How to... reply 450 invalid recipient instead of 550 Invalid recipient...

2019-12-01 Thread Implausibility
I've moved some more domains over to my new server that I've been building with 
your assistance.  :D

While I get the configuration finalized, I'd like to send temporary failures, 
rather than permanent failures, so that I can alter my configuration and have 
the sending server retry.

I only have filters that result in 550s - mostly for spam-control measures.

Is it possible to reduce the severity of an invalid user, so that I get the 
chance to correct any remaining configuration problems, rather than just 
rejecting the mail entirely?

Thanks again!


Re: Virtual domains & Virtual Users...

2019-11-23 Thread Implausibility
With some help from Andrew off-list, he provided a config that works for what 
I'm trying to do.  It's attached below.  Hopefully all you'd need to do to 
duplicate my success is search-and-replace example.com for your own primary 
(FQDN) mail server domain name (as long as it's called mail.youdomain.com).

The secret is that there needs to be two tables -- one with a list of eMail 
addresses to accept, and one that maps the accepted eMail addresses to a local 
user mailbox.

I'd prefer if this was more streamlined, so I didn't need to maintain two 
separate lists, but I'm sure I can script around it.  Any refinements would be 
greatly appreciated.  :D

Thanks again Andrew! 

# **
#   $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases
table domains db:/etc/mail/domains.db
table vusers_list file:/etc/mail/vusers_list
table vusers_map file:/etc/mail/vusers_map

action "local_mail" maildir junk alias 
action "vusers_deliver" maildir junk virtual 
action "outbound" relay helo mail.example.com

pki mail.example.com cert "/etc/ssl/mail.example.comfullchain.pem"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"

filter check_dyndns phase connect match rdns regex { 
'.*\.dyn\..*','.*\.dsl\..*' } \
disconnect "550 you look like a spammer"

filter check_rdns phase connect match !rdns \
disconnect "550 you look like a spammer"

filter check_fcrdns phase connect match !fcrdns \
disconnect "550 you look like a spammer"

filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"

filter rspamd proc-exec "filter-rspamd"

listen on all tls pki mail.example.com \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }

listen on all port submission tls-require pki mail.example.com auth filter 
rspamd

match from any for domain "mail.example.com" action "local_mail"
match from any for domain  rcpt-to  action 
"vusers_deliver"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"





Re: Virtual domains & Virtual Users...

2019-11-23 Thread Implausibility
>> In order to get virtual users working, I've added three lines to the config:
>> 
>>> table vusers file:/etc/mail/vusers
>>> action "vusers" maildir junk virtual 
>>> match from any for domain  rcpt-to virtual  action "vusers"
> 
> your match rule is not correct, I'm not sure what you want to do:

I want to accept mail for any of my virtual domains, for eMail addresses 
described in the vusers table (which contains a full eMail address 
(us...@example2.com) followed by whitespace, and the local user whose mailbox 
it should be delivered to.  


> - rcpt-to lacks a table parameter, but I'm unsure if it's even needed here
> - virtual  can't be in the match rule, it must be in your action, 
> which is already the case

I removed these items, and the error went away, but now I get 550 invalid 
recipient.  

I'm sending mail to test...@example2.com (a virtual eMail address at a virtual 
domain, mapped to an existing local user in the vusers table) from my old 
postfix mail server, external-mail-server.example.com.

Maybe I need to change the order of my match commands?

Here's the trace:

5c09782d5c150be6 smtp connected address=xx.xx.xx.xx 
host=external-mail-server.example.com
lookup: match "external-mail-server.example.com" as REGEX in table 
static: -> false
debug: looking up pki "mail.example.com"
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_dec
5c09782d5c150be6 smtp tls ciphers=TLSv1:AES256-SHA:256
smtp: 0x1209188f000: smtp_cert_verify_cb: no-client-cert
debug: smtp: SIZE in MAIL FROM command
expand: 0xf569a012018: expand_insert() called for 
address:test...@example2.com[parent=0x0, rule=0x0]
expand: 0xf569a012018: inserted node 0xf563c563000
expand: lka_expand: address: test...@example2.com [depth=0]
lookup: match "xx.xx.xx.xx" as NETADDR in table static: -> true
lookup: match "example2.com" as DOMAIN in table db:domains -> true
rule #1 matched: match from any for domain domains action local_mail
expand: 0xf569a012018: expand_insert() called for 
username:testing[parent=0xf563c563000, rule=0xf564fc2c380, 
dispatcher=0xf570e4aa210]
expand: 0xf569a012018: inserted node 0xf5720788000
expand: lka_expand: username: testing [depth=1, sameuser=0]
lookup: lookup "testing" as ALIAS in table static:aliases -> none
lookup: lookup "testing" as USERINFO in table getpwnam: -> none
expand: lka_expand: user-part does not match system user
expand: 0xf569a012018: clearing expand tree
5c09782d5c150be6 smtp failed-command command="RCPT TO: 
ORCPT=rfc822;test...@example2.com" result="550 Invalid recipient: 
"
5c09782d5c150be6 smtp disconnected reason=quit




Virtual domains & Virtual Users...

2019-11-23 Thread Implausibility
Hi again.

My mail server has been running fine since last weekend, and I'm trying to 
expand its functionality by including the ability to send and receive mail for 
my list of domains, and for eMail addresses which forward to locally defined 
users -- but I can't seem to get it working, and I think the issue is my 
(mis-)understanding of how the match parameter works...

In order to get virtual users working, I've added three lines to the config:

> table vusers file:/etc/mail/vusers
> action "vusers" maildir junk virtual 
> match from any for domain  rcpt-to virtual  action "vusers"

I was able to get mail delivered for local users to my virtual domains 
previously without issue.  But I can't get virtual addresses working...

I've tried a half a dozen varieties of the match command, and I keep getting 
'syntax error', and it doesn't give me any hint as to what exactly the problem 
is.  I want to accept eMail from any destination, to the domains defined in the 
domains table, that are sending to recipients listed in the vusers table, to 
deliver them to the maildir for access via Dovecot IMAP.

Any help in getting this working would be appreciated.

Here's my config:

> #   $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $
> 
> # This is the smtpd server system-wide configuration file.
> # See smtpd.conf(5) for more information.
> 
> table aliases file:/etc/mail/aliases
> table domains db:/etc/mail/domains.db
> table vusers file:/etc/mail/vusers
> 
> # To accept external mail, replace with: listen on all
> #
> # listen on all
> 
> action "local_mail" maildir junk alias 
> action "vusers" maildir junk virtual 
> action "outbound" relay helo mail.example.com
> 
> match from any for domain  action "local_mail"
> match for local action "local_mail"
> match for any action "outbound"
> 
> pki mail.hottub.ca cert "/etc/ssl/mail.example.fullchain.pem"
> pki mail.hottub.ca key "/etc/ssl/private/mail.example.key"
> 
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', 
> '.*\.dsl\..*' } \
> disconnect "550 you look like a spammer"
> 
> filter check_rdns phase connect match !rdns \
> disconnect "550 you look like a spammer"
> 
> filter check_fcrdns phase connect match !fcrdns \
> disconnect "550 you look like a spammer"
> 
> filter senderscore \
> proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 
> 5000"
> 
> filter rspamd proc-exec "filter-rspamd"
> 
> listen on all tls pki mail.example.ca \
> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
> 
> listen on all port submission tls-require pki mail.hottub.ca auth filter 
> rspamd
> 
> match from any for domain "mail.example.ca" action "local_mail"
> match from any for domain  rcpt-to virtual  action "vusers"
> match for local action "local_mail"
> 
> match from any auth for any action "outbound"
> match for any action "outbound"
> 



Primary Domains vs. Virtual Domains - what's the difference?

2019-11-17 Thread Implausibility
I'm reading the man pages for makemap, and there are two types of database maps 
described, as per $subject.

What are the functional / operational differences between Primary & Virtual 
Domains?  When when I choose one over the other?  Can I get examples of when 
I'd choose a table of primary domains, and when I'd choose a table of virtual 
domains?

Which one should I choose if I want to send *and* receive mail from domains 
that are not the same as my mail server's name?  (e.g... my business has many 
websites...  example.com, example.us, example.io - and I'd like to send and 
receive mail for each of them separately...  say, to route the eMail to the 
sales rep for a specific territory)

Thanks.


Re: pony express: smtpd: bind: Address already in use

2019-11-17 Thread Implausibility
Perfect.  Works!  Thanks for the amazingly fast response.  :D

> On Nov 17, 2019, at 10:52 AM, Archange  wrote:
> 
> Hi,
> 
> 
> Le 17 novembre 2019 16:37:38 GMT+01:00, Implausibility  a 
> écrit :
>> […]
>> 
>> # To accept external mail, replace with: listen on all
>> #
>> listen on all
>> 
>> […]
>> 
>> listen on all tls pki mail.EXAMPLE.ca \
>> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
>> 
> 
> You are listening twice on all (implicitly default port 25), that’s the issue.
> 
> Remove the first instance above.
> 
> Regards,
> Archange
> 




pony express: smtpd: bind: Address already in use

2019-11-17 Thread Implausibility
Hi.  I'm getting this error on a fresh install of OpenBSD 6.6 with the built-in 
OpenSMTPD.

I'm following Gilles' excellent 'setting up a mail server' guide, but have hit 
a wall that I don't seem to be able to fix.  Any assitance will be greatly 
appreciated.

Here's my config (domain name changed to EXAMPLE):

#   $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

# To accept external mail, replace with: listen on all
#
listen on all

action "local_mail" mbox alias 
action "outbound" relay helo mail.EXAMPLE.ca

# Uncomment the following to accept external mail for domain "example.org"
match from any for domain "mail.EXAMPLE.ca" action "local_mail"
match for local action "local_mail"
match for any action "outbound"

pki mail.EXAMPLE.ca cert "/etc/ssl/mail.EXAMPLE.fullchain.pem"
pki mail.EXAMPLE.ca key "/etc/ssl/private/mail.EXAMPLE.key"

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', 
'.*\.dsl\..*' } \
disconnect "550 you look like a spammer"

filter check_rdns phase connect match !rdns \
disconnect "550 you look like a spammer"

filter check_fcrdns phase connect match !fcrdns \
disconnect "550 you look like a spammer"

filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"

filter rspamd proc-exec "filter-rspamd"

#table aliases file:/etc/mail/aliases

listen on all tls pki mail.EXAMPLE.ca \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }

listen on all port submission tls-require pki mail.EXAMPLE.ca auth filter rspamd

action "local_mail" maildir junk alias 

match from any for domain "mail.EXAMPLE.ca" action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"

The only major changes I've made was moving the 'helo mail.EXAMPLE.ca' from the 
lower 'action' definition to the one above (it was duplicated and giving me 
problems) and commenting out the second 'table' and 'action' parameter as it 
was complaining it was a duplicate.

Here's the debug output:

mail# smtpd -f /etc/smtpd.conf -d -v


debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: OpenSMTPD 6.6.0 starting
debug: init ssl-tree
debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: lookup -> control[87452] fd=4
setup_peer: lookup -> pony express[64675] fd=5
setup_peer: lookup -> queue[71335] fd=6
debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: pony express -> control[87452] fd=4
setup_peer: pony express -> klondike[46655] fd=5
setup_peer: pony express -> lookup[45363] fd=6
setup_peer: pony express -> queue[71335] fd=7
debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
setup_peer: klondike -> control[87452] fd=4
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
setup_peer: klondike -> pony express[64675] fd=5
debug: init ssl-tree
setup_done: ca[46655] done
debug: init ca-tree
info: loading pki keys for mail.EXAMPLE.ca
setup_proc: klondike done
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "fs" queue backend
debug: using "ram" stat backend
debug: using "ramqueue" scheduler backend
setup_peer: queue -> control[87452] fd=4
debug: using "ram" stat backend
setup_peer: queue -> pony express[64675] fd=5
setup_peer: queue -> lookup[45363] fd=6
setup_peer: scheduler -> control[87452] fd=4
setup_peer: queue -> scheduler[26366] fd=7
setup_peer: scheduler -> queue[71335] fd=5
debug: init ssl-tree
info: loading pki information for mail.EXAMPLE.ca
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.EXAMPLE.ca
debug: using "fs" queue backend
debug: using "ramqueue" scheduler 

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-04 Thread Implausibility
Vultr blocks SMTP unless you specifically request the block to be lifted. -JD.On Oct 3, 2019, at 12:39 PM, Kevin  wrote:On Thu, Oct 3, 2019 at 8:55 AM Reio Remma  wrote:On 03.10.2019 18:34, Kevin wrote:If I can send the domain email, if I can retrieve email via Dovecot, if I can send mail to myself from the server's CLI (and even retrieve it remotely via my mail client), it seems like there's some knob missing that says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles' rules (and edited them for my own domain) , and it am no workie.Is there perhaps something else akin to the forwarding knob that lets PF forward packets between interfaces that either I've forgotten or was skipped in the HOWTO?Thanks,KevinWhat connection do you have?Ironically / fittingly, Vultr, same as in Gilles' guide. Have been there for ~6 years now running OpenBSD for all my servers there.If it's a home connection, then most ISP-s block sending mail directly to port 25 (on the destination server). You want a static IP for a mail server, with rDNS etc. set up.RDNS is setup and matches the hostname.


Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Implausibility
Vultr specifically blocks mail-specific ports in an attempt to keep their 
network free of spam.  You can ask them to enable eMail ports on your VMs, 

> On Dec 19, 2018, at 4:09 PM, Chris Bennett  
> wrote:
> 
> I was very happy with what I got for a baremetal server at Vultr.
> Unfortunately, even after getting a second IP that was not from the same
> range as the first one, all of these IP ranges, not single IP's, are
> blacklisted in the worst category.
> If you want a web/etc server, great.
> If you want anything to do with email, forget them.
> Shame. I need another baremetal that doesn't have Java KVM.
> Any recommendations?
> 
> Thanks. Looks like anything related to Cloud may be a problem???
> 
> Chris Bennett
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Trouble configuring OpenSMTPD - every incoming message rejected as 550 Invalid recipient.

2018-04-19 Thread Implausibility
Hi.

I originally sent this message to m...@openbsd.org, but was asked to post it 
here instead.  I wasn't able to find a mailing list archive to review at the 
URL: https://www.opensmtpd.org/list.html  If there is an archive, please direct 
me to it, so I can benefit from other's misfortune.  :)

I'm trying to build an OpenSMPTD mail server for the first time to replace my 
aging Postfix box.

No matter who I address inbound eMails to (local users or aliases), I always 
get 550: Invalid recipient in response on the sending server and in 
/var/log/maillog.  I've tried more than a dozen configs, and I can't get past 
this problem.

Domains & IPs anonymized for my comfort, but DNS is configured correctly.  I've 
tried to comment everything possible -- if my comment and configs don't match, 
please let me know where I've gone astray!

Here's my entire smtpd.conf file:

# Random global options
queue compression # Compress data in the queue
max-message-size 25M
expire 7d

# Cryptographic Keys and Certificates
pki mydomain.email certificate "/etc/ssl/mydomain.crt"
pki mydomain.email key "/etc/ssl/private/mydomain.key"
pki mydomain.email dhe auto 

# Define tables 
table blacklist file:/etc/mail/blacklist  # Blacklist of irritating IPs
table whitelist file:/etc/mail/whitelist  # Whitelist for misconfigured IPs
table aliases   file:/etc/mail/aliases# Aliases accepted for delivery
table account   file:/etc/mail/account# Virtual mail accounts
table domains   file:/etc/mail/domains# Domains to accept mail for
table users file:/etc/mail/users  # User names with their own mailboxes
table password  file:/etc/mail/password   # Passwords for users


# Allow specific users to send messages as specific eMail addresses
#table senders file:/etc/mail/senders

# Configure interface & standards - add 'verify' to tls-require in the future.
listen on egress tls-require hostname mydomain.email
listen on egress smtps hostname mydomain.email
listen on egress port submission tls-require auth 

# Reject troublemakers
reject from source 

# Add other filters here?  

# Accept from "whitelisted" IPs that are slightly misconfigured 
accept from source 

# Receive eMails to addresses in the aliases table.
accept from any for domain  alias  deliver to mbox

# Receive eMails to addresses in the virtual account table.
accept from any for domain  virtual  deliver to mbox

# Receive eMails for local users
accept from any for local deliver to mbox

# Forward incoming eMails (from authenticated users) to their destination.
accept for any relay


The messages from my existing postfix server:

Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: 
to=, relay=mydomain.email[98.76.54.32]:25, delay=2, 
delays=0.01/0.06/1.9/0.05, dsn=5.0.0, status=bounced (host 
mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO 
command))
Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: 
to=, relay=mydomain.email[98.76.54.32]:25, delay=2, 
delays=0.01/0.06/1.9/0.06, dsn=5.0.0, status=bounced (host 
mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO 
command))

And the messages from /var/log/maillog:

Apr 19 03:31:06 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=connected 
address=12.34.56.78 host=olddomain.com
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=starttls 
address=12.34.56.78 host=olddomain.com ciphers="version=TLSv1, 
cipher=DHE-RSA-AES256-SHA, bits=256"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command 
address=12.34.56.78 host=olddomain.com command="RCPT TO: 
ORCPT=rfc822;user1@mydomain.email" result="550 Invalid recipient"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command 
address=12.34.56.78 host=olddomain.com command="RCPT 
TO: ORCPT=rfc822;webmaster@mydomain.email" 
result="550 Invalid recipient"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=closed 
address=12.34.56.78 host=olddomain.com reason=quit

Any assistance and insight would be greatly appreciated, as well as some 
information on how OpenSMTPD treats local users different from aliases and 
virtual accounts.

Thanks.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org