Thread Harald Dunkel
Hi Gilles, On 10/28/18 6:52 PM, Gilles Chehade wrote: Please do yourselves a favor, ditch procmail in favor of fdm. I am not sure if fdm is an option. Looking at https://github.com/ft/fdm.git it seems that this code has been abandoned. Are there others? Regards Harri -- You received

Re: "limit mta inet4" is ignored, smtpd fails to start

2018-03-18 Thread Harald Dunkel
On 03/18/18 13:54, Richard wrote: > > It appears that "limit mta inet4" statement limits outgoing ipv6 > connections but not incoming ipv6 connections... > > Instead of the limit statement one might use a notation like this > which limits incoming and outgoing connections to ipv4 by interface: >

Re: smtpd: listen on (eth0)

2017-04-22 Thread Harald Dunkel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/21/17 05:56, Harald Dunkel wrote: > Hi folks, > > I am running opensmtpd on Linux (next to OpenBSD, of course). Problem: > Apparently smtpd doesn't recognize a new IPv6 address assigned to the network > interface (e.g.

smtpd: listen on (eth0)

2017-04-20 Thread Harald Dunkel
Hi folks, I am running opensmtpd on Linux (next to OpenBSD, of course). Problem: Apparently smtpd doesn't recognize a new IPv6 address assigned to the network interface (e.g. due to a prefix change). It keeps on listening on the old IPv6 address only. Do you think this could be improved? Thanx