CA certificate stores?

2020-03-04 Thread John Cox
rification process so I know what is failing? I had this working (with verify required) until my certs timed out recently & I have clearly cocked up something when updating everything. Many Thanks John Cox

Re: tags on the portable branch?

2019-08-23 Thread John Cox
he tag checkout just worked for me. What happens if you make another new (temporary) repo with clone and try again? Regards John Cox

Re: RBLs?

2019-06-20 Thread John Cox
Hi >Hi, > >I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at >6.5) for some time and with success. However, there are still some >false-negatives and I’m looking at ways of reducing those. One way is by >making use of RBLs. > >(I’ve evaluated delivered spam and the

Re: problem with resolution aliases after upgrade to 6.5

2019-04-29 Thread John Cox
Hi >Hello, > >I use aliases in an smtpd config and before upgrade to 6.5 it worked fine. >After upgrade and rewriting config smtpd starts to reject mails >addressed to aliases with a reason "550 Invalid recipient". What's >wrong with new config? > >/var/log/maillog: > >Apr 29 07:01:48 ns1

Re: Confused by certificates

2019-01-07 Thread John Cox
Hi >2019-01-06 16:21 skrev John Cox: >> Hi >> >> I'm using OpenSMTPD 6.4.0 >> >> I'm (at least) a little confused as to which sort of certs I should >> put in the pki cert and ca conf file entries (I can cope with the key >> entry!) >>

Confused by certificates

2019-01-06 Thread John Cox
thoth smtpd[87479]: 92975635cb3d86a4 mta disconnected reason=quit messages=1 Where I seems to succeed with tls and then it says that it has failed. What is going on? Thanks John Cox -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filter withdrawals

2016-09-13 Thread John Cox
On Mon, 12 Sep 2016 11:11:09 +0200, you wrote: >>> I’d be up for it. Although I’m still running 5.9 on my mail server, I’m >>> thinking of upgrading. I knew that filters are experimental (and really to >>> test the API, not the filters themselves), however I’ve decided to use some >>> of them

Re: Filter withdrawals

2016-09-12 Thread John Cox
>> On 6 Sep 2016, at 14:10, Edgar Pettijohn wrote: >> >> I'm thinking of starting a support group for others suffering from filter >> withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd >> and sieve. Is there any other options besides amavis? I

Re: Incoming certificate verification

2016-05-17 Thread John Cox
gards JC > >Regards, > >Marcel > > >Am 17.05.2016 um 09:47 schrieb John Cox: >> Hi >> >> Since I upgraded to OpenBSD 5.9 (I think) I've been getting TLS >> validation errors in the headers: >> >> TLS version=TLSv1.2 cipher=ECDHE-RSA-AES

Incoming certificate verification

2016-05-17 Thread John Cox
) What does OpenSMTPD use as its default cert store - as far as I can tell the .conf lacks CAfile or CApath options? Testing with openssl s_client suggests that my certs are generally in order Any clues? Many thanks John Cox Log file: May 17 08:26:58 azathoth smtpd[18872]: info: OpenSMTPD 5.9.2

Re: strange behavior on delivering messages

2015-02-15 Thread John Cox
accept tagged CLAM_OUT for domain vdomains virtual valiases relay via \ lmtp://127.0.0.1 So is this line finally legal? Earlier versions of opensmtp would not let you mix virtual and relay via... (it is something I have always wanted and the reason why I am still running sendmail on my gateway,

Re: Is my virtual user configuration correct?

2015-01-21 Thread John Cox
of setting up routes like this (which I want to do as well) Regards John Cox -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: [OpenSMTPD] master snapshot opensmtpd-201410040015 available

2014-10-09 Thread John Cox
closed warn: queue - lka: pipe closed warn: control - lka: pipe closed warn: scheduler - queue: pipe closed warn: ca - control: pipe closed warn: pony - lka: pipe closed # Is there any other info that would be useful? I think I can make this happen quite reliably. Regards John Cox -- You

Bounce message creation delivery control

2014-09-10 Thread John Cox
Hi I have a set of email addresses that I forward on to other external addresses. I am getting a significant quantity of mail that targets these adresses but is rejected by the destination (because it is bad); the bounce message that I generate then fails to deliver because the sender was faked.

Re: [OpenSMTPD] master snapshot opensmtpd-201406192229 available

2014-06-30 Thread John Cox
/ The OpenSMTPD team ;-) Summary of changes since last snapshot (opensmtpd-201406192203): --- - unfuck build on OpenBSD 5.5 ... At least on trivial testing this one seems to work :-) Many thanks John Cox -- You received this mail because you

Re: wildcard support?

2014-06-19 Thread John Cox
Hi I need block some sender like bounce--xxx@* but I would like to configure like: table sender_deny { bounce-*-*@* } The below case is working well for www-data@* table sender_deny { www-data@* } That feature would make me very happy too :-) Thanks John Cox -- You received

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-10 Thread John Cox
On Mon, 9 Jun 2014 10:16:43 +0200, you wrote: On Mon, Jun 09, 2014 at 08:39:52AM +0100, John Cox wrote: Hi That's not correct no, I get plenty of TLS 1.0 trafic and it has been the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0

Re: How to configure encryption ciphers and SSL/TLS protocols

2014-06-09 Thread John Cox
Hi That's not correct no, I get plenty of TLS 1.0 trafic and it has been the case for many years To parrot this on all of my various instances OpenSMTPD and not I get tons of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck every now and again I see SSLv2 attempts which for

Re: [OpenSMTPD] master snapshot opensmtpd-201405142324 available

2014-05-19 Thread John Cox
, 2014 at 09:21:04AM +0100, John Cox wrote: Hi It almost works for me on OpenBSD5.5-stable. Compiles, runs, delivers and then dies Many thanks John Cox # smtpd -d -v debug: init ssl-tree info: loading pki information for yidhra.outer.uphall.net info: OpenSMTPD 201405142324

datalen mismatch with opensmtpd-201405121706 and permissions question

2014-05-13 Thread John Cox
Hi Having got the snapshot to compile on OpenBSD5.5-stable I tried it out. I get datalen errors when I try to send mail to it. Any clues? Everything works OK on 5.4.2. (run output below) As a probably separate question, what permissions should there be on /var/spool/smtpd/*? I had to create

Re: Building snapshots on 5.5-stable?

2014-05-08 Thread John Cox
Hi On Tue, May 06, 2014 at 10:17:01AM +0100, John Cox wrote: Hi Is it possible to build snapshots on OpenBSD-5.5-Stable (built from source because as far as I can tell the release ISO still contains Heartbleed)? Neither the OpenBSD or the Portable version works for me. I can understand

Building snapshots on 5.5-stable?

2014-05-06 Thread John Cox
point, but I was hopeful theat the portable vsrsion might be more portable... I'd like to follow this project and maybe help if I ever have the time (which is, at the moment, I admit, unlikely) but I really don't have the time to try and follow OpenBSD-current Many thanks John Cox Trying

Re: Should we use DKIM and SPF?

2014-04-26 Thread John Cox
On Fri, 25 Apr 2014 06:55:48 -0700, you wrote: On Thu, Apr 24, 2014 at 11:13 AM, Ashish SHUKLA ashish...@lostca.se wrote: On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun yellowgoldm...@gmail.com said: Hi I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I have

Re: Should we use DKIM and SPF?

2014-04-25 Thread John Cox
Hi On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun yellowgoldm...@gmail.com said: Hi I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I have previously run with those, but I am in doubt. I am thinking about the worth of those technologies? I used to think SPF was a good

Re: Bounces without Bodies

2014-03-10 Thread John Cox
Hi [snip] Given the similarities in the feel of the conf file to pf.conf I would try to tend towards that (well tested) model where possible to try and keep the confusion for new users as low as possible. I don't really agree here, the first match approach is much simpler when dealing with

Re: Non quick virtual rules?

2014-03-07 Thread John Cox
Hi Is there any chance we could have a rule of the form accept for any virtual no-bounce vmap relay such that if the virtual lookup fails then processing continues to the next line rather than generating a bounce message. This would simplify the generation of forwarding tables. the

Non quick virtual rules?

2014-03-06 Thread John Cox
Hi Is there any chance we could have a rule of the form accept for any virtual no-bounce vmap relay such that if the virtual lookup fails then processing continues to the next line rather than generating a bounce message. This would simplify the generation of forwarding tables. Maybe

Re: [OpenSMTPD] master snapshot opensmtpd-201402271419 available

2014-02-28 Thread John Cox
Does this fix my maildir issue? Thanks JC On Thu, 27 Feb 2014 14:23:01 +0100 (CET), you wrote: User gilles has just rebuilt a master snapshot, available from: http://www.OpenSMTPD.org/archives/opensmtpd-201402271419.tar.gz Checksum: SHA256 (opensmtpd-201402271419.tar.gz) =

Why can't I have virtual and relay via together?

2013-12-16 Thread John Cox
Hi I have a m/c that receives mail on the border of my domain. It doesn't want to deliver any mail itself it just wants to deliver to the mailstore. However it does want to do any required forwarding and/or rejection to prevent needless internal message traffic (and to prevent confusion if the

Macro expansion

2013-12-14 Thread John Cox
a macro? Many thanks John Cox -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: cert.pem missing

2013-12-11 Thread John Cox
John Cox -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org