Re: Redirect queue to another smtp

2022-08-14 Thread Marcus MERIGHI 
Hello Mik, 

mikyde...@yahoo.fr (Mik J), 2022.08.14 (Sun) 05:14 (CEST):
> I have received some mails on my "SMTP2" which is misconfigured and
> mails are stuck in the queue. They look like
> that25eed6a533daaed1|inet4|mda||cxxx@gmail.com|m...@e.xxx|m...@e.xxx|1660443800|1660443800|0|17|pending|181|"mail.maildir:
> No such file or directory"
> Is there a way to resend them to "SMTP1" ?
> I have tried to add rules such asaction TO-SMTP1 relay host smtp://10.1.2.2:25
> match mail-from " cxxx@gmail.com" for any action TO-SMTP1
> Or evenaction TO-SMTP1 relay host smtp://10.1.2.2:25match from any for
> any action TO-SMTP1

$ doas find /var/spool/smtpd/ -type f
/var/spool/smtpd/queue/6e/6e800d91/6e800d911b1d350c
/var/spool/smtpd/queue/6e/6e800d91/message

"message" is, hum, the message. "6e800d911b1d350c" is the control data
of OpenSMTPd: 

$ doas cat /var/spool/smtpd/queue/6e/6e800d91/6e800d911b1d350c
version: 3
dispatcher: outbound # <= the "action" that was applied
type: mta
smtpname: fifi.foo.bar
helo: localhost
hostname: fifi.foo.bar
sockaddr: local
sender: a...@def.gh
rcpt: i...@lmn.op
dest: i...@lmn.op
ctime: 1660479966
last-try: 0
last-bounce: 0
ttl: 0
retry: 0
flags: authenticated
dsn-notify: 0

With this information, look for the smtpd.conf(5) "action" named "outbound"
and change it to do what you want it to do. Restart smtpd(8) afterwards,
delivery according to your new "action" will start shortly.

Marcus

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certs

2022-03-15 Thread Marcus MERIGHI 
Hello, 

rea...@catastrophe.net (rea...@catastrophe.net), 2022.03.15 (Tue) 00:27 (CET):
> On Tue, Mar 15, 2022 at 09:40:34AM +1100, Dipesh Sharma wrote:
> >Did you try the 'tls no-verify' option described here:
> >https://man.openbsd.org/smtpd.conf#tls ? If you are sure that some host
> >under example.com is talking to the correct mail.example.com host, it is OK
> >to skip the certificate verification.
> 
> I did not as that is not what I'm hoping to do.
> 
> Instead I'd like to verify the servers certificate is signed by a CA
> whose certificate is on the client machine.

IIUC the client server needs the CA Certificate that was used to
generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on
OpenBSD). 

Marcus

Re: mutt can't send emails via localhost 25 with error 503 5.5.1

2022-03-08 Thread Marcus MERIGHI 
Hello Jiri!

j...@navratil.cz (Jiri Navratil), 2022.03.08 (Tue) 18:19 (CET):
> Thank you for this advice.
> I never used this way. When adding just
> set sendmail = /usr/sbin/sendmail
> there was no improvement. When I also used
> unset smtp_url

Ah, yes, these are certainly mutually exclusive. 

Using the sendmail binary for local enqueueing and smtp at the 
same time doesn't make much sense.

> Then I got
> Error sending message, child exited 127 (Exec error.).
> Could not send the message.

You are on OpenBSD, if I remember this thread correctly.

What does 
 
print testmail | mail -s testmail s...@adress.tld

do? This should call the same binary as the

set sendmail = /usr/sbin/sendmail

configuration option.

This way we'll see if local enqueueing[*] is broken on your machine.

See mailwrapper(8) and mailer.conf(5) for all the gory details.

Marcus

[*] I love the spelling of this word.

> Not sure if I have to adjust permissions of the wrapper or do anything
> else, so for now I will try to fix the smtp_url approach first.
> 
> Best regards,
> Jiří
> 
> On Tue, Mar 08, 2022 at 09:52:45AM +0100, Marcus MERIGHI wrote:
> > Hello!
> > 
> > j...@navratil.cz (Jiri Navratil), 2022.03.06 (Sun) 14:28 (CET):
> > > I'm using notebook with OpenBSD and every email from mail and from mutt
> > > goes firstly to  OpenSMTPD on localhost and then are relayed to my
> > > server with static IP.
> > > I have been using in OpenBSD 6.7 for mutt
> > > set smtp_url="smtp://127.0.0.1"
> > 
> > This is not a solution and not an answer to your question, 
> > but why don't you just use 
> > 
> > set sendmail = /usr/sbin/sendmail
> > 
> > in your muttrc(5)?
> > 
> > Marcus

Re: mutt can't send emails via localhost 25 with error 503 5.5.1

2022-03-08 Thread Marcus MERIGHI 
Hello!

j...@navratil.cz (Jiri Navratil), 2022.03.06 (Sun) 14:28 (CET):
> I'm using notebook with OpenBSD and every email from mail and from mutt
> goes firstly to  OpenSMTPD on localhost and then are relayed to my
> server with static IP.
> I have been using in OpenBSD 6.7 for mutt
> set smtp_url="smtp://127.0.0.1"

This is not a solution and not an answer to your question, 
but why don't you just use 

set sendmail = /usr/sbin/sendmail

in your muttrc(5)?

Marcus

Re: log subject of mail in maillog

2021-07-15 Thread Marcus MERIGHI 
Hello!

m...@protonmail.ch (mabi), 2021.07.15 (Thu) 08:16 (CEST):
> I was wondering with OpenSMTPD if it is possible to log the subject of
> the mail in the maillog? Currently the from/to are being logged and I
> wanted to also log the subject if possible.

Daemons that handle the Simple Mail Transfer Protocol do not care about
the content of the message. The Subject: ist part of the content, as
seen from the POV of the smtpd. 

Spam filters and local delivery agents inspect the content, though.

I know you can make rspamd and dovecot-lda log the Subject:.

Marcus

Re: warn: table-proc: pipe closed (Probably mySQL-hassle and a newbie-question)

2020-08-16 Thread Marcus MERIGHI 
Hello Fabian, 

not answering your question and not solving you problem, but after your
introduction I feel compelled to say:

f...@1lb.eu (Fabian Müller), 2020.08.16 (Sun) 02:15 (CEST):
> 1. take e-mails on port 25, check via mysql if it's for a domain it is
> responsible for and then forward via lmtp to dovecot which then takes
> care of everything else (including rejecting unknown users).

I'd recommend to deny delivery right at the front door, i.e. let
OpenSMTPd do the rejection. That way the sender gets the
Non-Delivery-Notification from her/his own mail server. 

Otherwise the sending server sees the 
"250 2.0.0 XXYYZZ Message accepted for delivery"
and thinks all is well.

Later, when dovecot rejects, your server has to send the NDN,
possibly to a spammer, which might bounce and all of that.

Marcus

Re: smtpd.conf relay pki

2020-04-20 Thread Marcus MERIGHI 
just a friendly ping...

mcmer-opensm...@tor.at (Marcus MERIGHI), 2020.04.02 (Thu) 12:00 (CEST):
> Hello!
> 
> I've recently found a reason [1] to use different certificates for
> relaying than those that are used for submitting mails. 
> 
> Reading smtpd.conf(5) I learned that "relay" did not list "pki" as an
> option. 
> 
> Feeling adventurous I just added the "pki pubpki" directive:
>   "action rlay relay src  helo $hname pki pubpki"
> 
> "smtpd -n -v' did not complain.
> 
> There's a patch for smtpd.conf(5), at the end of this message.
> 
> But I'm having a hard time testing. Here's a trace from a receiving end, 
> when contacted _by_ the server in question. 
> 
> smtp: 0x17e7eea48000: <<< STARTTLS
> smtp: 0x17e7eea48000: >>> 220 2.0.0 Ready to start TLS
> smtp: 0x17e7eea48000: STATE_HELO -> STATE_TLS
> 160f48d2b4ce36f0 smtp tls
> ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
> smtp: 0x17e7eea48000: STATE_TLS -> STATE_HELO
> 
> How can I check which certificate was used? 
> I control both ends, which are OpenBSD 6.6 with OpenSMTPd.
> 
> Or, asking differently: if I have more than one "pki" defined, which
> one is used for "relay" actions?
> 
> [1] there's an "internal" domain name that is used for mail submission
> access, which has a acme certificate.
> but, when relaying, it goes out with the "official" name, which is not
> contained in the acme certificate for the "internal" domain.
> 
> Thanks for reading that far, Marcus
> 

Index: smtpd.conf.5
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.249
diff -u -p -u -r1.249 smtpd.conf.5
--- smtpd.conf.512 Feb 2020 14:46:36 -  1.249
+++ smtpd.conf.52 Apr 2020 09:14:01 -
@@ -274,6 +274,14 @@ and
 .Dq smtps
 protocols for authentication.
 Server certificates for those protocols are verified by default.
+.It Cm pki Ar pkiname
+For secure connections,
+use the certificate associated with
+.Ar pkiname
+(declared in a
+.Ic pki
+directive)
+to prove a mail server's identity.
 .It Cm srs
 When relaying a mail resulting from a forward,
 use the Sender Rewriting Scheme to rewrite sender address.

smtpd.conf relay pki

2020-04-02 Thread Marcus MERIGHI 
Hello!

I've recently found a reason [1] to use different certificates for
relaying than those that are used for submitting mails. 

Reading smtpd.conf(5) I learned that "relay" did not list "pki" as an
option. 

Feeling adventurous I just added the "pki pubpki" directive:
  "action rlay relay src  helo $hname pki pubpki"

"smtpd -n -v' did not complain.

There's a patch for smtpd.conf(5), at the end of this message.

But I'm having a hard time testing. Here's a trace from a receiving end, 
when contacted _by_ the server in question. 

smtp: 0x17e7eea48000: <<< STARTTLS
smtp: 0x17e7eea48000: >>> 220 2.0.0 Ready to start TLS
smtp: 0x17e7eea48000: STATE_HELO -> STATE_TLS
160f48d2b4ce36f0 smtp tls
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
smtp: 0x17e7eea48000: STATE_TLS -> STATE_HELO

How can I check which certificate was used? 
I control both ends, which are OpenBSD 6.6 with OpenSMTPd.

Or, asking differently: if I have more than one "pki" defined, which
one is used for "relay" actions?

[1] there's an "internal" domain name that is used for mail submission
access, which has a acme certificate.
but, when relaying, it goes out with the "official" name, which is not
contained in the acme certificate for the "internal" domain.

Thanks for reading that far, Marcus

Index: smtpd.conf.5
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.249
diff -u -p -u -r1.249 smtpd.conf.5
--- smtpd.conf.512 Feb 2020 14:46:36 -  1.249
+++ smtpd.conf.52 Apr 2020 09:14:01 -
@@ -274,6 +274,14 @@ and
 .Dq smtps
 protocols for authentication.
 Server certificates for those protocols are verified by default.
+.It Cm pki Ar pkiname
+For secure connections,
+use the certificate associated with
+.Ar pkiname
+(declared in a
+.Ic pki
+directive)
+to prove a mail server's identity.
 .It Cm srs
 When relaying a mail resulting from a forward,
 use the Sender Rewriting Scheme to rewrite sender address.

Re: forcing SMTP authentication

2019-08-21 Thread Marcus MERIGHI 
Hello Selmeci, 

you are operating an open mail relay at the moment. stop it, now!
it won't take long until "they" discover and abuse it and this will ruin
the reputation of your IP address for quite some time.
(look in you logs for messages from/to "max@"!)

handle transfer of mails between servers on port 25, without
authentication (and with optional tls?).
use port 587 for message submission by users after authentication.
do NOT relay anything but submissions via port 587.

Marcus

tselm...@gmail.com (Selmeci Tamás), 2019.08.21 (Wed) 07:39 (CEST):
> Hello!
> 
> In brief: STARTTLS is enabled, there is a self-signed certificate for
> encryption (better than nothing), smarthost is used to send mails from
> my domain. My problem is that it still accepts SMTP connections (over
> TLS) without authentication. What I want:
> - anybody can send email to my email address in my domain (now it's
> working);
> - relaying through my SMTP server is allowed only after successful
> authentication (now anybody can relay through my server without
> authentication, e.g. to send spams). Authentication should be based on
> regular /etc/passwd file (local users of the computer). In order to
> hide the passwords, STARTTLS should be used;
> 
> It's a rather simple configuration, but I wasn't able to set it up. If
> I put 'auth' into the 'listen on' line, it needs authentication to any
> access of the SMTP server, so other machines (e.g. from google.com)
> can't send me mails. Using 'authenticated' in 'accept from' directives
> also didn't do the trick appropriately (it wasn't able to receive any
> mails at all).
> 
> Could you please help me out with this?
> 
> Thanks, regards,
> ---
> ---
> pki mail.486.hu certificate "/etc/smtpd/mail.486.hu.crt"
> pki mail.486.hu key "/etc/smtpd/mail.486.hu.key"
> 
> table cred file:/etc/smtpd/cred
> 
> listen on eth0  port 25 hostname mail.486.hu tls-require
> listen on localhost port 25 hostname mail.486.hu tls-require
> 
> # Storing mails arriving at the domain '486.hu'.
> accept from any for domain 486.hu deliver to mbox
> 
> # If the recipient is out of domain '486.hu', the mail is relayed through the
> # smarthost using TLS and authentication, see 'cred' file.
> accept from any for ! domain 486.hu relay via
> tls+auth://t-onl...@mail.t-online.hu auth  
>

Re: Sending mail from PowerShell via OpenSMTPD fails.

2018-09-05 Thread Marcus MERIGHI 
Hello,

r...@mrstuudio.ee (Reio Remma), 2018.09.04 (Tue) 21:51 (CEST):
> I've a backup script in Windows that sends an e-mail upon completion.
> The mail goes out successfully if I use port 25 on the mail server but fails
> unspectacularly with no specific error message on OpenSMTPD side when I try
> to submit it authenticated on port 587.

I had to remove the rest, it contained info you should not have posted
and should change now ;-)

client: AUTH login 
server: 334 Usernamu: [I have no idea why the *u is there!]
client: (answers with a string that does not look like a username)
server: [thinks it's got a username] 334 Password:
client: disconnects

IIRC, there's two ways of doing auth in SMTP, your client is trying A
and smtpd expecting B.

Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Credentials Table

2018-08-27 Thread Marcus MERIGHI 
Good morning, 

n...@sidoti.id.au (Antonino Sidoti), 2018.08.27 (Mon) 05:35 (CEST):
> Hi,
> 
> When using a credentials table (man table), what table type do I use
> with regards to using the table in a smtpd.conf configuration?

Thats up to you: if you use "file" (recommended), then, upon table
changes, you have to restart smtpd(8) to read the new contents OR use
"smtpctl(8) update table ".

If you use "db", then you have to run makemap(8) on your file, which
produces a .db, which should be referenced in smtpd.conf.
In this case after running makemap smtpd has the new contents. 

> I have created this table in my smtpd.conf but I am not sure it is
> correct? 
> table passwd file:/etc/mail/passwd

"passwd" would be the NAME of your table which you should use in your 
smtpd.conf if you want to auth, untested example, taken right from
smtpd.conf(5):

listen on egress auth 

> Though I have seen a sample configuration from another site using a
> different table type;
> table passwd passwd:/etc/mail/passwd
> Reading the man page, it does not make any reference to the table type
> using ‘passwd’. It only talks about ‘file’ and ‘db’. 

Nope! 
With OpenBSD software it's more like: If not in manual, then not
in code. 
Neither table(5) nor smtpd.conf(5) contain the string "passwd". 
But you can use it as a name you want to use.

Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Problem with relay

2017-07-16 Thread Marcus MERIGHI 
nico...@shivaserv.fr (Nicolas Repentin), 2017.07.16 (Sun) 11:49 (CEST):
> Anyone ?

You told OpenSMTPd to open a secured connection, then do authentication.

The secure connection fails ("TLS required but not supported by remote
host", "TLS Error on session 89d8cece96079f82") and OpenSMTPd then does
*not* send your credentials in plain text. This is good.

Remains the question why 80.12.242.10:587 does not do TLS/SSL although
you think it should. 

Marcus

> Le 13 juillet 2017 14:37:27 GMT+02:00, Nicolas  a 
> ??crit :
> >Hi all,
> >
> >I'm searching some help for opensmtpd configuration for a relay.
> >
> >I'm trying to use the relay of my ISP, which is orange in france.
> > When I got the line (with the orange table declared of course), 
> >accept from local for any relay via
> >secure+auth://la...@smtp.orange.fr:587 auth 
> >
> >i got on logs :
> >
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta
> >event=connecting address=tls://80.12.242.10:587 host=smtp.orange.fr
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta
> >event=connected
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta event=error
> >reason=TLS required but not supported by remote host
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta
> >event=connecting address=smtps://80.12.242.10:587 host=smtp.orange.fr
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta
> >event=connected
> >Jul 13 14:34:40 atlas smtpd[24789]: 989647e58b78302f mta event=error
> >reason=IO Error: error:140770FC:SSL
> >routines:SSL23_GET_SERVER_HELLO:unknown protocol
> >
> >When I use the line:
> >accept from local for any relay via
> >smtps+auth://la...@smtp.orange.fr:587 auth 
> > I got :
> >
> >Jul 13 14:36:31 atlas smtpd[25293]: 89d8cece96079f82 mta
> >event=connecting address=smtps://80.12.242.10:587 host=smtp.orange.fr
> >Jul 13 14:36:33 atlas smtpd[25293]: 89d8cecf4f44031a mta
> >event=connecting address=smtps://193.252.22.64:587 host=smtp.orange.fr
> >Jul 13 14:36:33 atlas smtpd[25293]: 89d8cecf4f44031a mta
> >event=connected
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cece96079f82 mta
> >event=connected
> >Jul 13 14:36:34 atlas smtpd[25293]: smtp-out: TLS Error on session
> >89d8cece96079f82: TLS failed, downgrading to plain
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cece96079f82 mta
> >event=connecting address=smtp://80.12.242.10:587 host=smtp.orange.fr
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cece96079f82 mta
> >event=connected
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cece96079f82 mta event=error
> >reason=Refuse to AUTH over unsecure channel
> >Jul 13 14:36:34 atlas smtpd[25293]: smtp-out: Disabling route [] 
> >80.12.242.10 (smtp.orange.fr) for 15s
> >Jul 13 14:36:34 atlas smtpd[25293]: smtp-out: TLS Error on session
> >89d8cecf4f44031a: TLS failed, downgrading to plain
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cecf4f44031a mta
> >event=connecting address=smtp://193.252.22.64:587 host=smtp.orange.fr
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cecf4f44031a mta
> >event=connected
> >Jul 13 14:36:34 atlas smtpd[25293]: 89d8cecf4f44031a mta event=error
> >reason=Refuse to AUTH over unsecure channel
> >Any idea what I need to change ?
> >
> >Thanks
> 
> -- 
> Nicolas
> 
> !DSPAM:596b36e755241635210540!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: tls-require not working as expected

2017-01-28 Thread Marcus MERIGHI 
jason.mann+opensm...@gmail.com (Jason Mann), 2017.01.27 (Fri) 15:41 (CET):
> Hello list.
> 
> I'm trying to configure OpenSMTPD 5.9.2 on a FreeBSD server but I'm seeing
> anomalous behaviour with one of my listen directives.
> 
> The directive in question is:
> 
>   listen on egress tls-require hostname mail.mydomain.net
> 
> My only other listen directive is usual localhost one.
> 
> The smtpd.conf man page states: "tls-require may be used to force clients
> to establish a secure connection before being allowed to start an SMTP
> transaction".
> 
> I ran a telnet test against the server to see how the forcing of TLS takes
> place, but it didn't happen.  I was able to manually submit a message to
> OpenSMTPD without TLS as follows:

$ for i in smtp mta expand lookup rules; do smtpctl trace $i; done
(do your test and watch your logfiles to see what goes why where.) 
$ for i in smtp mta expand lookup rules; do smtpctl untrace $i; done 

Be quick, lots of output to your log file.

Marcus

> $ telnet a.mx.mydomain.net 25
> Trying :xxx:xx:xxx::x:...
> Connected to a.mx.mydomain.net.
> Escape character is '^]'.
> 220 mail.mydomain.net ESMTP OpenSMTPD
> HELO jmann-mbp
> 250 mail.mydomain.net Hello jmann-mbp
> [IPv6::::::::],
> pleased to meet you
> MAIL FROM:
> 250 2.0.0: Ok
> RCPT TO:
> 250 2.1.5 Destination address valid: Recipient ok
> DATA
> 354 Enter mail, end with "." on a line by itself
> From: Jason Mann 
> To: Jason Mann 
> Subject: Test 4
> 
> This is a test.
> .
> 250 2.0.0: f20f3998 Message accepted for delivery
> QUIT
> 221 2.0.0: Bye
> 
> What may be wrong here?
> 
> Kind regards,
> 
> Jason
> 
> 
> !DSPAM:588b5c5b241071631238794!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread Marcus MERIGHI 
siefke_lis...@web.de (siefke_lis...@web.de), 2016.08.17 (Wed) 15:52 (CEST):
> On Wed, 17 Aug 2016 07:39:43 -0500 Edgar Pettijohn
> <ed...@pettijohn-web.com> wrote:
> 
> > > On Aug 17, 2016, at 7:20 AM, Marcus MERIGHI
> > > <mcmer-opensm...@tor.at> wrote:
> > > 
> > > I think:
> > > 
> > > 1) smtpd accepts message 
> > >   (accept from any recipient ! for domain  relay
> > > via "smtp://127.0.0.1:10024")
> > > 2) smtpd forwards to amavisd
> > > 3) avavisd returns the message scanned to smtpd
> > > 4) smtpd does not accept the message (invalid rcpt)
> > >   (accept tagged Scanned from local for domain  virtual
> > >  deliver to maildir "~/maildir")
> > > 
> > > I suspect your  does not contain the line
> > > mlmmj-test:  "|/usr/bin/mlmmj-receive
> > > -L /var/spool/mlmmj/mlmmj-test/".
> > > 
> > That's my thoughts also.
> 
> Okay but how should set it in vusers file? Can i set so like in alias?

smtpd.conf(5):

accept for domain "*.example.com" virtual  deliver to mbox

The table users holds a key-value mapping of virtual to system users.
For an example of how to configure the users table, see table(5).


So yes, just like aliases(5). If it doesn't want your
mlmmj-receive(1)-line there then put the user name there and give the
user a forward(5) file. 

Marcus

> !DSPAM:57b46c12250168480815571!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: mlmmj with opensmtpd

2016-08-17 Thread Marcus MERIGHI 
I think:

1) smtpd accepts message 
   (accept from any recipient ! for domain  relay via
"smtp://127.0.0.1:10024")
2) smtpd forwards to amavisd
3) avavisd returns the message scanned to smtpd
4) smtpd does not accept the message (invalid rcpt)
   (accept tagged Scanned from local for domain  virtual 
deliver to maildir "~/maildir")

I suspect your  does not contain the line
mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/".

Marcus

siefke_lis...@web.de (Silvio Siefke), 2016.08.16 (Tue) 19:18 (CEST):
> Hello, 
> 
> i try to run mlmmj with opensmtpd. 
> 
> My config:
> 
> # generate db using makemap
> table aliases  file:/etc/smtpd/tables/aliases
> table vdomsfile:/etc/smtpd/tables/domains.conf
> table vusers   file:/etc/smtpd/tables/users.conf
> table blacklistfile:/etc/smtpd/tables/blacklist.conf
> 
> # Filter
> filter dnsbl-sorbsdnsbl   "-h dnsbl.sorbs.net"
> filter dnsbl-spamcop  dnsbl   "-h bl.spamcop.net"
> filter dnsbl-spamhaus dnsbl   "-h zen.spamhaus.org"
> filter dnsbl-all  chain   dnsbl-sorbs dnsbl-spamcop dnsbl-spamhaus
> 
> # See smtpd.conf(5) for more information.
> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
> 
> # Inbound mail smtp, smtps, deliver
> listen on localhost
> listen on eth0 port 25 filter dnsbl-all tls pki fr-sb.silviosiefke.com
> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
> 
> # Receive scanned mails from amavisd-new
> listen on localhost port 10025 tag Scanned
>  
> # Deliver locally messages coming back in from scanner
> accept from local for local alias  deliver to maildir "~/maildir"
> accept tagged Scanned from local for domain  virtual  deliver 
> to maildir "~/maildir"
> reject tagged Scanned
> 
> # Forward all mail received for local domains to amavis
> accept from any recipient ! for domain  relay via 
> "smtp://127.0.0.1:10024"
> 
> # Relay anything that came in from authenticated users
> accept from local for any relay
> 
> 
> I set the virtual domains for lists and in alias i wrote:
> 
> mlmmj-test:  "|/usr/bin/mlmmj-receive -L /var/spool/mlmmj/mlmmj-test/"
> 
> 
> But opensmtpd like not my mails. Where is my mistake? 
> 
> log
> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f8362c39862f from host mail-wm0-f47.google.com [74.125.82.47]
> Aug 16 19:11:32 vps296466.ovh.net smtpd[2372]: smtp-in: Started TLS on 
> session 3ff7f8362c39862f: version=TLSv1.2, 
> cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
> 48d916eb on session 3ff7f8362c39862f: from=, 
> to=, size=2772, ndest=1, proto=ESMTP
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connecting to 
> smtp://127.0.0.1:10024 (localhost) on session 3ff7f8406ef2764b...
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-out: Connected on session 
> 3ff7f8406ef2764b
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Closing session 
> 3ff7f8362c39862f
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f84124a80a05 from host localhost [127.0.0.1]
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: smtp-in: Failed command on 
> session 3ff7f84124a80a05: "RCPT TO:" 
> => 550 Invalid recipient
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) no valid 
> recipients, skip data transfer
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) (!)pK4TzHnXfKAp FWD 
> from  -> , 
> BODY=7BIT 550 5.1.0 from MTA(smtp:[127.0.0.1]:10025): 550 Invalid recipient
> Aug 16 19:11:33 vps296466.ovh.net amavis[362]: (00362-09) Blocked MTA-BLOCKED 
> {RejectedInbound}, [127.0.0.1] [2003:88:cf07:c114:1a3d:a2ff:fe5c:51d8] 
>  -> , 
> Message-ID: <20160816191131.e1f6cba209066140c147c...@gmail.com>, mail_id: 
> pK4TzHnXfKAp, Hits: 1.867, size: 2821, dkim_sd=20120113:gmail.com, 459 ms
> Aug 16 19:11:33 vps296466.ovh.net smtpd[2372]: relay: PermFail for 
> 48d916eb83cdbbbc: session=3ff7f8406ef2764b, from=, 
> to=, rcpt=<->, source=127.0.0.1, 
> relay=127.0.0.1 (localhost), delay=1s, stat=550 5.1.0 id=00362-09 - Rejected 
> by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025): 550 Invalid 
> recipient
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: New session 
> 3ff7f846f96b5f37 from host vps296466.ovh.net [local]
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in: Accepted message 
> 895e6b66 on session 3ff7f846f96b5f37: from=<>, to=, 
> size=4228, ndest=1, proto=ESMTP
> Aug 16 19:11:34 vps296466.ovh.net smtpd[2372]: smtp-in:

Re: Newbie questions

2016-05-23 Thread Marcus MERIGHI 
ed...@pettijohn-web.com (Edgar Pettijohn), 2016.05.21 (Sat) 20:32 (CEST):
> 
> 
> On 05/20/16 13:26, Olivier Brunel wrote:
> > Hello,
> > 
> > I'm new to OpenSMTPD and while this looks really good so far, and with a
> > configuration that can be both simple yet powerful/flexible at once,
> > even after reading the man pages I still find myself with a few
> > questions I can't answer, so I'm hoping I can get some help.
> > 
> > * To make sure: whenever a mapping is used (virtual domains/users,
> >aliases...) it always means there *needs* to be a match, and if not
> >the rule "fails" and smtpd will move on to the next rule, rejecting
> >the message if no other (matching) rule is found -- correct?
> >For some cases the doc clearly states so, but not for others, so I'm
> >unsure if that's just implied as well, or what's the behavior then?
> When a message comes in it checks each rule from top to bottom until it
> finds a match.  First match wins.

This of course is right regarding *access rules*. I just want to warn
that "alias" and "virtual" are not part of the access rule. But
"recipient" is. Examples to explain my experiences follow:

An email to  will only be delivered if that address
is in , not if it's in :

accept from any to "domain1.com" alias 
accept from any to "domain1.com" alias 

The same applies for "virtual". 

On the other hand, if you use "recipient", it is part of the access
rule; in the example below the email will be delivered even if
 is only in .

accept from any to "domain1.com" recipient  relay ...
accept from any to "domain1.com" recipient  relay ...

This is what my testing showed. Clue sticks appreciated!

Bye, Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Relay recipient verification - migrating from Postfix

2016-05-07 Thread Marcus MERIGHI 
av...@protonmail.com (Andrew Ruscica), 2016.05.07 (Sat) 05:16 (CEST):
> First, hello to the list and the opensmtpd devs- thank you very much
> for this great mta. I've been building postfix gateways on openbsd for
> maybe close to 10 years and have been following opensmtpd with great
> interest.
> 
> I'm migrating a set of postfix gateways to opensmtpd.  The role of the
> gateway is only to filter and relay email to internal (Domino, in this
> case) mail servers.
> 
> The goal of my question here is to reject invalid recipients at the
> gateway.
> 
> In the past I have used a canned perl script to generate a postfix
> table by performing an LDAP query from the mail server's directory
> (postfix: relay_recipient_maps). I'm not a perl hacker and this has
> stopped working at recent OpenBSD releases.
> 
> But it can be replaced by the more elegant reject_unverified_recipient
> - which is a pre-check of the recipient address at the relay
> destination and rejects the email if the recipient doesn't exist.
> 
> So far my searches of the openbsd and opensmtpd misc archives as well
> as the opensmtpd.conf man page haven't revealed a similar way to
> achieve this.
> 
> I'm tempted to not bother - for invalid recipients the gateway will
> accept the email then immediately generate and send a NDR - I can't be
> the first to use opensmtpd as a gateway like this. But in that case
> I'm curious what have others done about the potential for the gateway
> to be a source of backscatter spam?

If I get you right you are looking for "recipient" in smtpd.conf(5),
second hit. 

accept from any for domain  recipient  \
  relay via ...

Back at your ldap export problem. 

I do not know of a way to do what reject_unverified_recipient does
according to your description, assuming the pre-check happens via SMTP. 

Bye, Marcus

> !DSPAM:572d5ddd551039943851!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: virtual user and forwarding

2016-05-07 Thread Marcus MERIGHI 
p...@thinkage.ca (Peter Fraser), 2016.05.05 (Thu) 19:46 (CEST):
> My scenario:
> 
> I have a OpenBSD  processing email for several domains, doing virus
> scanning, and spam processing.  The OpenBSD system was running
> sendmail and I would like to convert it to smtpd
> 
> All the incoming email is then forwarded on to one of two Microsoft
> Exchange servers,  depending upon the destination email address.
> 
> Several email incoming email address a mapped to a smaller number of
> target email addresses.
> 
> I have included a small  test example of what I naively thought the
> smtpd.conf should look like.  The example a simple configuration for
> outgoing email, and only tries to deal with one exchange server.
> 
> listen on all thinkageLan = "192.102.11.0/24" ksmartLan   =
> "205.189.88.110/28"
> 
> table thinkageComputers { $thinkageLan } 
> table thinkageUsers { p...@thinkage.ca, supp...@thinkage.ca } 
> table thinkageDomains
> { thinkage.ca, thinkage.com, mainboss.com } table
> thinkageVirtualMapping { i...@thinkage.ca=supp...@thinkage.ca,
> i...@mainboss.com=supp...@thinkage.ca }
> 
> accept from source  for any virtual
>  recipient  relay via
> "smtp://exchange.thinkage.ca"
> 
> This configuration file generates.
> 
> /etc/mail/smtpd.conf:11: syntax error
> 
> after a lot of playing around I managed to figure out the syntax
> according to the man page is correct but actually is a statement that
> "virtual" cannot be used the "relay via".
> 
> I have tried various approaches to implement the effect I want, but so
> far no are satisfactory.  I am wonder what is the best method to
> create a working configuration.

Why doas your forwarding-only smtpd need to know about any
address-to-user mapping? It just needs to know for which addresses to
relay (and for which not). "recipients" is enough for that, isn't it?

Apart from that, this smtpd.conf(8) statement makes me think your accept
line does something different than you think it does:

for any virtual 
Make the rule match regardless of the domain it is sent to.  
The vmap table will be used as the virtual domain mapping.
   ^^

Is this a documentation bug? Shouldn't it say:
"The vmap table will be used as the virtual user mapping"
instead of:
"The vmap table will be used as the virtual domain mapping"

Bye, Marcus

> !DSPAM:572b872e37301759011372!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Crashing once a day and not auto-starting back

2016-05-05 Thread Marcus MERIGHI 
gil...@poolp.org (Gilles Chehade), 2016.05.05 (Thu) 16:51 (CEST):
> On Thu, May 05, 2016 at 11:42:44AM -0300, Mariano Baragiola wrote:
> > On 05/05/16 10:59, Edgar Pettijohn wrote:
> > >How is it activated to do so?
> > 
> > I mean it autostarts when I reboot the VPS.
> > I did it with rcctl enable smtpd.
> > Shouldn't by this autostart when it crashes?
> 
> No it shouldn't autostart when it crashes.
> It shouldn't crash either.
> 
> Can you provide more details ?
> logs before the crash ?

in the meantime you could have a line like this in root's crontab(1) 

*/5 * * * * rcctl ls failed | xargs -r -L1 rcctl restart

or, for older versions of OpenBSD:

*/5 * * * * cd /var/run/rc.d; for dmn in *; do /etc/rc.d/${dmn} check \
  > /dev/null || /etc/rc.d/${dmn} restart; done

While this one is well testet, the first one is not. As always with
"*/X" cron(8) jobs, be sure they are quicker than their repeat rate (X).

Bye, Marcus

> !DSPAM:572b5dc9141209880215823!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: relay from notebook not working (need help with configuration)

2015-09-09 Thread Marcus MERIGHI 
j...@navratil.cz (Jiri Navratil), 2015.09.08 (Tue) 08:24 (CEST):
> I wish to use on my notebook to deliver emails via relay to my server
> regardless of location and Internet connection.
> 
> on notebook I have
> 
> accept from local for any relay via tls+auth://user@myserver auth
> 

table relayauth { username= "passphrase" }
accept for any relay via tls+auth://usern...@msa.domain.tld:587 auth \
  

> on server I have
> 
> listen on egress tls pki myserver auth-optional
> listen on egress port submission tls-require pki myserver auth

pki host.domain.tld certificate "/etc/ssl/tld.domain.host.crt"
pki host.domain.tld key "/etc/ssl/private/tld.domain.host.key"
listen on egress port submission tls pki host.domain.tld auth tag msa

Bye, Max

> !DSPAM:55ee7f4a22061658913436!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: On the topic of MX hosts

2014-11-11 Thread Marcus MERIGHI 
d...@duckland.org (Don Harper), 2014.11.11 (Tue) 19:18 (CET):
 Hello!
 I am in the process of migrating my MTA system from postfix to 
 opensmtpd.  All my clients currently run opensmtpd, but I have a time to 
 wrap my mind around how to setup for backup MX servers without having a 
 open relay.
 
 If I have the following smtpd.conf:
   listen on vtnet0
   table aliases file:/usr/local/etc/mail/aliases
   accept from any for domain duckland.org relay backup
   accept for local alias aliases deliver to maildir
 
 My question is how do I set up the server to handle multiple domains?  
 Do I just have multiple accept lines?  Or, does the line support 
 database lookup?

yes, e.g.:

table relayhosts { x.y.z.a, k.l.m.n }
accept from source relayhosts for any relay

 Worry often gives a small thing a big shadow. - Swedish proverb

nice one!

Bye, Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: On the topic of MX hosts

2014-11-11 Thread Marcus MERIGHI 
d...@duckland.org (Don Harper), 2014.11.11 (Tue) 23:51 (CET):
 On 2014-11-11  8:47 PM, Marcus MERIGHI wrote to To Don Harper:
  d...@duckland.org (Don Harper), 2014.11.11 (Tue) 19:18 (CET):
   Hello!
   I am in the process of migrating my MTA system from postfix to 
   opensmtpd.  All my clients currently run opensmtpd, but I have a time to 
   wrap my mind around how to setup for backup MX servers without having a 
   open relay.
 
   If I have the following smtpd.conf:
 listen on vtnet0
 table aliases file:/usr/local/etc/mail/aliases
 accept from any for domain duckland.org relay backup
 accept for local alias aliases deliver to maildir
 
   My question is how do I set up the server to handle multiple domains?  
   Do I just have multiple accept lines?  Or, does the line support 
   database lookup?
 
  yes, e.g.:
 
  table relayhosts { x.y.z.a, k.l.m.n }
  accept from source relayhosts for any relay
 
 Hum...I guess I did not make myself clear.  I am trying to set up my  
 backup MX hosts, so this is for when my primary MX host is down.  If I 
 am reading that correctly, that would be the config on the primary, yes?

(previous example just allows relaying for certain IPs)

sorry, yes:
table bakmx { foo.org, bar.info }
accept from any for domain bakmx relay

Bye, Marcus

   Worry often gives a small thing a big shadow. - Swedish proverb
 
  nice one!
 Thanks!
 !DSPAM:5462932b151541562154586!

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Incomplete error messages from bounced emails?

2014-10-01 Thread Marcus MERIGHI 
gil...@poolp.org (Gilles Chehade), 2014.09.29 (Mon) 21:35 (CEST):
 On Mon, Sep 29, 2014 at 11:50:41AM -0300, Hugo Osvaldo Barrera wrote:
  On 2014-09-05 19:22, Giovanni Bechis wrote:
   On 09/01/14 18:53, Hugo Osvaldo Barrera wrote:
On 2014-09-01 11:46, Gilles Chehade wrote:
On Sat, Aug 23, 2014 at 12:28:00PM -0300, Hugo Osvaldo Barrera wrote:
On 2014-08-22 18:32, Giovanni Bechis wrote:
On 08/22/14 14:30, Hugo Osvaldo Barrera wrote:
I recently had some messages bounce from gmail.com. I went up to 
their forums
to ask what's up, and on the replies, it was pointed out to my that 
gsmtpd
actually sends a rather verbose explanation message when it bounces 
messages
(eg: if it's spam, invalid return address, blacklisted address, 
etc).
   
Here's the thread were this was pointed to me. I'm guessing that 
sending an
email from a non-static IP range is enough to trigger a bounce 
harmelessly:
https://productforums.google.com/forum/#!msg/gmail/SQQAbew5tfE/-ue8aO07sf8J
   
Can somebody confirm if these explanations are being dropped by 
smtpd, if
they're non-standard, or what's going on?
   
gmail warnings are splitted in two or more lines and smtpd logs only 
one of them.
See https://github.com/OpenSMTPD/OpenSMTPD/issues/365 for details.
 Cheers
  Giovanni
   
-- 
You received this mail because you are subscribed to 
misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
   
   
Looks like the devs were expecting this to make it to the list and it 
did not.
Can we bring that up now? Are there any downsides to implementing 
this?
   
   
Yes, we were waiting for the discussion to come up.
   
There's a downside to implementing this:
   
Imagine you create an account for me on your server.
I then decide to go rogue and setup a remote MX which will reply with
a HUGE response, say 1000s of lines.
   
We need to log atomically so:
   
a- log line can't be written until we're done reading response;
b- session needs to remember every line of the response until done 
reading;
   

Can't we not-log all of it, but keep the message and send it to the 
original
sender?

The logs could be something like:

  550 Error... [25 more lines trimmed]

   I would like to have at maximum 5/6 lines of response on my log to be 
   able to found if a problem is recurring and which could be the original 
   cause.
Cheers
 Giovanni
   
   -- 
   You received this mail because you are subscribed to misc@opensmtpd.org
   To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
   
  
  It looks like this thread died fast, and nothing was decided.
  Is there any interest on implementing this/making it configurable?
  
  Would these errors be outputed if smtpd is run with -v?
  
  Cheers,
  
 
 Ok, what about the following:
 
 - we read n lines, strip their newline and concat them;
 - if reply was  n line, we log that output was truncated and needs to
   be analyzed through smtpctl trace
 
 Would that be ok for everyone ?

Don't know, but sure OK for me; just two questions: a) no knob for this
behaviour (already answered, I guess); b) what's n going to resolve to?

Bye + Thanks, Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Requeue corrupt mail

2014-05-19 Thread Marcus MERIGHI 
o...@scientia-it.net (Ole Jakobsen), 2014.05.19 (Mon) 09:23 (CEST):
 Is it how do I requeue mails that is in corrupt queue?
 I had 8 mails in a compressed queue, I then edited the .conf and
 restarted smtpd. All mails in the queue then was moved to the corrupt
 folde (as expected).
 I have then renamed an envelope from xxx to xxx.Z then decompressed it
 edited the mta-relay part.

Did you stop smtpd before editing? I've had it that without stopping
smtpd would rewrite the envelope after I edited it.

Bye, Marcus

 How do I move the mail back in the queue?
 
 Cheers
 Ole
 -- 
 
 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 
 !DSPAM:5379b1b1319931307619253!
 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: postgres and ldap backends

2014-03-06 Thread Marcus MERIGHI 
gil...@poolp.org (Gilles Chehade), 2014.03.05 (Wed) 02:35 (CET):
 In the meantime, I'd like to stabilize table_ldap and table_postgres, so
 we could *maybe* stop shipping them as experimental with our next big
 release.
 
 If people willing to use ldap or postgres could get in touch with me, it
 would be nice ;-)

Got an active directory use case here: opensmtpd to check valid
recipients in active directory. 

Somewhat short in time currently and thus waiting until the initial
problems already found are gone.

Bye, Marcus

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Bounces without Bodies

2014-03-04 Thread Marcus MERIGHI 
Hello backscatterers (:-), 

jab...@serversave.us (Jason Barbier), 2014.03.03 (Mon) 18:47 (CET):
 So reading this also this type of spam bounce has a common name, its called
 backscattering (https://en.wikipedia.org/wiki/Backscatter_%28email%29).

as I read this (thanks for the link) there is no real solution to the
problem. Under Reducing the problem it says:

Checking bounce recipients
Mail servers sending email bounce messages can use a range of measures
to judge whether a return address has been forged.

Which range of measures is this referring to?! 

What I want to stress is that this discussion is about working around a
problem some mail providers pose. Where is this going to end? I have a
nationwide mail provider here in austria that throttles inbound mail
after some number of messages. Could we work around this as well,
please?

BTW, the proposed workaround of bouncing without content is not
suggested in the above link.

Bye, Marcus

 There is actually a blacklist for this and quite a few companies use it, as
 well as greylisting software will check for it. We for sure want to make
 sure that we are able to turn off backscatter and have it off by default.
 Honestly users should beable to turn this on and off based on the direction
 of the mail. internally it is useful to have it spit back the message,
 headers, and the raw error that the MTA returned. Externally we should just
 spit back at most headers but honestly what is internal and external needs
 to be set by the user since there is no good way to determine this on its
 own and the MTA honestly should handle this all as part of doing the bounce.
 It makes no sense to make a filter or have a second function handle it since
 we already have a function to handle bounces.
 
 
 On 03/03/14 09:16, Jason A. Donenfeld wrote:
 Hi folks,
 
 Spammers have an easy trick against OpenSMTPD: they send a message
 that bounces for some reason (say, it's forwarded to another MTA that
 rejects it on on the basis of it being spam), and the bounce message
 then contains the original spam message. Egress spam filters on
 various hosting networks -- such as OVH -- then will spot that bounce
 message as spam, and block the IP on the basis of it being the
 spammer.
 
 The solution is obvious, and other MTAs have incorporated this: for
 networks with egress filters like this, opensmtpd should have a
 configuration option to only send headers, not bodies, in bounce
 messages. This has the additional benefit too of lowering bandwidth
 usage.
 
 For the same reason that mask-source was added as a config flag, not
 sending bodies in bounce messages should also be added as a config
 flag: opensmtpd generates this data in a very unstructured way (random
 text in a message body that's then queued like other messages), and
 then ships it off. It would be wasteful implement this as a filter
 using the filter api, which would parse an unstructured format, and
 remove bits of data based on a buggy heuristic, when opensmtpd is the
 one adding it in the first place. The obvious solution is to simply
 add a flag so that this information doesn't get added in the first
 place.
 
 Thus, I propose a configuration flag for not adding bodies to bounce 
 messages.
 
 Thanks
 Jason
 
 
 
 -- 
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 
 !DSPAM:5314c03b8723225549481!
 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Why can't I have virtual and relay via together?

2013-12-18 Thread Marcus MERIGHI 
Hello John

I cannot answer your question but have a workaround:

table theaddr file:/etc/mail/theaddr # flat list, one addr per line
accept from any for domain foobar.at recipient theaddr relay via
  tls://aaa.bbb.at

Bye, Marcus

Am 12/16/13 21:53, schrieb John Cox:
 Hi
 
 I have a m/c that receives mail on the border of my domain.  It
 doesn't want to deliver any mail itself it just wants to deliver to
 the mailstore.  However it does want to do any required forwarding
 and/or rejection to prevent needless internal message traffic (and to
 prevent confusion if the message was spoofed).  So I thought that this
 should work:
 
 table localdomains {example.net}
 table virtuser file:/etc/mail/virtuser
 
 [pki stuff]
 
 listen on all secure pki smarthost.example.net
 
 accept from source mailstore.example.net\
  for !domain localdomains\
  relay pki smarthost.uphall.net
 
 accept from !source mailstore.example.net\
  for domain localdomains virtual virtuser\
  relay via tls://mailstore.example.net pki smarthost.example.net
 
 But I get
 
 # smtpd -n
 /etc/mail/smtpd.conf:22: aliases/virtual may not be used with a relay
 rule
 
 I understand what the error is saying but why is this enforced?
 
 Thanks
 
 JC


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org