Re: Multiple dkim key with filter-dkimsign

2022-10-18 Thread Martijn van Duren
On Wed, 2022-10-19 at 00:23 +0400, Archange wrote: > Le 19/10/2022 à 00:07, Martijn van Duren a écrit : > > On Wed, 2022-10-19 at 00:02 +0400, Archange wrote: > > > Hi there, > > > > > > Due to an issue with the rspamd filter running against rspamd 3.3 >

Re: Multiple dkim key with filter-dkimsign

2022-10-18 Thread Martijn van Duren
On Wed, 2022-10-19 at 00:02 +0400, Archange wrote: > Hi there, > > Due to an issue with the rspamd filter running against rspamd 3.3 > (https://github.com/poolpOrg/filter-rspamd/issues/41), I’m looking at > migrating my main server to dkimsign. I’m already using it on several > servers, but

Re: New report function for libopensmtpd

2022-10-18 Thread Martijn van Duren
There's no particular reason why I didn't implement it. It should be relatively straight forward, if you have a patch which is up to par I'm willing to add it to my repo. martijn@ On Tue, 2022-10-18 at 10:34 +0200, Martin Kjær Jørgensen wrote: > Hello, > > I came across your libopensmtpd while

Re: New report function for libopensmtpd

2022-10-18 Thread Martijn van Duren
There's no particular reason why I didn't implement it. It should be relatively straight forward, if you have a patch which is up to par I'm willing to add it to my repo. martijn@ On Tue, 2022-10-18 at 10:34 +0200, Martin Kjær Jørgensen wrote: > Hello, > > I came across your libopensmtpd while

Re: Capturing the log output of opensmtpd

2022-10-15 Thread Martijn van Duren
On Sat, 2022-10-15 at 13:21 +0100, Simon Harrison wrote: > Hello. I'm using Python subprocess to send mails on a linux server. For > outlook.com addresses I get the following error in /var/log/mail.log: > > Oct 14 11:41:22 myhost smtpd[1846073]: f01b467faa967988 mta delivery >

Re: what does "from=<>" mean?

2022-07-06 Thread Martijn van Duren
On Wed, 2022-07-06 at 08:39 +0200, Harald Dunkel wrote: > Hi folks > > I see quite a number of EMails mentioned in /var/log/maillog with a > string "from=<>", e.g. > > Jul 6 08:08:24 mailgate smtpd[84448]: 90d0e01d76abce9c mta delivery > evpid=e62074ed220d58f9 from=<> to= rcpt=<-> >

Re: dkimsign uses unexpected domain in signature on message from Ubuntu/Postfix relay client

2022-02-22 Thread Martijn van Duren
On Fri, 2022-01-28 at 00:09 +0100, Martijn van Duren wrote: > On Mon, 2022-01-24 at 16:20 +0100, Tim van der Molen wrote: > > Hi, > > > > Martijn van Duren (2022-01-23 20:13 +0100): > > > > From: r...@relayclient.example.com (Cron Daemon) > > >

Re: opensmtpd-filter-dnsbl

2022-02-22 Thread Martijn van Duren
On Sun, 2022-02-20 at 14:33 +, Pete Long wrote: > Hi all, > > I hope this is ok but I just wanted to say thanks to the developer of > 'opensmtpd-filter-dnsbl' whom I believe is Martijn van Duren. This filter is > superb and just what I was looking for in order to use the

Re: dkimsign uses unexpected domain in signature on message from Ubuntu/Postfix relay client

2022-01-27 Thread Martijn van Duren
On Mon, 2022-01-24 at 16:20 +0100, Tim van der Molen wrote: > Hi, > > Martijn van Duren (2022-01-23 20:13 +0100): > > > From: r...@relayclient.example.com (Cron Daemon) > > > > According to RFC5322 section 3.4[0] this is not a valid e-mail format. > > Just

Re: dkimsign uses unexpected domain in signature on message from Ubuntu/Postfix relay client

2022-01-23 Thread Martijn van Duren
On Sun, 2022-01-23 at 09:29 -0800, Paul Pace wrote: > On 2021-11-24 04:01, Martijn van Duren wrote: > > On Tue, 2021-11-23 at 08:47 -0800, Paul Pace wrote: > > > Hello! > > > > > > I have an Ubuntu 18.04 server running Postfix 3.3 that relays through >

Re: dkimsign uses unexpected domain in signature on message from Ubuntu/Postfix relay client

2021-11-24 Thread Martijn van Duren
On Tue, 2021-11-23 at 08:47 -0800, Paul Pace wrote: > Hello! > > I have an Ubuntu 18.04 server running Postfix 3.3 that relays through a > local OpenSMTPD mail relay on OpenBSD 7.0. Messages sent from system > messages and directly from mail command are signed by dkimsign as > expected. > >

Re: dkimsign doesn't sign message sent from mail command

2021-10-21 Thread Martijn van Duren
On Wed, 2021-10-20 at 20:19 -0700, p...@mostlybsd.com wrote: > Hello! > > I am killing myself on configuring this simple tool. Messages sent from > mail command ($ mail u...@example.com) aren't being signed but otherwise > arrive at the external receiving server with everything else looking >

Re: max-message-size

2021-07-12 Thread Martijn van Duren
This area of the code is not my strong suit, so my answer might be a bit rough around the edges. First of, a max-message-size-send doesn't make sense, since from the perspective of smtpd an mbox delivery and relay are basically the same, it's just some different backend code. So having a

Re: Tutorial for filter-dkimsign on Debian

2021-06-23 Thread Martijn van Duren
On Wed, 2021-06-23 at 15:52 +0100, Simon Harrison wrote: > Not sure if I'm supposed to do this, but as I like to document things > that I've found hard, I've put up a tutorial for getting dkim working > with opensmtpd. The link is below in case it might help someone now or > in the future: > >

Re: filter-dkimsign -- listen on socket required?

2021-06-23 Thread Martijn van Duren
On Wed, 2021-06-23 at 14:13 +0100, Simon Harrison wrote: > Afternoon all. > > After *much* hunting around for examples, I've finally gotten > filter-dkimsign working correctly (on Debian 10). > > from my /etc/smtpd.conf: > > filter dkimsign proc-exec "filter-dkimsign -d mydomain.com -s

Re: New release libopensmtpd and filter-dkimsign

2021-06-10 Thread Martijn van Duren
On Thu, 2021-06-10 at 15:23 +0100, Simon Harrison wrote: > On Thu, 10 Jun 2021 13:13:30 +0200 > Martijn van Duren wrote: > > > EHLO, > > > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > > OpenBSD ports tree. These contains the followi

Re: New release libopensmtpd and filter-dkimsign

2021-06-10 Thread Martijn van Duren
On Thu, 2021-06-10 at 12:35 +0100, Simon Harrison wrote: > On Thu, 10 Jun 2021 13:13:30 +0200 > Martijn van Duren wrote: > > > EHLO, > > > > I just pushed a new release of libopensmtpd and filter-dkimsign to the > > OpenBSD ports tree. These contains the followi

New release libopensmtpd and filter-dkimsign

2021-06-10 Thread Martijn van Duren
EHLO, I just pushed a new release of libopensmtpd and filter-dkimsign to the OpenBSD ports tree. These contains the following changes: libopensmtpd (0.7): - Registering OSMTPD_PHASE_LINK_CONNECT should be OSMTPD_TYPE_REPORT - Fix manpage: 0 is for outgoing connections, not 2. From Edgar

Re: smtpctl spf walk -6 ?

2021-05-12 Thread Martijn van Duren
On Wed, 2021-05-12 at 15:45 +0200, Harald Dunkel wrote: > On 5/12/21 2:56 PM, Martijn van Duren wrote: > > Apparently it's a problem in glibc's inet_net_pton. It does not support > > AF_INET6. to.c has the same problem and works around this problem by > > handcrafting brok

Re: smtpctl spf walk -6 ?

2021-05-12 Thread Martijn van Duren
On Wed, 2021-05-12 at 13:33 +0200, Harald Dunkel wrote: > On 5/12/21 8:56 AM, nathanael wrote: > > > > this is what i get on my machine: > > > > ~ echo spf.protection.outlook.com | smtpctl spf walk > > 40.92.0.0/15 > > 40.107.0.0/16 > > 52.100.0.0/14 > >

filter-dkimsign: ed25519 support

2021-05-11 Thread Martijn van Duren
Hello misc@, I'm currently working on adding ed25519 support to filter-dkimsign, but I'm getting some mixed results with the different validators. gmail: permfail => claims the key is missing outlook: fail (signature syntax error) protonmail: 2 headers 1st: permerror (0-bit key) 2nd:

Re: dkim signing integrated in opensmtpd?

2021-05-10 Thread Martijn van Duren
On Mon, 2021-05-10 at 16:35 +0200, Harald Dunkel wrote: > On 5/10/21 3:14 PM, Martijn van Duren wrote: > > There's filter-dkimsign in packages, which is also mentioned in > > smtpd.conf. I don't think there's a more lightweight solution > > possible. > > > >

Re: dkim signing integrated in opensmtpd?

2021-05-10 Thread Martijn van Duren
On Mon, 2021-05-10 at 14:55 +0200, Harald Dunkel wrote: > Hi folks, > > Would it be possible to *integrate* dkim signatures in opensmtpd? > I saw rspamd, but this is not an option. I am looking for a > lightweight solution for signing EMail headers. > > > Regards > Harri > There's

Re: smtpd failure

2021-05-05 Thread Martijn van Duren
The culrpit can be found... On Wed, 2021-05-05 at 23:19 -0500, Hakan E. Duran wrote: > Dear all, > > After upgrading to OpenBSD 6.9 my smtpd server fails to run normally and > exits with failure. I pasted the output of `#smtpd -dv` below. As you > can see I redacted the server name, IP

Re: Monitoring SMTPD

2021-04-28 Thread Martijn van Duren
On Thu, 2021-04-29 at 07:30 +0200, Martijn van Duren wrote: > On Thu, 2021-04-29 at 11:22 +1000, Antonino Sidoti wrote: > > Hello, > > > > I was wondering what options are available to monitor OpenBSD SMTPD? Can > > SNMP be utilise? My monitoring system is PRTG a

Re: Monitoring SMTPD

2021-04-28 Thread Martijn van Duren
martijn@ Index: agentx_control.c === RCS file: agentx_control.c diff -N agentx_control.c --- /dev/null 1 Jan 1970 00:00:00 - +++ agentx_control.c29 Apr 2021 05:22:14 - @@ -0,0 +1,279 @@ +/* $OpenBSD$ */ + +/* + * Cop

Re: What DKIM RSA key length to use

2021-04-11 Thread Martijn van Duren
On Sun, 2021-04-11 at 04:13 +0200, Thomas Bohl wrote: > Hello, > > > In the filter-dkimsign readme I suggest to use 2048 and I stand by it. > > Thanks for mentioning and coding filter-dkimsign! Somehow I was unaware > of it. I used rspamd just for DKIM. Which is overkill. The daemon racks > up

Re: RCPT syntax error from bank

2021-04-05 Thread Martijn van Duren
On Sun, 2021-04-04 at 07:03 -0600, Anthony J. Bentley wrote: > Hi, > > I had an interesting occurrence today... I was performing an action > that required a confirmation code from my bank, which they sent by > email. Unfortunately the mail never arrived, because: > > Apr  4 03:25:16 axx

Re: What DKIM RSA key length to use

2021-03-28 Thread Martijn van Duren
In the filter-dkimsign readme I suggest to use 2048 and I stand by it. >From RFC1035: is a single length octet followed by that number of characters. is treated as binary information, and can be up to 256 characters in length (including the length octet). Followed by: TXT-DATAOne or

Re: smtpctl spf walk chokes on macros - is it possible to work around this?

2021-03-19 Thread Martijn van Duren
On Fri, 2021-03-19 at 11:46 +0100, Peter N. M. Hansteen wrote: > Watching indly while I run the script that refreshes my nospamd data[1] I see > several occurences of messages like > > > processing verticalresponse.com > smtpctl: lookup_record: %{i}._spf.mta.salesforce.com contains macros and >

Re: what happened to smtpd-filters.7 ?

2021-03-19 Thread Martijn van Duren
filters are implemented in lka_filter.c. According to cvs log filter.c is removed in 2017 and was probably part of the first filter attempt. smtpd-filters.7 has never been hooked up to the build. Probably because it needs a little more scrutiny. But most in there can be used. martijn@ On Fri,

Re: how to watch opensmtpd filters at work?

2021-01-07 Thread Martijn van Duren
Could you show your config, steps to reproduce and expected behaviour? Because I'm not entirely sure what you try to achieve. On Thu, 2021-01-07 at 13:24 +0100, Harald Dunkel wrote: > On 1/7/21 1:03 PM, Martijn van Duren wrote: > > Your question isn't really specific, but my b

Re: how to watch opensmtpd filters at work?

2021-01-07 Thread Martijn van Duren
Your question isn't really specific, but my best guess is that -Tfilters will do the trick. martijn@ On Thu, 2021-01-07 at 12:45 +0100, Harald Dunkel wrote: > Hi folks, > > for debugging I would like to know which "match" line does > actually match the incoming EMails. Is there some option for

filter-dkims support for multiple domains

2020-08-30 Thread Martijn van Duren
Hello, I've always said that I would not add support for multiple domains in filter-dkimsign until someone could point me to a good reason to do so. Recently this was done by Maarten de Vries who pointed out to me that there is such a requirement in DMARC (RFC7489 section 3.1) stating that the

Re: Usage example for filter-dnsbl

2020-08-17 Thread Martijn van Duren
I run filter-dnsbl as follow: ... filter dnsbl proc-exec "filter-dnsbl -mv zen.spamhaus.org dnsbl.dronebl.org bl.spamcop.net" ... listen on egress tls pki keys filter dnsbl ... To be clear: filters in proc-exec chooes their own "phase, so there's no need for you to worry about that. The only

Re: Fwd: 553 ORCPT address syntax error on OpenBSD 6.7

2020-07-29 Thread Martijn van Duren
On Wed, 2020-07-29 at 02:57 -0400, Larkin Nickle wrote: > On 2020-07-29 02:54, Martijn van Duren wrote: > > I was talking about the mails we exchanged in private. > > > > On Wed, 2020-07-29 at 02:51 -0400, Larkin Nickle wrote: > > > I did obtain consent before s

Re: Fwd: 553 ORCPT address syntax error on OpenBSD 6.7

2020-07-29 Thread Martijn van Duren
I was talking about the mails we exchanged in private. On Wed, 2020-07-29 at 02:51 -0400, Larkin Nickle wrote: > I did obtain consent before sending here but didn't mention it.

Re: Fwd: 553 ORCPT address syntax error on OpenBSD 6.7

2020-07-29 Thread Martijn van Duren
On Tue, 2020-07-28 at 22:05 -0400, Larkin Nickle wrote: > On 2020-07-28 06:02, Martijn van Duren wrote: > > On Tue, 2020-07-28 at 05:37 -0400, Larkin Nickle wrote: > > > > Doing a little more searching on "ORCPT :1:1" shows me the following > > > > lin

Re: dmarc

2020-07-25 Thread Martijn van Duren
I'm not 100% sure what you mean, but let me give it a best effort. On Sat, 2020-07-25 at 11:00 +0200, Peter J. Philipp wrote: > Hi, > > This is sorta a feature request. A lot of people use dmarc to check for > incoming mails. Is there a way to turn off dmarc checking in the smtpd? > This would

Re: Filter trustee src bypass - syntax error

2020-04-28 Thread Martijn van Duren
ur answer. I've corrected my table definition to: > > table trustedip file:/etc/mail/trustedip > > I'm still getting syntax error on the line with: > filter trusted phase mail-from match src bypass > > > > KJ (Klaas Jan) Schuurs > > > > Martijn van Duren

Re: Filter trustee src bypass - syntax error

2020-04-28 Thread Martijn van Duren
On 4/28/20 10:29 AM, KJ (Klaas Jan) Schuurs wrote: > Dear all, > > Hi! This is the first time I'm posting to this mailinglist. English is > not my native language, so if I'm not making sense, then accept my > apologies. > > First of all I would like to tell @Gilles and others that I love >

Re: Custom filter

2020-04-16 Thread Martijn van Duren
On 4/16/20 3:58 PM, Jacky wrote: > Hi, > > I am using Opensmtp 6.6.4p1. I am going to use Opensmtp as outgoing SMTP > server, and use POP before SMTP method for authentication. > > Is it possible for us to write and use custom filter ? If yes, is there any > information / resources available

Re: Unable to setup my OpenSMTPd (version 6.6.4p1)

2020-04-15 Thread Martijn van Duren
On 4/15/20 11:21 AM, Pete wrote: > Hey, > >> match from any for rcpt-to action action_relay > shouldn't that be: > match from any for domain mydoain.com rcpt-to action > action_relay > > Turns out you're right. I got my versions mixed up. For completeness: The for rcpt-to was added by

Re: Unable to setup my OpenSMTPd (version 6.6.4p1)

2020-04-15 Thread Martijn van Duren
On 4/15/20 5:50 AM, Jacky wrote: > Hi, > >   > > I was unable to setup my Opensmtpd (version 6.6.4p1). At the end of this > message, there are content of the recipient table and smtpd.conf. When > opensmtpd start, I get the following error message :- > >   > >

Re: opensmtpd 6.6.4p1 crashes on netbsd 9.0

2020-03-09 Thread Martijn van Duren
On 3/9/20 8:15 AM, Andi Vajda wrote: > >> On Mar 8, 2020, at 23:58, Martijn van Duren >> wrote: >> >> I guess not a lot of opensmtpd developers have a NetBSD machine at hand >> (I certainly don't). Could you supply us with a backtrace, which most >> like

Re: opensmtpd 6.6.4p1 crashes on netbsd 9.0

2020-03-09 Thread Martijn van Duren
I guess not a lot of opensmtpd developers have a NetBSD machine at hand (I certainly don't). Could you supply us with a backtrace, which most likely will be needed from the pony process. martijn@ On 3/7/20 1:38 AM, Andi Vajda wrote: > > Hi, > > I've been running opensmtpd 6.6.4p1 on netbsd

Re: filter question

2020-03-09 Thread Martijn van Duren
On 3/6/20 5:00 PM, epektasis wrote: > Greetings. I have my own blacklist file of email addresses > (some in the format microcen...@microcenter.com and some in > the format *@squaredeals.com), one per line. I would like to > filter each incoming email so that a mail-from address > that matches

Re: Non stop /bsd: smtpctl[51626]: pledge "fattr", syscall 124

2020-01-07 Thread Martijn van Duren
Quite some time I made a change that made smtpctl use tmpfile(3). Are you kernel, libc and smtpctl all up to date? (e.g. did you compile smtpctl from source without updating libc) martijn@ On 1/7/20 5:04 PM, Johannes Krottmayer wrote: > On 07.01.20 at 07:22, Mik J wrote: >> Hello, >> >> I keep

Re: Postgres backend missing?

2019-12-08 Thread Martijn van Duren
$ pkg_info -Q opensmtpd-extras ... opensmtpd-extras-pgsql-6.4.0p0v0 ... On 12/8/19 7:04 PM, Norman Golisz wrote: > Hi, > > I'm currently migrating an old instance of OpenSMTPD (6.3) on OpenBSD to > current. > > This setup uses Postgres as backend for the user database. Now, it seems > the

Re: opensmtpd setresgid ubuntu crash

2019-11-15 Thread Martijn van Duren
That seems to do the trick. Thanks. Sorry for the noise. On 11/15/19 11:40 AM, Gilles Chehade wrote: > Try using the 6.6.1p1 tag, I'm currently reworking the dev branch to > completely revamp compat layer, things will be shaky for the next few days > > On Nov 15, 2019 11:22, Marti

opensmtpd setresgid ubuntu crash

2019-11-15 Thread Martijn van Duren
EHLO, I'm currently trying to port filter-dnsbl to ubuntu, but I'm stuck at not being able to startup smtpd. Is there anyone who has seen this before and who has a (possible) solution? This all is freshly installed. OS: Ubuntu 18.04.3 LTS OpenSMTPD: git portable (latest) Installed packages: -

Re: filter-rspamd DKIM checks failing intermittently.

2019-10-13 Thread Martijn van Duren
obably the filter-rspamd reconstruction of the message that is > incorrect. I'm not familiar enough with filter-rspamd to know if that's the case. > > On Sun, Oct 13, 2019, 15:00 Martijn van Duren <mailto:opensm...@list.imperialat.at>> wrote: > > On 10/13/19 1:59 PM, R

Re: filter-rspamd DKIM checks failing intermittently.

2019-10-13 Thread Martijn van Duren
On 10/13/19 1:59 PM, Reio Remma wrote: > Hello! > > I finally moved to Rspamd (2.0) on my production server and I'm seeing > lots of failed DKIM checks, specifically dkim=fail (body hash did not > verify). > > > Authentication-Results: host.domain.com; >     dkim=fail (body hash did not

Re: How can I integrate opensmtpd with opendkim?

2019-10-10 Thread Martijn van Duren
Hello Ihor, On 10/10/19 5:39 PM, Ihor Antonov wrote: > Hello everyone, > > I am seriously thinking about replacing Postfix with OpenSMTPD on my > Linux box (I am very attracted by configuration simplicity and > security-mindedness of the project) > Good. > > So I found this issue on github

Re: Service names in listen on directives

2019-08-24 Thread Martijn van Duren
On 8/24/19 9:32 PM, Darren S. wrote: > OpenBSD 6.5 amd64 > OpenSMTPD 6.5.0 > > port [port] > Listen on the given port instead of the default port 25. > > I wanted to confirm if service names are intended to be supported for > `listen on` option in smtpd.conf. > > These result in syntax

Re: forcing SMTP authentication

2019-08-21 Thread Martijn van Duren
On 8/21/19 8:47 AM, Selmeci Tamás wrote: > On Wed, 21 Aug 2019 08:19:24 +0200 Martijn van Duren > wrote: > >> From smtpd.conf(5): >> >> auth-optional [] >> Support SMTPAUTH optionally: clients need not >>

Re: forcing SMTP authentication

2019-08-21 Thread Martijn van Duren
>From smtpd.conf(5): auth-optional [] Support SMTPAUTH optionally: clients need not authenticate, but may do so. This allows a listen on directive to both accept incoming mail from untrusted senders

Re: How to deal with spam and opensmtpd

2018-04-19 Thread Martijn van Duren
gt; > Le jeudi 19 avril 2018 à 13:31:33 UTC+2, Martijn van Duren > <opensm...@list.imperialat.at> a écrit : > > > Hello Mik, > > On 04/19/18 13:18, Mik J wrote: >> Thank you Simon for your answer. >> >> Actually, this marketing company is not doing

Re: How to deal with spam and opensmtpd

2018-04-19 Thread Martijn van Duren
Hello Mik, On 04/19/18 13:18, Mik J wrote: > Thank you Simon for your answer. > > Actually, this marketing company is not doing heavy spam so they qualify mail > adresses then have time to retry to send their email. > Their unsubscribe button is worthless. > > Another option could be to

deny sender not working completely.

2016-09-04 Thread Martijn van Duren
Hello, For my mailserver I have a blacklist so that I can black annoying senders. According to smtpd.conf(5) I should be able to block entire domains by prepending a domain with '@', but this doesn't work for me. An full email address is blocked. martijn@ Version: OpenBSD 5.9-stable $ cat

Re: Pledge() in smtpd

2015-11-11 Thread Martijn van Duren
On 11/12/15 01:37, michalzient...@gmail.com wrote: Hello guys, Recently i was reading about new OpenBSD security mechanism called pledge(). I think this is another great idea from OpenBSD. Are you going to make use of it ? Regards, Michal Zientara Pledge is already used within the OpenBSD