Re: need help

2019-09-30 Thread Joel Carnat 

Le 30/09/2019 15:55, gil...@poolp.org a écrit :

Hello,

I'd like to bring native support for SPF in OpenSMTPD in a future 
release,
but for this I need a bit of help to make sure my SPF resolver works 
fine.


I have created a repository with a standalone executable that performs 
the
SPF lookup and checks if an IP address is allowed to send on behalf of 
the

sending domain:

https://github.com/poolpOrg/spf

https://github.com/poolpOrg/spf/blob/master/README.md


If you could test and report issues, it would be nice,


As much as I can understand it, recursion seem to not work.

Working example:
# dig -t TXT carnat.net
carnat.net. 14314   IN  TXT "v=spf1 mx -all"
# ./spf carnat.net 108.61.176.54
checking if 108.61.176.54 can send for carnat.net: pass
# ./spf carnat.net 157.55.9.128
checking if 157.55.9.128 can send for carnat.net: fail

Not fully working example:
# dig -t TXT outlook.com
outlook.com.600 IN  TXT "v=spf1 
include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 
include:spf.protection.outlook.com include:spf-a.hotmail.com 
include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"

# ./spf outlook.com 157.55.9.128
checking if 157.55.9.128 can send for outlook.com: EXISTS: 0
EXISTS: 0
pass

# dig -t TXT spf-a.hotmail.com
spf-a.hotmail.com.  3600IN  TXT "v=spf1 
ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 
ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 
ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 
ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all"

# ./spf outlook.com 65.54.190.5
checking if 65.54.190.5 can send for outlook.com: EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
EXISTS: 0
soft-fail

Re: How to setup a "clean MTA" in 2019?

2019-04-03 Thread Joel Carnat 
On Wed 03/04 11:36, Gilles Chehade wrote:
> On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote:
> > Hi,
> > 
> 
> Hi,
> 
> > Reading the Internet and looking at actual public DNS records and email
> > headers, there seem to be disagreements regarding the usage of things
> > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and
> > have not been rediscussed recently.
> > 
> > So far, I identified the followings:
> > - MUST: have a proper Reverse DNS
> > - MUST: have a proper HELO/EHLO value (matching DNS)
> > - MAY:  have SPF configured to announce official MTA
> > - MAY:  have DKIM configured to sign outgoing emails
> > - MAY:  have DMARC set with p=none // many MTA won't check
> > - DONT: have DMARC set with p=(quarantine|reject)  // may break things
> > 
> > What would be the recommandations from the OpenSMTPD project as of 2019
> > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are
> > there more things to add to this checklist?
> > 
> > Thank you.
> > 
> 
> No wonder there is no consensus: there's no "right" list, it depends for
> the most part on the reputation of the sender (reputation being trickier
> than just "IP reputation" as most people think) so different people will
> have different experience of what works and what doesn't.
> 
> I will write an in-depth article describing my way of modeling this, but
> in the mean time I'll tell you the following:
> 
> Today, SMTP exchanges rely on a proof of work.
> 
> Some recipient domains require a lot of work from senders, others won't,
> and with that in mind your list of things to setup may differ on who you
> are sending from, who you are sending to, the volumes of mails you send,
> the type of mails you send, etc...
> 
> My very own minimal would be:
> - have a dedicated IP address for mail with correct rDNS and fc-rDNS
> - setup the mta to support TLS (if needed, not the case on OpenSMTPD)
> - setup the mta to use a EHLO name matching DNS for the IP
> - setup SPF
> - setup DKIM
> 
> That would be my very very very very minimum requirements.

Great. Thanks!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

How to setup a "clean MTA" in 2019?

2019-04-02 Thread Joel Carnat 
Hi,

Reading the Internet and looking at actual public DNS records and email
headers, there seem to be disagreements regarding the usage of things
like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and
have not been rediscussed recently.

So far, I identified the followings:
- MUST: have a proper Reverse DNS
- MUST: have a proper HELO/EHLO value (matching DNS)
- MAY:  have SPF configured to announce official MTA
- MAY:  have DKIM configured to sign outgoing emails
- MAY:  have DMARC set with p=none // many MTA won't check
- DONT: have DMARC set with p=(quarantine|reject)  // may break things

What would be the recommandations from the OpenSMTPD project as of 2019
when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are
there more things to add to this checklist?

Thank you.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Joel Carnat 
I own a VPS located in France.

> Le 19 déc. 2018 à 22:41, Chris Bennett  a écrit 
> :
> 
> On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
>> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
>> And, so far, I don’t have any issues sending/receiving mail.
>> 
> 
> I really must have workable email and baremetal
> 
> Right now the second IP I requested is 45.76.27.230
> This is much worse than the first one I also have which is
> 108.61.242.230
> 
> I am using a server in Chicago. Where is yours located?
> Maybe the location is related?
> 
> Other than this problem, I am quite happy. If I can solve this, I will
> move off of my other server, which is stuck on crappy Java KVM.
> I don't have any problem with another location.
> 
> Chris Bennett
> 
> 



smime.p7s
Description: S/MIME cryptographic signature

Re: Vultr has all blacklisted IP's for email

2018-12-19 Thread Joel Carnat 
I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
And, so far, I don’t have any issues sending/receiving mail.

> Le 19 déc. 2018 à 22:09, Chris Bennett  a écrit 
> :
> 
> I was very happy with what I got for a baremetal server at Vultr.
> Unfortunately, even after getting a second IP that was not from the same
> range as the first one, all of these IP ranges, not single IP's, are
> blacklisted in the worst category.
> If you want a web/etc server, great.
> If you want anything to do with email, forget them.
> Shame. I need another baremetal that doesn't have Java KVM.
> Any recommendations?
> 
> Thanks. Looks like anything related to Cloud may be a problem???
> 
> Chris Bennett
> 
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 



smime.p7s
Description: S/MIME cryptographic signature

Re: people using elk / grafana ?

2018-11-09 Thread Joel Carnat 

Le 09/11/2018 17:16, Gilles Chehade a écrit :

HELO,

I'm looking for people that are regular users of ELK / Grafana or 
alike.


I'd like to discuss improvements that can be made to the event 
reporting

mechanism to ease integration with monitoring and alerting tools.

If creating dashboards and alerts is part of your daily routing, ping 
me

so we can talk.



I did experiment quit a few.
Recently I've switched to using syslog-ng+influx ; because ELS+Logstash 
eat

too much mem on my tiny CLoud instance.

@+

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Grabing release from www.opensmtpd.org

2018-10-23 Thread Joel Carnat 

Yep. I ended grabing a tarball from GitHub.
Which worked. My new (simple) conf seem to be ready :)
Thanks.

Le 22/10/2018 20:11, Gilles Chehade a écrit :

We're not ready for the portable release yet so I didn't build the
master release, it is however tagged on GitHub already so you can
download a tarball for tag opensmtpd-6.4.0 there

Gilles

Le 22 oct. 2018 14:18, Matt Schwartz  a
écrit :


I think it's best if you get the sources from OpenBSD CVS.

On Mon, Oct 22, 2018, 8:06 AM Joel Carnat  wrote:


Hi,

On my way to move from 6.0.x to 6.4, I went to www.opensmtpd.org
[1] and
hoped I could get the 6.4 release, build it and test my new
configuration file (before doing the whole obsd 6.3 to 6.4
upgrade).
But... the osmtpd website seem to only offer sources for the 6.0.3

release. Will the website be updated or should I grab the sources
from
openbsd repo ?

Thanks.

--
You received this mail because you are subscribed to
misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org




Links:
--
[1] http://www.opensmtpd.org


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Grabing release from www.opensmtpd.org

2018-10-22 Thread Joel Carnat 

Hi,

On my way to move from 6.0.x to 6.4, I went to www.opensmtpd.org and 
hoped I could get the 6.4 release, build it and test my new 
configuration file (before doing the whole obsd 6.3 to 6.4 upgrade). 
But... the osmtpd website seem to only offer sources for the 6.0.3 
release. Will the website be updated or should I grab the sources from 
openbsd repo ?


Thanks.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpctl: need root privileges

2018-09-25 Thread Joel Carnat 

Le 25/09/2018 14:27, Gilles Chehade a écrit :

On Tue, Sep 25, 2018 at 11:23:59AM +0200, Joel Carnat wrote:

Hi,

(Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4)

I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`.
I configured "_smtpq:*:103:_telegraf" in groups and thought it would 
run.

But I still get:
  # doas -u _telegraf /usr/sbin/smtpctl show stats
  smtpctl: need root privileges

Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) 
still

relevant ?
Is the only way to get stats is to use doas to execute as root ?

Thanks.



Hi,

The thread you're mentionning is no longer relevant, however as of 
today

it is true that statistics are not exposed to users.

I don't know if we should, it requires at least a bit of thinking and 
of

discussion which I think should target the 6.5 release.

In particular, a lot of people are using the smtpctl stats command as 
an
input to reporting utilities and maybe we should provide a better way 
to

do that, and maybe I already have diffs heading in that direction ;)

Gilles


Ok.
I've tried using the _smtpq group too but that explains why it still 
failed.
Telegraf seem to be close-linked to `sudo`. I'll see how to fool it to 
use

`doas`

Thank you.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

smtpctl: need root privileges

2018-09-25 Thread Joel Carnat 

Hi,

(Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4)

I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`.
I configured "_smtpq:*:103:_telegraf" in groups and thought it would 
run.

But I still get:
  # doas -u _telegraf /usr/sbin/smtpctl show stats
  smtpctl: need root privileges

Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still 
relevant ?

Is the only way to get stats is to use doas to execute as root ?

Thanks.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

LDAP and listen on (...) auth authtable

2015-08-02 Thread Joel Carnat 
Hi,

I’ve just discovered than my smtpd/ldapd configuration is not 100% working.
The submission part seem to not do the whole LDAP process to verify password.

I have OpenSMTPD 5.4.4 running on OpenBSD 5.7 amd64.

Here’s my smtpd.conf
# OpenSMTPD configuration
#

table vusers ldap:/etc/mail/ldap.conf
table vdomains ldap:/etc/mail/ldap.conf

pki www.tumfatig.net certificate /etc/ssl/gandi.crt
pki www.tumfatig.net key /etc/ssl/private/gandi.key

listen on lo0
listen on egress tls pki www.tumfatig.net auth-optional
#listen on egress port submission tls-require pki www.tumfatig.net auth
listen on egress port submission tls-require pki www.tumfatig.net auth vusers

accept from any for domain vdomains virtual vusers deliver to lmtp 
/var/dovecot/lmtp

accept from local for any relay

Here’s the ldap.con table
# Mail domains
#
domain_filter   ((objectClass=domain)(dc=%s))
domain_attributes   dc

# SMTP submission / authentication
#
credentials_filter  ((objectClass=posixAccount)(uid=%s))
credentials_attributes  uid,userPassword

# SMTP delivery / IMAP authentication
#
userinfo_filter ((objectClass=posixAccount)(uid=%s))
userinfo_attributes uid,uidNumber,gidNumber,homeDirectory

# SMTP aliases
#
alias_filter((objectClass=nisMailAlias)(cn=%s))
alias_attributesrfc822MailMember

Here’s the error part
smtp-in: Started TLS on session 1d599982ae8ff186: version=TLSv1/SSLv3, 
cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256
debug: lka: authenticating for vusers:ptijo
debug: table_ldap: ldap_query: filter=((objectClass=posixAccount)(uid=ptijo)), 
ret=1
smtp-in: Authentication failed for user ptijo on session 1d599982ae8ff186
smtp-in: Failed command on session 1d599982ae8ff186: AUTH [...] = 535 
Authentication failed
smtp-in: Received disconnect from session 1d599982ae8ff186

Here’s the LDAP debug session log
Aug  2 09:42:01.415 [606] consumed 126 bytes
Aug  2 09:42:01.415 [606] got request type 3, id 13
Aug  2 09:42:01.415 [606] base dn = dc=tumfatig,dc=net, scope = 2
Aug  2 09:42:01.415 [606] requesting 01 access to dc=tumfatig,dc=net by 
cn=service,dc=tumfatig,dc=net, in namespace dc=tumfatig,dc=net
Aug  2 09:42:01.415 [606] init index scan on [objectclass=posixaccount,]
Aug  2 09:42:01.415 [606] found index 
objectclass=posixaccount,uid=ptijo,ou=users,
Aug  2 09:42:01.415 [606] lookup indexed key 
[uid=ptijo,ou=users,dc=tumfatig,dc=net]
Aug  2 09:42:01.415 [606] found dn uid=ptijo,ou=users,dc=tumfatig,dc=net
Aug  2 09:42:01.415 [606] requesting 01 access to 
uid=ptijo,ou=users,dc=tumfatig,dc=net by cn=service,dc=tumfatig,dc=net, in 
namespace dc=tumfatig,dc=net
Aug  2 09:42:01.416 [606] found index objectclass=top,cn=service,
Aug  2 09:42:01.416 [606] scanned past index prefix [objectclass=posixaccount,]
Aug  2 09:42:01.416 [606] 3 scanned, 1 matched, 0 dups
Aug  2 09:42:01.416 [606] sending response 5 with result 0
Aug  2 09:42:01.416 [606] finished search on msgid 13
Aug  2 09:42:02.818 [606] accepted connection from 192.168.0.50 on fd 17
Aug  2 09:42:02.818 [606] ssl_session_init: switching to SSL
Aug  2 09:42:02.818 [606] ssl_session_accept: accepting client
Aug  2 09:42:02.822 [606] ssl_session_accept: accepting client
Aug  2 09:42:02.824 [606] ssl_session_accept: accepted ssl client
Aug  2 09:42:02.824 [606] consumed 14 bytes
Aug  2 09:42:02.824 [606] got request type 0, id 0
Aug  2 09:42:02.824 [606] bind dn = 
Aug  2 09:42:02.824 [606] anonymous bind
Aug  2 09:42:02.824 [606] sending response 1 with result 0
Aug  2 09:42:02.824 [606] consumed 7 bytes
Aug  2 09:42:02.824 [606] got request type 2, id 1
Aug  2 09:42:02.824 [606] current bind dn = (null)
Aug  2 09:42:02.824 [606] end-of-file on connection 17
Aug  2 09:42:02.824 [606] closing connection 17
Aug  2 09:42:02.824 [606] accepted connection from 127.0.0.1 on fd 17
Aug  2 09:42:02.824 [606] consumed 14 bytes
Aug  2 09:42:02.824 [606] got request type 0, id 0
Aug  2 09:42:02.824 [606] bind dn = 
Aug  2 09:42:02.824 [606] anonymous bind
Aug  2 09:42:02.824 [606] sending response 1 with result 0
Aug  2 09:42:02.824 [606] consumed 7 bytes
Aug  2 09:42:02.824 [606] got request type 2, id 1
Aug  2 09:42:02.824 [606] current bind dn = (null)
Aug  2 09:42:02.824 [606] closing connection 17


Seems to me that the lookup is done but not the password check. I would expect 
another bind with the found DN and the password provided by session ; or at 
least a password comparison.

Any idea ?
TIA,
  Jo

Re: Virtual users need to exist in /etc/passwd ?

2015-07-16 Thread Joel Carnat 

 Le 16 juil. 2015 à 20:26, Joerg Jung m...@umaxx.net a écrit :
 
 On Thu, Jul 16, 2015 at 08:09:41PM +0200, Joel Carnat wrote:
 Hi,
 
 I have configured OpenSMTPD 5.4.4 (from OpenBSD 5.7) with virtual LDAP users 
 and LMTP to Dovecot.
 
 table vusers ldap:/etc/mail/ldap.conf
 table vdomains ldap:/etc/mail/ldap.conf
 
 accept from any for domain vdomains virtual vusers deliver to lmtp 
 /var/dovecot/lmtp
 
 If the user id exists in /etc/passwd, the mail is accepted by OpenSMTPD and 
 delivered to dovecot.
 Dovecot only uses LDAP so it doesn???t care about users not being in 
 /etc/passwd since they exist un LDAP ; tested using direct telnet on LMTP 
 port.
 
 If the user id does not exist in /etc/passwd (but exists in LDAP), the mail 
 gets rejected by OpenSMTPD with error + 550 Invalid recipient ;.
 
 Is this expected or does it reflect a miss-configuration on the LDAP size ?
 Sounds weird to me that virtual user must exist in /etc/passwd :)
 
 AFAIK, this is by design, deliver to ... expects a local system user.
 As workaround, you might use a userbase table (see smtpd.conf(5)) to map
 all your virtual users to a single (fake) system users.  Also, you might
 play with deliver to lda instead of lmtp.
 

OK, I’ll dig the LDA ; although Dovecot seem to recommend LTMP over LDA.

Thanks.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table config examples for LDAP

2014-11-04 Thread Joel Carnat 
+1

Never got it working here :'-(

--
e-mail different

 Le 3 nov. 2014 à 16:58, Barbier, Jason jab...@serversave.us a écrit :
 
 hey I saw a few people out there with successful LDAP setups, could anyone be 
 nice enough to drop me their LDAP table config. I want to see if I can get it 
 going and maybe get the man page written for it so others don't have to ask.
 
 -- 
 Jason Barbier | jab...@serversave.us
 Pro Patria Vigilans

Re: interested in LDAP ?

2014-09-29 Thread Joel Carnat 
Le 29 sept. 2014 à 21:31, Gilles Chehade gil...@poolp.org a écrit :

 On Fri, Sep 26, 2014 at 04:02:45PM +0200, Joel Carnat wrote:
 Couldn't be there at that time, unfortunately.
 Yet, I'm having a look again at, this time, OpenBSD 5.5 / OpenSMTPD 5.4.2 
 and I still can't have it working.
 
 I already noticed smtpd will fail/crash if no index is done in LDAP server 
 (seen using OpenLDAP and OpenBSD ldapd).
 But smtpd is still dying after the ldap match.
 debug: table-ldap: reading key url - ldap://localhost;
 debug: table-ldap: reading key username - cn=admin,dc=tumfatig,dc=net
 debug: table-ldap: reading key password - secret
 debug: table-ldap: reading key basedn - ou=users,dc=tumfatig,dc=net
 debug: table-ldap: reading key userinfo_filter - 
 ((objectClass=inetOrgPerson)(mail=%s))
 debug: table-ldap: parsing attribute userinfo_attributes (4) - mail
 debug: table-ldap: reading key alias_filter - 
 ((objectClass=inetOrgPerson)(mail=%s))
 debug: table-ldap: parsing attribute alias_attributes (1) - mail
 debug: table-ldap: done reading config
 debug: smtp: listen on 192.168.59.131 port 25 flags 0x0 pki 
 debug: smtp: listen on IPv6:fe80::20c:29ff:fef1:283d%vic0 port 25 flags 0x0 
 pki 
 debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
 debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
 debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
 debug: smtp: will accept at most 500 clients
 debug: table-ldap: ldap server accepted credentials
 debug: table-ldap: connected
 debug: smtpd: scanning offline queue...
 debug: smtpd: offline scanning done
 debug: smtp: new client on listener: 0x8ee2a66700
 smtp-in: New session d672dd667db0a9ba from host 0@localhost [local]
 debug: table_ldap_internal_query: 
 filter=((objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1
 Segmentation fault 
 warn: table-proc: pipe closed
 fatal: table-proc: exiting
 warn: smtp - lka: pipe closed
 warn: parent - lka: pipe closed
 warn: mfa - smtp: pipe closed
 warn: mda - lka: pipe closed
 warn: mta - lka: pipe closed
 warn: control - lka: pipe closed
 # warn: queue - lka: pipe closed
 warn: scheduler - control: pipe closed
 
 There's probably a misconfiguration on my smtpd.conf.
 But I'd be available for an IRC debug sequence tonight, if wished/available 
 :)
 
 Le 19 mai 2014 ? 10:52, Gilles Chehade gil...@poolp.org a ?crit :
 
 ohai,
 
 if you're interested in getting LDAP fixed, I plan a debugging session
 this Thusrday at 7PM (Europe/Paris) on IRC: #opensmtpd @ freenode
 
 im willing to stay working on it as long as it takes for all crashes to
 go, but given that im not an LDAP user and not too familiar with it, I
 would love to have some LDAP users around ;-)
 
 
 I'll be around tomorrow and after tomorrow evening with spare time in
 my hands ;-)

Will have some time next Wednesday. I'll poke you on #opensmtpd around 9pm then 
:)


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: interested in LDAP ?

2014-09-26 Thread Joel Carnat 
Couldn't be there at that time, unfortunately.
Yet, I'm having a look again at, this time, OpenBSD 5.5 / OpenSMTPD 5.4.2 and I 
still can't have it working.

I already noticed smtpd will fail/crash if no index is done in LDAP server 
(seen using OpenLDAP and OpenBSD ldapd).
But smtpd is still dying after the ldap match.
debug: table-ldap: reading key url - ldap://localhost;
debug: table-ldap: reading key username - cn=admin,dc=tumfatig,dc=net
debug: table-ldap: reading key password - secret
debug: table-ldap: reading key basedn - ou=users,dc=tumfatig,dc=net
debug: table-ldap: reading key userinfo_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute userinfo_attributes (4) - mail
debug: table-ldap: reading key alias_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute alias_attributes (1) - mail
debug: table-ldap: done reading config
debug: smtp: listen on 192.168.59.131 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:fe80::20c:29ff:fef1:283d%vic0 port 25 flags 0x0 pki 

debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
debug: smtp: will accept at most 500 clients
debug: table-ldap: ldap server accepted credentials
debug: table-ldap: connected
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x8ee2a66700
smtp-in: New session d672dd667db0a9ba from host 0@localhost [local]
debug: table_ldap_internal_query: 
filter=((objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1
Segmentation fault 
warn: table-proc: pipe closed
fatal: table-proc: exiting
warn: smtp - lka: pipe closed
warn: parent - lka: pipe closed
warn: mfa - smtp: pipe closed
warn: mda - lka: pipe closed
warn: mta - lka: pipe closed
warn: control - lka: pipe closed
# warn: queue - lka: pipe closed
warn: scheduler - control: pipe closed

There's probably a misconfiguration on my smtpd.conf.
But I'd be available for an IRC debug sequence tonight, if wished/available :)

Le 19 mai 2014 à 10:52, Gilles Chehade gil...@poolp.org a écrit :

 ohai,
 
 if you're interested in getting LDAP fixed, I plan a debugging session
 this Thusrday at 7PM (Europe/Paris) on IRC: #opensmtpd @ freenode
 
 im willing to stay working on it as long as it takes for all crashes to
 go, but given that im not an LDAP user and not too familiar with it, I
 would love to have some LDAP users around ;-)
 
 -- 
 Gilles Chehade
 
 https://www.poolp.org  @poolpOrg
 
 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: postgres and ldap backends

2014-03-05 Thread Joel Carnat 
 indexed key 
[mail=j...@foo.net,ou=users,ou=foo.net,dc=local]
Mar  5 17:57:39.356 [20646] found dn 
mail=j...@foo.net,ou=users,ou=foo.net,dc=local
Mar  5 17:57:39.356 [20646] requesting 01 access to 
mail=j...@foo.net,ou=users,ou=foo.net,dc=local by cn=email,ou=users,dc=local, 
in namespace dc=local
Mar  5 17:57:39.356 [20646] found index 
mail=maria...@bar.net,mail=maria...@bar.net,ou=users,ou=bar.net,
Mar  5 17:57:39.356 [20646] scanned past index prefix [mail=j...@foo.net,]
Mar  5 17:57:39.357 [20646] 1 scanned, 1 matched, 0 dups
Mar  5 17:57:39.357 [20646] sending response 5 with result 0
Mar  5 17:57:39.357 [20646] finished search on msgid 2
Mar  5 17:57:39.357 [20646] end-of-file on connection 12
Mar  5 17:57:39.357 [20646] closing connection 12

### THE LDAP CLIENT
# ldapsearch -H ldap://127.0.0.1 -D cn=email,ou=users,dc=local -w vierge -b 
dc=local ((objectClass=inetOrgPerson)(mail=j...@foo.net))
(...)
dn: mail=j...@foo.net,ou=users,ou=foo.net,dc=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Joel Carnat
sn: Carnat
givenName: Joel
mail: j...@foo.net
userPassword:: dmllcmdl

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Le 5 mars 2014 à 10:27, Gilles Chehade gil...@poolp.org a écrit :

 Well, first question first, does it work for you ? :-)
 
 On Wed, Mar 05, 2014 at 07:59:27AM +0100, Joel Carnat wrote:
 Will for LDAP here. :)
 Feel free to MP. French or English.
 
 --
 e-mail different
 
 Le 5 mars 2014 ?? 02:35, Gilles Chehade gil...@poolp.org a ??crit :
 
 Hi,
 
 We have just released a minor stable version and hopefully we should not
 see another minor release before OpenSMTPD 5.5.0 comes out several weeks
 from now.
 
 In the meantime, I'd like to stabilize table_ldap and table_postgres, so
 we could *maybe* stop shipping them as experimental with our next big
 release.
 
 If people willing to use ldap or postgres could get in touch with me, it
 would be nice ;-)
 
 -- 
 Gilles Chehade
 
 https://www.poolp.org  @poolpOrg
 
 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 
 --
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 
 -- 
 Gilles Chehade
 
 https://www.poolp.org  @poolpOrg
 
 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: postgres and ldap backends

2014-03-05 Thread Joel Carnat 

Le 5 mars 2014 à 18:10, Gilles Chehade gil...@poolp.org a écrit :

 can you start smtpd with -dv -T lookup -T table ?
 this should provide a bit more information about the ldap lookup
 yup.

# smtpd -dv -T lookup -T table 
debug: init ssl-tree
info: OpenSMTPD 5.4.2 starting
debug: bounce warning after 4h
debug: using fs queue backend
debug: using ramqueue scheduler backend
debug: using ram stat backend
info: startup [debug mode]
debug: queue: done loading queue into scheduler
debug: parent_send_config_ruleset: reloading
debug: parent_send_config_mfa: reloading
debug: parent_send_config: configuring smtp
TABLE anydestination type=LIST config=
*
bagheera
TABLE anyhost type= config=
0.0.0.0/0
::/0
local
TABLE dynamic:0 type=LIST config=
foo.net
TABLE getpwnam type=DYNAMIC config=
TABLE localhost type= config=
127.0.0.1
192.168.0.128
ipv6:::1
ipv6:fe80::1%lo0
ipv6:fe80::20c:29ff:fe08:7d50%em0
local
TABLE localnames type=LIST config=
bagheera.local
localhost
TABLE aliases type=DYNAMIC config=/etc/mail/aliases.db
TABLE relay-hosts type=DYNAMIC config=/etc/mail/relay-hosts.db
TABLE virtual-domains type=DYNAMIC config=/etc/mail/virtual-domains.db
TABLE virtual-users type=DYNAMIC config=/usr/libexec/smtpd/table-ldap 
/etc/mail/virtual-users.conf
mfa: building simple chains...
mfa: building complex chains...
mfa: done building complex chains
mfa: done building default chain
debug: mfa ready
debug: table-ldap: reading key url - ldap://127.0.0.1;
debug: table-ldap: reading key username - cn=email,ou=users,dc=local
debug: table-ldap: reading key password - vierge
debug: table-ldap: reading key basedn - dc=local
debug: table-ldap: reading key userinfo_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute userinfo_attributes (4) - mail
debug: table-ldap: reading key credentials_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute credentials_attributes (2) - 
mail,userPassword
debug: table-ldap: reading key alias_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute alias_attributes (1) - mail
debug: table-ldap: done reading config
debug: table-ldap: ldap server accepted credentials
debug: table-ldap: connected
debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 pki 

debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki 
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
debug: smtp: will accept at most 500 clients
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x98551cb9000
smtp-in: New session ce7f1f365cb16f30 from host 192.168.0.21 [192.168.0.21]
lookup: check 192.168.0.21 as NETADDR in table static:localhost - 0
lookup: check 192.168.0.21 as NETADDR in table db:relay-hosts - found
lookup: check foo.net as DOMAIN in table static:anydestination - found
debug: 0x9854d6bd000: end of message, msgflags=0x
smtp-in: Accepted message 30972eb5 on session ce7f1f365cb16f30: 
from=j...@carnat.net, to=j...@foo.net, size=5, ndest=1, proto=SMTP
debug: scheduler: evp:30972eb53e98e2d4 scheduled (mta)
debug: mta: received evp:30972eb53e98e2d4 for j...@foo.net
debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying MX for [relay:foo.net]...
debug: mta: [relay:foo.net] waiting for MX
debug: MXs for domain foo.net:
192.168.0.128 preference 10
debug: mta: ... got mx (0x98545ea7420, foo.net, [relay:foo.net])
debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying source for [relay:foo.net]...
debug: mta: ... got source for [relay:foo.net]: []
debug: mta: new [connector:[]-[relay:foo.net],0x1]
debug: mta: connecting with [connector:[]-[relay:foo.net],0x0]
debug: mta-routing: searching new route for 
[connector:[]-[relay:foo.net],0x0]...
debug: mta-routing: selecting candidate route [] - 192.168.0.128
debug: mta-routing: spawning new connection on [] - 192.168.0.128
debug: mta: 0x985504b5c00: spawned for relay [relay:foo.net]
debug: mta: connecting with [connector:[]-[relay:foo.net],0x0]
debug: mta: cannot use [relay:foo.net] before 2s
debug: mta-routing: no route available for [connector:[]-[relay:foo.net],0x0]: 
must wait a bit
debug: mta: retrying to connect on [connector:[]-[relay:foo.net],0x0] in 2s...
debug: mta: draining [relay:foo.net] refcount=3, ntask=1, nconnector=1, nconn=1
debug: mta: scheduling relay [relay:foo.net] in 1s...
smtp-out: Connecting to smtp+tls://192.168.0.128:25 (bagheera.local.) on 
session a477a901ccc2e17c...
debug: smtp: new client on listener: 0x98551cb9000
smtp-out: Connected on session a477a901ccc2e17c
smtp-in: New session ce7f1f374e6767ab from host

Re: postgres and ldap backends

2014-03-05 Thread Joel Carnat 
Unfortunately, real life take precedence tonight ;-)

I may find time to connect tomorrow during work-day. Or a bit late in the 
evening.
Although it's been tenths of years since I ran an IRC client on my laptop ;-)

Le 5 mars 2014 à 18:42, Gilles Chehade gil...@poolp.org a écrit :

 if you can come on irc and stay for a while, i can kill this one
 by tonight
 
 On Wed, Mar 05, 2014 at 06:22:04PM +0100, Joel Carnat wrote:
 
 Le 5 mars 2014 ? 18:10, Gilles Chehade gil...@poolp.org a ?crit :
 
 can you start smtpd with -dv -T lookup -T table ?
 this should provide a bit more information about the ldap lookup
 yup.
 
 # smtpd -dv -T lookup -T table 
 debug: init ssl-tree
 info: OpenSMTPD 5.4.2 starting
 debug: bounce warning after 4h
 debug: using fs queue backend
 debug: using ramqueue scheduler backend
 debug: using ram stat backend
 info: startup [debug mode]
 debug: queue: done loading queue into scheduler
 debug: parent_send_config_ruleset: reloading
 debug: parent_send_config_mfa: reloading
 debug: parent_send_config: configuring smtp
 TABLE anydestination type=LIST config=
*
bagheera
 TABLE anyhost type= config=
0.0.0.0/0
::/0
local
 TABLE dynamic:0 type=LIST config=
foo.net
 TABLE getpwnam type=DYNAMIC config=
 TABLE localhost type= config=
127.0.0.1
192.168.0.128
ipv6:::1
ipv6:fe80::1%lo0
ipv6:fe80::20c:29ff:fe08:7d50%em0
local
 TABLE localnames type=LIST config=
bagheera.local
localhost
 TABLE aliases type=DYNAMIC config=/etc/mail/aliases.db
 TABLE relay-hosts type=DYNAMIC config=/etc/mail/relay-hosts.db
 TABLE virtual-domains type=DYNAMIC config=/etc/mail/virtual-domains.db
 TABLE virtual-users type=DYNAMIC config=/usr/libexec/smtpd/table-ldap 
 /etc/mail/virtual-users.conf
 mfa: building simple chains...
 mfa: building complex chains...
 mfa: done building complex chains
 mfa: done building default chain
 debug: mfa ready
 debug: table-ldap: reading key url - ldap://127.0.0.1;
 debug: table-ldap: reading key username - cn=email,ou=users,dc=local
 debug: table-ldap: reading key password - vierge
 debug: table-ldap: reading key basedn - dc=local
 debug: table-ldap: reading key userinfo_filter - 
 ((objectClass=inetOrgPerson)(mail=%s))
 debug: table-ldap: parsing attribute userinfo_attributes (4) - mail
 debug: table-ldap: reading key credentials_filter - 
 ((objectClass=inetOrgPerson)(mail=%s))
 debug: table-ldap: parsing attribute credentials_attributes (2) - 
 mail,userPassword
 debug: table-ldap: reading key alias_filter - 
 ((objectClass=inetOrgPerson)(mail=%s))
 debug: table-ldap: parsing attribute alias_attributes (1) - mail
 debug: table-ldap: done reading config
 debug: table-ldap: ldap server accepted credentials
 debug: table-ldap: connected
 debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 
 pki 
 debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki 
 debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
 debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
 debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
 debug: smtp: will accept at most 500 clients
 debug: smtpd: scanning offline queue...
 debug: smtpd: offline scanning done
 debug: smtp: new client on listener: 0x98551cb9000
 smtp-in: New session ce7f1f365cb16f30 from host 192.168.0.21 [192.168.0.21]
 lookup: check 192.168.0.21 as NETADDR in table static:localhost - 0
 lookup: check 192.168.0.21 as NETADDR in table db:relay-hosts - found
 lookup: check foo.net as DOMAIN in table static:anydestination - found
 debug: 0x9854d6bd000: end of message, msgflags=0x
 smtp-in: Accepted message 30972eb5 on session ce7f1f365cb16f30: 
 from=j...@carnat.net, to=j...@foo.net, size=5, ndest=1, proto=SMTP
 debug: scheduler: evp:30972eb53e98e2d4 scheduled (mta)
 debug: mta: received evp:30972eb53e98e2d4 for j...@foo.net
 debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, 
 nconn=0
 debug: mta: querying MX for [relay:foo.net]...
 debug: mta: [relay:foo.net] waiting for MX
 debug: MXs for domain foo.net:
192.168.0.128 preference 10
 debug: mta: ... got mx (0x98545ea7420, foo.net, [relay:foo.net])
 debug: mta: draining [relay:foo.net] refcount=1, ntask=1, nconnector=0, 
 nconn=0
 debug: mta: querying source for [relay:foo.net]...
 debug: mta: ... got source for [relay:foo.net]: []
 debug: mta: new [connector:[]-[relay:foo.net],0x1]
 debug: mta: connecting with [connector:[]-[relay:foo.net],0x0]
 debug: mta-routing: searching new route for 
 [connector:[]-[relay:foo.net],0x0]...
 debug: mta-routing: selecting candidate route [] - 192.168.0.128
 debug: mta-routing: spawning new connection on [] - 192.168.0.128
 debug: mta: 0x985504b5c00: spawned for relay [relay:foo.net]
 debug: mta: connecting with [connector:[]-[relay:foo.net],0x0]
 debug: mta: cannot use [relay:foo.net] before 2s
 debug: mta-routing: no route available

SegFault with OpenSMTPD 5.4.1 on OpenBSD 5.4 amd64

2014-02-28 Thread Joel Carnat 
Hi,

(Can't believe I'm so unlucky with that daemon...)
I'm having a try with osmtpd 5.4.1 on obsd 5.4/amd64.
It was compiled locally from opensmtpd-5.4.1.tar.gz.

Virtual users table is hosted in (localhost openbsd native) LDAP.
OpenSMTPD connects properly to LDAP but badly quits when getting a mail.

# smtpd -dvv
debug: init ssl-tree
info: OpenSMTPD 5.4.1 starting
debug: bounce warning after 4h
debug: using fs queue backend
debug: using ramqueue scheduler backend
debug: using ram stat backend
info: startup [debug mode]
debug: parent_send_config_ruleset: reloading
debug: parent_send_config_mfa: reloading
debug: parent_send_config: configuring smtp
mfa: building simple chains...
debug: queue: done loading queue into scheduler
mfa: building complex chains...
mfa: done building complex chains
mfa: done building default chain
debug: mfa ready
debug: smtp: listen on IPv6:fe80::20c:29ff:fe08:7d50%em0 port 25 flags 0x0 pki 

debug: table-ldap: reading key url - ldap://127.0.0.1;
debug: table-ldap: reading key username - cn=email,ou=users,dc=local
debug: table-ldap: reading key password - vierge
debug: table-ldap: reading key basedn - dc=local
debug: table-ldap: reading key alias_filter - 
((objectClass=inetOrgPerson)(mail=%s))
debug: table-ldap: parsing attribute alias_attributes (1) - mail
debug: table-ldap: done reading config
debug: smtp: listen on 192.168.0.128 port 25 flags 0x0 pki 
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 pki 
debug: smtp: listen on IPv6:::1 port 25 flags 0x0 pki 
debug: smtp: will accept at most 500 clients
debug: table-ldap: ldap server accepted credentials
debug: table-ldap: connected
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x181d06b4d000
smtp-in: New session 2851bd0c7505cf16 from host 192.168.0.21 [192.168.0.21]
debug: table_ldap_internal_query: 
filter=((objectClass=inetOrgPerson)(mail=j...@foo.net)), ret=1
Segmentation fault 
warn: table-proc: pipe closed
fatal: table-proc: exiting
warn: smtp - lka: pipe closed
warn: mda - lka: pipe closed
warn: control - lka: pipe closed
warn: mta - lka: pipe closed
warn: mfa - smtp: pipe closed
warn: scheduler - control: pipe closed
warn: parent - lka: pipe closed
warn: queue - lka: pipe closed

On the client side, I had:
# telnet 192.168.0.128 25
Trying 192.168.0.128...
Connected to 192.168.0.128.
Escape character is '^]'.
220 bagheera.local. ESMTP OpenSMTPD
helo macbook
250 bagheera.local. Hello macbook [192.168.0.21], pleased to meet you
mail from: j...@carnat.net
250 Ok
rcpt to: j...@foo.net
Connection closed by foreign host.

A manual LDAP request does work:
# ldapsearch -H ldap://127.0.0.1 -D cn=email,ou=users,dc=local -w vierge -b 
dc=local ((objectClass=inetOrgPerson)(mail=j...@foo.net))
(...)
# j...@foo.net, users, foo.net, local
dn: mail=j...@foo.net,ou=users,ou=foo.net,dc=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Joel Carnat
sn: Carnat
givenName: Joel
mail: j...@foo.net
userPassword:: dmllcmdl
(...)

A bit of configuration ?
# egrep -v '^$|^#' /etc/mail/smtpd.conf.local
lan_addr = 192.168.0.128
listen on all
table aliases db:/etc/mail/aliases.db
table relay-hosts db:/etc/mail/relay-hosts.db
table virtual-domains db:/etc/mail/virtual-domains.db
table virtual-users ldap:/etc/mail/virtual-users.conf
accept for domain foo.net virtual virtual-users deliver to maildir 
/home/vmail/
accept from source relay-hosts for any relay

# egrep -v '^$|^#' /etc/mail/virtual-users.conf
url ldap://127.0.0.1
usernamecn=email,ou=users,dc=local
passwordvierge
basedn  dc=local
alias_filter((objectClass=inetOrgPerson)(mail=%s))
alias_attributesmail

Any thoughts?
TIA,
  Joe
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPD in OpenBSD

2013-11-08 Thread Joel Carnat 
Hi,

I was looking at opensmtpd in brand new openbsd 5.4 and it seems not to be as 
fresh as the one in /archives/.
I also had a look at the Web CVS of OpenBSD and, as far as I understood it, 
opensmtpd seem to not be synced in the release tree but rather in the 
current one.

Am I wrong or do one have to rather use /archives/ to be able to get the 
required latest fixes on opensmtpd ?

Thanks.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD in OpenBSD

2013-11-08 Thread Joel Carnat 
Le 8 nov. 2013 à 19:21, Bryan Vyhmeister br...@bsdjournal.net a écrit :
snip
 
 So since OpenBSD X.X is released, the only way to get new featured or
 bug corrected OpenSMTPD is either use OpenBSD HEAD or OpenSMTPD
 snapshots, right?
 
 That's correct. I ran into an obscure bug only triggered by spam-sending
 mail hosts with super long commands but it was a bug and, when I
 reported it, it was fixed in a couple of hours and in a snapshot right
 away and so I have been running OpenSMTPD snapshots with success ever
 since. I can't ask for better than that from the developers.

OK, let's go for it this way :)
Thanks!
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD in OpenBSD

2013-11-08 Thread Joel Carnat 

Le 8 nov. 2013 à 19:50, Gilles Chehade gilles.cheh...@gmail.com a écrit :

 We have taken a wrong path by trying to synchronize our releases with OpenBSD.
 
 This is why you guys are confused now, OpenBSD 5.4 was tagged a while ago and 
 OpenSMTPD was tagged at the same time and so it ships with a version that is 
 very close to 5.3.3 but which isn't really 5.3.3 nor what we want to release 
 for our next major.
 
 Long story short:
 
 You should always run our stable version which is advertised on our website 
 since that's always going to be the last stable one.
 We have decided to rework how we do our releases so that it removes all the 
 confusion from the last few months.
 
 Very soon, we will release 5.4.1, which will be our first stable release for 
 5.4.

Right. That's why the website still refers to 5.3.3.
I thought it was just not up to date :)

BTW, the footer says Copyright © 2012 OpenBSD. Shouldn't it mention 2013 too?

 When OpenBSD will tag 5.5, we will not rush to tag OpenSMTPD 5.5 but simply 
 ship our latest known stable 5.4.x, this way no more bastard versions.
 
 Gilles
 
 
 2013/11/8 Joel Carnat j...@carnat.net
 Le 8 nov. 2013 à 19:21, Bryan Vyhmeister br...@bsdjournal.net a écrit :
 snip
 
  So since OpenBSD X.X is released, the only way to get new featured or
  bug corrected OpenSMTPD is either use OpenBSD HEAD or OpenSMTPD
  snapshots, right?
 
  That's correct. I ran into an obscure bug only triggered by spam-sending
  mail hosts with super long commands but it was a bug and, when I
  reported it, it was fixed in a couple of hours and in a snapshot right
  away and so I have been running OpenSMTPD snapshots with success ever
  since. I can't ask for better than that from the developers.
 
 OK, let's go for it this way :)
 Thanks!
 --
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Dealing with virtual aliases and nodes

2013-10-15 Thread Joel Carnat 
Le 15 oct. 2013 à 09:59, Gilles Chehade gil...@poolp.org a écrit :

 On Thu, Oct 10, 2013 at 05:27:40PM +0200, Joel Carnat wrote:
 Hi,
 
 Before being able to post my CONFIG PR0N, I need to finish it. And it's 
 ready, yet :)
 
 I want an email to be splited trough various final recipients.
 Bits of config:
  (...)
  table vusers /etc/mail/virtual-users.txt
  (..)
  accept for domain vdoms virtual vusers deliver to maildir 
 /home/vmail/%{dest.domain}/%{dest.user}/
  (...)
 
 
 If I fill the virtual user base with:
  cont...@foo.net m...@foo.net
 The log will be:
  smtp-in: New session bb26c6cd from host 0@localhost [local]
  debug: aliases_virtual_get: 'cont...@foo.net' resolved to 1 nodes
  debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes
  (...)
  delivery: Ok for ffcdf782fe8ffea4: from=r...@openbsd.tumfatig.net, 
 to=m...@foo.net, rcpt=cont...@foo.net, user=vmail, method=maildir, 
 delay=0s, stat=Delivered
 
 If I fill the virtual user base with:
  cont...@foo.net m...@foo.net,s...@foo.net
 The log will be:
  smtp-in: New session b6ac6f0b from host 0@localhost [local]
  debug: aliases_virtual_get: 'cont...@foo.net' resolved to 2 nodes
  debug: aliases_virtual_get: 's...@foo.net' resolved to 1 nodes
  debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes
  (...)
  delivery: Ok for e7f8941b403237a4: from=r...@openbsd.tumfatig.net, 
 to=s...@foo.net, rcpt=cont...@foo.net, user=vmail, method=maildir, 
 delay=0s, stat=Delivered
 
 In both case, I only get one delivery when I expected two in the second case.
 Is there a way to achieve this kinda of split distribution?
 
 
 What version are you using ?
 
 This is strange because it is exactly what we do for some accounts such
 as secur...@opensmtpd.org
 
 Can you provide more log ?
 

I use smtpd shipping with OpenBSD 5.4 (Oct. 4th).
Find the log attached.



smtpd.log.gz
Description: GNU Zip compressed data

Re: Dealing with virtual aliases and nodes

2013-10-15 Thread Joel Carnat 
Le 15 oct. 2013 à 10:14, Gilles Chehade gil...@poolp.org a écrit :
snip ; sorry for the previous HTML mail
 
 can you also mail me full config and full tables, something might be missing 
 for me to troubleshoot
 

### CONFIG
listen on all

table trustnet { 127.0.0.1, 192.168.0.0/24 }

table vdoms /etc/mail/virtual-domains.txt
table bdoms /etc/mail/backup-domains.txt
table valiases /etc/mail/virtual-aliases.txt
table vusers /etc/mail/virtual-users.txt

accept for domain vdoms virtual vusers deliver to maildir 
/home/vmail/%{dest.domain}/%{dest.user}/
accept for any alias valiases deliver to mbox

accept from trustnet for any relay via smtp://smtp.free.fr

### /etc/mail/virtual-domains.txt
foo.net

### /etc/mail/virtual-aliases.txt
postmaster: root
abuse:  root
hostmaster: root
webmaster:  root
root:   m...@foo.net

### /etc/mail/virtual-users.txt
m...@foo.net  vmail
s...@foo.net vmail
cont...@foo.net m...@foo.net,s...@foo.net

Maybe there's a need to explain what I want to achieve.
- Deal with two domain names and one backup/secondary MX domain name
- Store email accounts in LDAP (later on ; right now, I'm just trying to 
dispatch users/alias in flat files)
- Do not bind email account to real system user (so using vmail as a 
generic/common user)
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Dealing with virtual aliases and nodes

2013-10-10 Thread Joel Carnat 
Hi,

Before being able to post my CONFIG PR0N, I need to finish it. And it's ready, 
yet :)

I want an email to be splited trough various final recipients.
Bits of config:
  (...)
  table vusers /etc/mail/virtual-users.txt
  (..)
  accept for domain vdoms virtual vusers deliver to maildir 
/home/vmail/%{dest.domain}/%{dest.user}/
  (...)

If I fill the virtual user base with:
  cont...@foo.net   m...@foo.net
The log will be:
  smtp-in: New session bb26c6cd from host 0@localhost [local]
  debug: aliases_virtual_get: 'cont...@foo.net' resolved to 1 nodes
  debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes
  (...)
  delivery: Ok for ffcdf782fe8ffea4: from=r...@openbsd.tumfatig.net, 
to=m...@foo.net, rcpt=cont...@foo.net, user=vmail, method=maildir, 
delay=0s, stat=Delivered

If I fill the virtual user base with:
  cont...@foo.net   m...@foo.net,s...@foo.net
The log will be:
  smtp-in: New session b6ac6f0b from host 0@localhost [local]
  debug: aliases_virtual_get: 'cont...@foo.net' resolved to 2 nodes
  debug: aliases_virtual_get: 's...@foo.net' resolved to 1 nodes
  debug: aliases_virtual_get: 'm...@foo.net' resolved to 1 nodes
  (...)
  delivery: Ok for e7f8941b403237a4: from=r...@openbsd.tumfatig.net, 
to=s...@foo.net, rcpt=cont...@foo.net, user=vmail, method=maildir, 
delay=0s, stat=Delivered

In both case, I only get one delivery when I expected two in the second case.
Is there a way to achieve this kinda of split distribution?

TIA,
Jo
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

MySQL support in 5.3.3 or 5.4 ?

2013-10-04 Thread Joel Carnat 
Hi,

Do OpenSMTPD 5.4 (shipping with OpenBSD 5.4-snapshot) or 5.3.3 come with 
support for mysql backend?
I found a reference for table_mysql on the Git but when configuring my smtpd 
and starting it, it goes:
  smtpd: table_create: backend mysql does not exist

The configuration line was:
  table vusers   mysql:/etc/mail/virtual-users.sql

Thanks.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: CONFIG PR0N !?

2013-10-03 Thread Joel Carnat 

Le 3 oct. 2013 à 16:54, Gilles Chehade gil...@poolp.org a écrit :

 On Thu, Oct 03, 2013 at 04:50:27PM +0200, Gilles Chehade wrote:
 OHAI !
 
 Today is CONFIG PR0N !? day
 
 Please share your config files in this thread ;-)
 
 
 pki mx1.poolp.org certificate /etc/ssl/mx1.poolp.org.crt
 pki mx1.poolp.org key /etc/ssl/private/mx1.poolp.org.key
 
 pki mail.poolp.org certificate /etc/ssl/mail.poolp.org.crt
 pki mail.poolp.org key /etc/ssl/private/mail.poolp.org.key
 
 listen on lo0
 listen on lo0 port 10029 tag DKIM
 listen on egress secure pki mx1.poolp.org hostname mx1.poolp.org
 listen on egress port submission tls pki mail.poolp.org auth hostname 
 mail.poolp.org
 
 table sources   { 88.190.237.114 }
 table helonames { 88.190.237.114 = mx1.poolp.org }
 
 table aliases   /etc/mail/smtpd/aliases
 table pdomains  /etc/mail/smtpd/primary-domains
 table vdomains  /etc/mail/smtpd/virtual-domains
 table vusers/etc/mail/smtpd/virtual-users
 table bdomains  /etc/mail/smtpd/backup-domains
 
 accept for local alias aliases deliver to maildir
 accept from any for domain pdomains alias aliases deliver to maildir
 accept from any for domain vdomains virtual vusers deliver to maildir
 accept from any for domain bdomains relay backup mx1.poolp.org
 
 accept tagged DKIM for any relay source sources hostnames helonames
 accept for any relay via smtp://127.0.0.1:10028
 

Unless it's too pr0ny, shall we get contents from tables too please? :)
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: CONFIG PR0N !?

2013-10-03 Thread Joel Carnat 
Le 3 oct. 2013 à 17:12, Gilles Chehade gil...@poolp.org a écrit :

 On Thu, Oct 03, 2013 at 05:06:22PM +0200, Joel Carnat wrote:
 
 Le 3 oct. 2013 ? 16:54, Gilles Chehade gil...@poolp.org a ?crit :
 
 On Thu, Oct 03, 2013 at 04:50:27PM +0200, Gilles Chehade wrote:
 OHAI !
 
 Today is CONFIG PR0N !? day
 
 Please share your config files in this thread ;-)
 
 
 pki mx1.poolp.org certificate /etc/ssl/mx1.poolp.org.crt
 pki mx1.poolp.org key /etc/ssl/private/mx1.poolp.org.key
 
 pki mail.poolp.org certificate /etc/ssl/mail.poolp.org.crt
 pki mail.poolp.org key /etc/ssl/private/mail.poolp.org.key
 
 listen on lo0
 listen on lo0 port 10029 tag DKIM
 listen on egress secure pki mx1.poolp.org hostname mx1.poolp.org
 listen on egress port submission tls pki mail.poolp.org auth hostname 
 mail.poolp.org
 
 table sources   { 88.190.237.114 }
 table helonames { 88.190.237.114 = mx1.poolp.org }
 
 table aliases   /etc/mail/smtpd/aliases
 table pdomains  /etc/mail/smtpd/primary-domains
 table vdomains  /etc/mail/smtpd/virtual-domains
 table vusers/etc/mail/smtpd/virtual-users
 table bdomains  /etc/mail/smtpd/backup-domains
 
 accept for local alias aliases deliver to maildir
 accept from any for domain pdomains alias aliases deliver to maildir
 accept from any for domain vdomains virtual vusers deliver to maildir
 accept from any for domain bdomains relay backup mx1.poolp.org
 
 accept tagged DKIM for any relay source sources hostnames helonames
 accept for any relay via smtp://127.0.0.1:10028
 
 
 Unless it's too pr0ny, shall we get contents from tables too please? :)
 
 
 Too pr0ny, but they don't have anything funky, they're basic tables ;-)
 
 pdomains, vdomains and bdomains contain lists of domains, one per line,
 for respectively Primary domains, Virtual domains and domains my MX is
 the Backup for.
 
 aliases is a simple aliases mapping (root: gilles, abuse: gilles, ...)
 vusers is also a simple mapping (x@vdomain a, y@vdomain b, ...)

ok :) ldap or sql table content would be h0t! ;-)


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Using LDAP/SSL

2013-06-28 Thread Joel Carnat 
Le 28 juin 2013 à 10:07, Gilles Chehade gil...@poolp.org a écrit :

 On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote:
 Hi,
 
 
 Hi,
 
 
 I'm having a(nother) look at OpenSMTPd as a Postfix replacement.
 I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386.
 I have configured LDAP connexion as such:
  table ldap ldap:/etc/mail/ldapd.conf 
 It seems to work ; at least to connect. But if I try using ldaps, I get:
  smtpd: table_create: backend ldaps does not exist 
 
 
 Yes, backend != protocol ;-)
 
 Both ldap and ldaps would be handled by the ldap backend, however... The
 ldap backend doesn't support SSL yet.
 

ok :)

So, is there a way to tell smtpd to not try to authenticate as it's using 
clear-text connexion ?

Right now, my ldap configuration file contains:
 url ldap://ldap.tumfatig.net
 usernamecn=user,...
 passwordmypass

If I comment username/password, I then get
 smtpd: failed to open table ldap

Thanks.
--
You received this email because you are subscribed to mailing list: 
misc@opensmtpd.org
To unsubscribe, send mail with subject:
[misc@opensmtpd.org] unregister

Re: Digging into using LDAP

2013-06-28 Thread Joel Carnat 
Le 28 juin 2013 à 11:44, Gilles Chehade gil...@poolp.org a écrit :
 On Fri, Jun 28, 2013 at 11:38:29AM +0200, Joel Carnat wrote:
snip
 /etc/mail/smtpd.conf.local
  lan_addr = 192.168.0.218
  listen on $lan_addr
  table ldap ldap:/etc/mail/ldapd.conf
  accept for domain tumfatig.net alias ldap deliver to maildir 
 /home/vmail/%{rcpt.domain}/%{rcpt.user}/
  accept for any relay
snip
 either use a virtual mapping, since that will use the full email address
 as the key, or extend the backend to support expansion so that you can
 use %{rcpt} instead of %s

OK, so the configuration line now goes
  accept for domain tumfatig.net virtual ldap deliver to maildir 
/home/vmail/%{rcpt.domain}/%{rcpt.user}/
And the postmaster alias is now resolved and delivered (to an external 
domain/user name). YeePee !!! :D

BUT :)
I also have accounts on this domain for which I want to deliver mail directly.
For them, the LDAP filter and field are different than for aliases. I have 
tried using credentials_filter and userinfo_filter but this doesn't seem to 
do what I want.
  # Aliases
  alias_filter((mail=%s)(objectClass=CourierMailAlias))
  alias_attributesmaildrop
  # Account
  userinfo_filter ((mail=%s)(objectClass=CourierMailAccount))
  userinfo_attributes mailbox

According to smtpd log, it only looks for objectClass=CourierMailAlias using 
full mail, then username, then domain name, then '@'.

What is the way to tell opensmtpd to ?
- first, try to find an alias using ((mail=%s)(objectClass=CourierMailAlias))
- then, try to find an account using 
((mail=%s)(objectClass=CourierMailAccount))

Thanks for help.
--
You received this email because you are subscribed to mailing list: 
misc@opensmtpd.org
To unsubscribe, send mail with subject:
[misc@opensmtpd.org] unregister