Hi folks,
hardwired constants in my smtpd.conf are causing problems with IPv6
prefix delegation, so I wonder if there is some abbr. for "internal
network"? Something like
# table localnet { 10.10.10.0/24 10.10.11.0/24 2001:db8:abcd:0012::/64 }
:
listen on intern tls pki
Hi folks,
smtpctl spfwalk returns messages like
smtpctl: lookup_record: %{i}._spf.mta.salesforce.com contains macros and can't
be resolved
smtpctl: lookup_record: %{ir}.%{v}.%{d}.spf.has.pphosted.com contains macros
and can't be resolved
smtpctl: lookup_record: %{i}._spf.mta.salesforce.com
Hi folks
I see quite a number of EMails mentioned in /var/log/maillog with a
string "from=<>", e.g.
Jul 6 08:08:24 mailgate smtpd[84448]: 90d0e01d76abce9c mta delivery evpid=e62074ed220d58f9 from=<> to=
rcpt=<-> source="10.0.96.7" relay="10.0.96.11 (mailhost.mydomain.com)" delay=0s
Hi folks,
is it possible to bounce invalid message IDs, e.g. using a UUID
instead of the well-known format (https://en.wikipedia.org/wiki/Message-ID)?
Regards
Harri
On 2022-05-31 11:50:39, Harald Dunkel wrote:
Hi Frank,
I am not sure if I got this correctly, but AFAIU you assume some unusual
chars in the recipient address. There are none, according to /var/log/maillog.
The chars in the recipient address are between 0x33 and 0x7e. And there is
neither
thers think of the way we are handling the ORCPT?
Cheers
Frank
[1] https://datatracker.ietf.org/doc/html/rfc3461#section-4.2
[2] https://datatracker.ietf.org/doc/html/rfc3461#section-4
On Mon, 2022-05-30 at 09:04 +0200, Harald Dunkel wrote:
Hi folks,
my MTA (opensmtpd on OpenBSD
Hi folks,
my MTA (opensmtpd on OpenBSD 7.0) rejects a few EMails with
a message like
May 27 08:42:30 mymta smtpd[10310]: f06a752b657b4a05 smtp failed-command command="RCPT
TO: ORCPT=rfc822;u...@example.com" result="550 Invalid recipient:
"
in /var/log/maillog. The EMails to u...@example.com
Hi folks,
what is the default for the pki option in a relay action? The man
page doesn't tell, AFAICS.
Regards
Harri
Hi folks,
on OpenBSD's smtpd I can set "protocols" and "ciphers" for the listen
lines. They are not mentioned in the man page for smtpd.conf on Linux.
What is the story here?
Regards
Harri
Hi folks,
I wonder if opensmtpd starts using new key and certificate chain automagically,
in case they replaced the old files? Do I have to hup or restart smtpd?
Hopefully I am not too blind to see, but apparently the man page doesn't tell.
Regards
Harri
Hi folks,
since the upgrade to OpenBSD 6.9 at the weekend opensmtpd complains
smtp cert-check result="no certificate presented"
for incoming EMails. opensmtpd.conf and the certificate chain
hasn't changed. There is only a single MX defined in DNS (for
both "example.com" and
On 5/12/21 2:56 PM, Martijn van Duren wrote:
Apparently it's a problem in glibc's inet_net_pton. It does not support
AF_INET6. to.c has the same problem and works around this problem by
handcrafting broken_inet_net_pton_ipv6().
Would it be possible to use inet_pton() ?
Regards
Harri
On 5/12/21 8:56 AM, nathanael wrote:
this is what i get on my machine:
~ echo spf.protection.outlook.com | smtpctl spf walk
40.92.0.0/15
40.107.0.0/16
52.100.0.0/14
104.47.0.0/17
2a01:111:f400::/48
2a01:111:f403::/48
51.4.72.0/24
Hi folks,
I am a big fan of IPv6, so I wonder why smtpctl spf walk omits
all the IPv6 addresses?
# echo spf.protection.outlook.com | smtpctl spf walk
40.92.0.0/15
40.107.0.0/16
52.100.0.0/14
104.47.0.0/17
51.4.72.0/24
51.5.72.0/24
On 5/10/21 3:14 PM, Martijn van Duren wrote:
There's filter-dkimsign in packages, which is also mentioned in
smtpd.conf. I don't think there's a more lightweight solution
possible.
I had found your web site https://palant.info/2020/11/09/adding-\
Hi folks,
Would it be possible to *integrate* dkim signatures in opensmtpd?
I saw rspamd, but this is not an option. I am looking for a
lightweight solution for signing EMail headers.
Regards
Harri
Hi Martin,
thank you very much for your response. I stumbled over this
lost man page looking for additional information about the
filters mentioned on https://man.openbsd.org/smtpd.conf.
Apparently there are a few more unused source files in the git
repository. They are very hard to detect
Hi folks,
looking at github there is a file "smtpd-filters.7" and "filter.c"
in smtpd, but apparently they are not used at build or install time.
configure.ac doesn't mention them, either, so I wonder whats the
story here? Have they been forgotten? Obsolete code?
Regards
Harri
Hi folks,
AFAICS opensmtpd can reject EMails with a spoofed from address
in the envelope, as shown in smtpd.conf(5). But how can I reject
EMails with a spoofed "From: " address in the EMail header,
matching my own domain?
See below for smtpd.conf. EMails with a spoofed From addresses get
On 1/7/21 3:03 PM, Martijn van Duren wrote:
Could you show your config, steps to reproduce and expected behaviour?
Because I'm not entirely sure what you try to achieve.
I was trying to see which rules in smtpd.conf match. "smtpctl trace all"
didn't work.
Problem was, I hadn't enabled debug
On 1/7/21 1:03 PM, Martijn van Duren wrote:
Your question isn't really specific, but my best guess is that -Tfilters
will do the trick.
I tried "smtpctl trace all", but there was no visual effect.
Regards
Harri
Hi folks,
for debugging I would like to know which "match" line does
actually match the incoming EMails. Is there some option for
opensmtpd to watch it? "-v" seems to be insufficient.
Every insightful comment would be highly appreciated.
Regards
Harri
I installed it on my mailhost: Seems to work. The problem with
logging ("y express" instead of "smtpd" in the logfile) seems to
be gone.
Good work
Harri
Hi folks,
apparently there are 2 different kinds of lines in /var/log/maillog:
Lines with a message id, and lines without. Very painful.
The lines without message id seem to start with "smtp-out:", eg
smtp-out: No valid route for
On 2020-07-29 04:12, Larkin Nickle wrote:
Looking at smtpd.conf(5), you should be able to put `smtp ciphers control` (control being the
control string of allowed ciphers). The default is "HIGH:!aNULL:!MD5". I think
"HIGH:!aNULL:!MD5!TLSv1.3" should be valid in removing TLSv1.3 as far as I can
Hi folks,
there seems to be a compatibility issue between opensmtpd on
OpenBSD 6.7 and exim4 on Debian's bugtracker, see
https://lists.debian.org/debian-user/2020/07/msg01091.html
Most recent syspatches are applied, of course. I cannot reproduce
this problem with opensmtpd 6.7.1-p1 on
The Network error on destination MX has been resolved.
The Address family mismatch is still open.
smtpctl show queue gives me
a9f755dd88e88083|inet4|mta||u...@example.com|cont...@bugs.debian.org|cont...@bugs.debian.org|1595227438|1595227438|0|27|pending|29446|Address
family mismatch on
Hi Slavik,
On 2020-07-22 18:26, Slavik Svyrydiuk wrote:
I do not have any issues with IPv6.
It works for me.
Ubuntu
==
opensmtpd 6.0.3p1-1ubuntu0.2
smtpd.conf lines:
listen on 0.0.0.0 port 25
listen on ::0 port 25
$ netstat -lnt | grep ':25'
tcp0 0 0.0.0.0:25
Hi folks,
I've got a problem with IPv6 support for opensmtpd 6.7.1p1 on
Debian: Apparently opensmtpd seems to ignore IPv6 after a reboot.
My smtpd.conf says
:
xname = "mailhost.example.com"
pki $xname cert "/etc/mail/ssl/mailhost.example.com.cert"
pki $xname key
Hi Thomas,
On 7/7/20 2:12 AM, Thomas Bohl wrote:
My guess would be that the target domain, at the time of the DNS query, only
returned a IPv6 address.
I have a similar problem. My config is
action "relay2Internet" relay \
helo $hostn \
src {$v4adr, $v6adr}
as I want to
Hi folks,
I see a lot of outgoing EMails queued with a message "smtp-out:
Address family mismatch" in the log file. My colleagues don't like
EMails being put on hold at all.
Prior to 6.4 there was a
limit mta inet4
The upgrade guide to the new smtpd.conf syntax
Hi folks,
before 6.7 the smtpd log file entries were easy to find: Just
look for "smtpd" in /var/log/mail.log.
With 6.7 this became "y express". On OpenBSD 6.7 its still "smtpd"
as expected, so I wonder wth?
Regards
Harri
Hi Jason,
On 2020-01-29 14:33, Jason Barbier wrote:
According to the CVE everything since the commit in May 2018 that established
the new grammar.
The EMail did not mention a CVE. I was very concerned that I had to upgrade
my "old" hosts to the new smtpd.conf syntax, so this is good news.
Hi Gilles,
On 2020-01-28 23:30, gil...@poolp.org wrote:
Hello misc@,
Qualys has found a critical vulnerability leading to a possible privilege
escalation.
It is very important that you upgrade your setups AS SOON AS POSSIBLE.
We'll provide more details when the advisory will be out and I'll
Hi folks,
Do you think it would be possible to improve checking the syntax of
the config file? A line like
action "relay" relay host smtp+tls"//t...@example.com auth
did not trigger an error message at startup time. When there was an
EMail to send I got an error message in mail.log
Hi Gilles,
On 8/24/19 9:14 PM, Gilles Chehade wrote:
>
> This is expected.
>
> Version 6.4.x only builds with LibreSSL or OpenSSL 1.0.x
>
do you think it would be possible to set a tag matching support
for openssl 1.1.1c as well? The version I am using right now now
is based on
On 8/23/19 9:55 PM, John Cox wrote:
> Hi
>
> Whilst I know it doesn't help you I just git cloned that URL and the
> tag checkout just worked for me. What happens if you make another new
> (temporary) repo with clone and try again?
>
> Regards
>
> John Cox
>
Using a new clone, as suggested:
On 8/23/19 1:37 PM, Harald Dunkel wrote:
{hdunkel@dpcl082:OpenSMTPD (portable) 518} git remote -v
origin https://github.com/OpenSMTPD/OpenSMTPD.git (fetch)
origin https://github.com/OpenSMTPD/OpenSMTPD.git (push)
{hdunkel@dpcl082:OpenSMTPD (portable) 519} git checkout opensmtpd-6.4.2p1
error
On 8/22/19 10:34 AM, Gilles Chehade wrote:
On Thu, Aug 22, 2019 at 10:24:30AM +0200, Harald Dunkel wrote:
Hi folks,
would it be possible to set tags on the portable branch as well?
Something like
portable-6.4.1
would do.
This could help alot for creating some kind of "off
Hi folks,
would it be possible to set tags on the portable branch as well?
Something like
portable-6.4.1
would do.
This could help alot for creating some kind of "official" source
package for Debian and Fedora/RedHat.
Thanx in advance
Harri
On 8/14/19 3:43 PM, Harald Dunkel wrote:
>
> This is Debian sid (amd64), including openssl version 1.1.1c .
> Here is the list of packages providing shared objects for smtpd:
>
> ||/ Name VersionArchitect
On 8/13/19 9:02 PM, gil...@poolp.org wrote:
> 13 août 2019 12:35 "Harald Dunkel" a écrit:
>
>>
>> Surely I don't have a highly complex EMail configuration, but
>> the new version is running on my MTA and the nullclients since
>> Aug 7th: No issues by no
Hi folks,
On 7/24/19 1:16 PM, Gilles Chehade wrote:
> On Wed, Jul 24, 2019 at 10:29:34AM +0200, Harald Dunkel wrote:
>
>> I will check runtime ASAP.
>>
>
> Great !
>
> Keep on providing feedback please !
>
Surely I don't have a highly complex EMail c
Hi Gilles,
On 8/6/19 1:35 PM, Gilles Chehade wrote:
>
> you're using an auth label but this requires a secure transport.
>
> from smtpd.conf(5):
>
> The label corresponds to an entry in a credentials table,
> as documented in table(5). It is used with the
> "smtp+tls" and
Hi folks,
trying the new smtpd with openssl support on Debian I get the
following error:
Aug 5 18:56:26 mailhost smtpd[712]: warn: Failed to parse smarthost
smtp://someh...@mail.somehost.de
Mail is not forwarded, of course.
The config file says
:
table localnet { 10.0.0.0/24,
Hi Gilles,
I understand that ssl support is a highly complex issue, making it
necessary to focus and to get rid of the cruft.
It would be a pity if opensmtpd becomes "OpenBSD-only", though.
Regards
Harri
--
You received this mail because you are subscribed to misc@opensmtpd.org
To
Hi folks,
I wonder what became of
https://github.com/OpenSMTPD/OpenSMTPD/issues/534
? IMHO this issue was closed way too early. Are all OS distros
happy with opensmtpd going libressl-only? Will the rest follow?
Regards
Harri
--
You received this mail because you are subscribed to
On 5/10/19 10:55 AM, Harald Dunkel wrote:
Hi folks,
for testing purposes I have to setup opensmtpd 6.0.3 to
redirect all outgoing EMails from a list of stage systems to a
dedicated internal account. smtpd.conf is attached.
I have found it:
:
table aliases file:/etc/aliases
table vmap file
Hi Gilles,
On 5/10/19 11:30 AM, Gilles Chehade wrote:
without your configuration it's hard to determine what's wrong
Config file was attached. You can find it in the archive as well,
e.g. on
https://www.mail-archive.com/misc@opensmtpd.org/msg04343.html
Regards
Harri
--
You received this
Hi folks,
for testing purposes I have to setup opensmtpd 6.0.3 to
redirect all outgoing EMails from a list of stage systems to a
dedicated internal account. smtpd.conf is attached.
Problem is, there is an invalid recipient error for sending
an EMail from such a stage system:
% netcat
Hi Gilles,
On 11/29/18 9:17 AM, Gilles Chehade wrote:
there are multiple reasons behind that:
- smtpd can be killed/restarted right away without having to do cleanups
and given that other MTA are supposed to retry transfers if connection
drops, the complexity of dealing with reloading
Hi folks,
I learned some time ago that daemons restart or reload their config
file, when they receive a HUP. sendmail, sshd and tons of others do.
smtpd doesn't. :-(
Regards
Harri
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to:
Hi folks,
sometimes opensmtpd (OpenBSD 6.3) queues an EMail with
Address family mismatch on destination MXs
even though smtpd.conf says
limit mta inet4
The destination MX on my testcase (running OpenBSD 6.3 and
opensmtpd as well) has both IPv4 and IPv6 address.
According to
Hi Gilles,
On 10/28/18 6:52 PM, Gilles Chehade wrote:
Please do yourselves a favor, ditch procmail in favor of fdm.
I am not sure if fdm is an option. Looking at https://github.com/ft/fdm.git
it seems that this code has been abandoned.
Are there others?
Regards
Harri
--
You received
On 03/18/18 13:54, Richard wrote:
>
> It appears that "limit mta inet4" statement limits outgoing ipv6
> connections but not incoming ipv6 connections...
>
> Instead of the limit statement one might use a notation like this
> which limits incoming and outgoing connections to ipv4 by interface:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/21/17 05:56, Harald Dunkel wrote:
> Hi folks,
>
> I am running opensmtpd on Linux (next to OpenBSD, of course). Problem:
> Apparently smtpd doesn't recognize a new IPv6 address assigned to the network
> interface (e.g.
Hi folks,
I am running opensmtpd on Linux (next to OpenBSD, of course). Problem:
Apparently smtpd doesn't recognize a new IPv6 address assigned to the
network interface (e.g. due to a prefix change). It keeps on listening
on the old IPv6 address only.
Do you think this could be improved?
Thanx
57 matches
Mail list logo