Re: unsubscribe

2023-08-16 Thread Liam Martin 

unsubscribe

On 8/16/2023 8:14 AM, William Mimart wrote:

unsubscribe





OpenPGP_0xCB87D5427864E937.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: New report function for libopensmtpd

2022-10-19 Thread Martin Kjær Jørgensen 
#define OSMTPD_NEED_DST 1 << 1
 #define OSMTPD_NEED_RDNS 1 << 2
@@ -156,6 +164,8 @@ void osmtpd_register_report_server(int, void (*)(struct 
osmtpd_ctx *,
 void osmtpd_register_report_response(int, void (*)(struct osmtpd_ctx *,
 const char *));
 void osmtpd_register_report_timeout(int, void (*)(struct osmtpd_ctx *));
+void osmtpd_register_report_auth(int, void (*)(struct osmtpd_ctx *,
+const char *, enum osmtpd_auth_result));
 void osmtpd_local_session(void *(*)(struct osmtpd_ctx *),
 void (*)(struct osmtpd_ctx *, void *));
 void osmtpd_local_message(void *(*)(struct osmtpd_ctx *),


On Tue, Oct 18 2022, Martijn van Duren  wrote:

> There's no particular reason why I didn't implement it.
> It should be relatively straight forward, if you have a patch
> which is up to par I'm willing to add it to my repo.
>
> martijn@
>
> On Tue, 2022-10-18 at 10:34 +0200, Martin Kjær Jørgensen wrote:
>> Hello,
>>
>> I came across your libopensmtpd while developing a relative simple
>> reporting plugin for smtpd. I see the API has alot of existing calls,
>> but I'm basically missing the following function or something like it;
>>
>> void osmtpd_register_report_auth(int, void (*)(struct osmtpd_ctx *,
>> const char * username, enum osmtpd_auth status));
>>
>> I wan't to monitor amount of failed auth attempts and block IP/port
>> temporarily based on statistics.
>>
>> Do you consider it a bad or unneeded feature, or would you accept the
>> feature if I write a patch;
>>
>> /Martin
>>

Re: New report function for libopensmtpd

2022-10-18 Thread Martin Kjær Jørgensen 


Okay I will.

Have you got a pattern the code should be written in or a
tool, like clang-format, to check/format with?

On Tue, Oct 18 2022, Martijn van Duren  wrote:

> There's no particular reason why I didn't implement it.
> It should be relatively straight forward, if you have a patch
> which is up to par I'm willing to add it to my repo.
>
> martijn@
>
> On Tue, 2022-10-18 at 10:34 +0200, Martin Kjær Jørgensen wrote:
>> Hello,
>>
>> I came across your libopensmtpd while developing a relative simple
>> reporting plugin for smtpd. I see the API has alot of existing calls,
>> but I'm basically missing the following function or something like it;
>>
>> void osmtpd_register_report_auth(int, void (*)(struct osmtpd_ctx *,
>> const char * username, enum osmtpd_auth status));
>>
>> I wan't to monitor amount of failed auth attempts and block IP/port
>> temporarily based on statistics.
>>
>> Do you consider it a bad or unneeded feature, or would you accept the
>> feature if I write a patch;
>>
>> /Martin
>>

New report function for libopensmtpd

2022-10-18 Thread Martin Kjær Jørgensen 


Hello,

I came across your libopensmtpd while developing a relative simple
reporting plugin for smtpd. I see the API has alot of existing calls,
but I'm basically missing the following function or something like it;

void osmtpd_register_report_auth(int, void (*)(struct osmtpd_ctx *,
const char * username, enum osmtpd_auth status));

I wan't to monitor amount of failed auth attempts and block IP/port
temporarily based on statistics.

Do you consider it a bad or unneeded feature, or would you accept the
feature if I write a patch;

/Martin

filter: HELO matches rDNS or not

2022-05-17 Thread Martin Ross Cawthon 
Greetings,

smtpd.conf filter question:

I want to check inbound SMTP connections
to verify that the HELO/EHLO name matches
the associated rDNS entry.

I failed and ask for guidance.
I looked at the mail archives and found
some discussion, but it did not apply.


MY FILTER
filter "HELO_FQDN" phase ehlo match !helo rdns disconnect "NNN:msg."

REPORTED ERROR
doas smtpd -n
/etc/mail/smtpd.conf:191: syntax error

IDEA ORIGINATION (smtpd.conf man page, as follows)
match
 [!] helo helo-name | 
  Specify that session's HELO/EHLO should match the string \
 or list table helo-name.

ALSO TRIED
filter "HELO_FQDN" phase ehlo match !helo {rdns} disconnect "NNN:msg."
filter "HELO_FQDN" phase ehlo match !helo fcrdns disconnect "NNN:msg."
filter "HELO_FQDN" phase ehlo match !helo {fcrdns} disconnect "NNN:msg."
with identical errors to that above.

SAMPLE OF MAIL I AM ATTEMPTING TO BLOCK
A line from the header of an unwanted message received via OpenSMTPd:
Received: from fet.org (v133-18-214-25.vir.kagoya.net [133.18.214.25])
I think 'fet.org' is the HELO name
133.18.214.25 is the IP address of the connecting SMTP process.
v133-18-214-25.vir.kagoya.net  is the 
rDNS

'fet.org' does not match 'v133-18-214-25.vir.kagoya.net'
I would like to reject/disconnect such delivery attempts.

SUMMARY
smtpd has the rDNS name associated with the calling SMTP session;
how to use that name in a filter?

Thank you for your consideration,
Marty Cawthon

Re: OpenSMTPd + Dovecot + mlmmj infinite loop while sending messages from localhost to any remote addresses

2020-03-10 Thread Martin 
Update: signing by DKIM proxy must be the latest rule to prevent looping. Below 
is updated correct rules order.

listen on lo0 port 1030 tag DKIM_OUT
action "dkim-sign" relay host smtp://127.0.0.1:1030

match tag DKIM_OUT for any action "outbound"
match from local for any action "dkim-sign"

Martin

‐‐‐ Original Message ‐‐‐
On Tuesday, March 10, 2020 6:13 PM, Martin  wrote:

> Finally fixed smtpd looping behavior.
>
> /etc/dkimproxy_out.conf points to message signing keys which have 
> insufficient permissions to read.
>
> Affected rules:
>
> listen on lo0 port 1030 tag DKIM_OUT
> action "dkim-sign" relay host smtp://127.0.0.1:1030
>
> match from local for any action "dkim-sign"
>    
> match tag DKIM_OUT for any action "outbound"
>
> Martin
>
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, March 10, 2020 1:46 PM, Reio Remma  wrote:
>
>> Try running 'smtpd -d -T rules' and see what rule you're hitting.
>>
>> Or alternatively 'smtpctl trace rules' and look at maillog and later turn it 
>> off with 'smtpctl untrace rules'.
>>
>> match auth most likely doesn't work at all if you submit to port 25 without 
>> authentication.
>>
>> Good luck,
>> Reio
>>
>> On 10/03/2020 15:35, Martin wrote:
>>
>>> table reject-subnet
>>> file:/etc/mail/reject-subnet
>>> (contains 192.168.2.0/24)
>>> table reject-domain
>>> file:/etc/mail/reject-domain
>>> (contains nothing)
>>> table reject-domain
>>> file:/etc/mail/reject-domain-helo
>>> (contains nothing)
>>>
>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>>> action "spampd-in" relay host
>>> smtp://127.0.0.1:10025
>>> action "dkim-sign" relay host
>>> smtp://127.0.0.1:1027
>>> action "outbound" relay src  helo-src 
>>>
>>> match from src  for any reject
>>> match from any mail-from  for any reject
>>> match from any helo  for any reject
>>>
>>> match from local for local action "local-aliases"
>>> match tag SPAM_IN fro local action "local-aliases"
>>> match from any for domain  action "virtual-users"
>>> match tag SPAM_IN from any for domain  action "virtual-users"
>>>
>>> match tag DKIM_OUT for any action "outbound"
>>> match auth from any for any action "outbound"
>>>
>>> ‐‐‐ Original Message ‐‐‐
>>> On Tuesday, March 10, 2020 1:22 PM, Reio Remma
>>> [](mailto:r...@mrstuudio.ee)
>>> wrote:
>>>
>>>> On 10/03/2020 15:18, Martin wrote:
>>>>
>>>>> Hello list,
>>>>> Undefined problem with mail infinite looping if I send messages from mail
>>>>> server's localhost to any domains outside.
>>>>> If I sent mail from mail server itself (from localhost) to aliased
>>>>> addresses and virtuals on the same mail's server domain, all the
>>>>> messages delivered fine even sent from localhost.
>>>>> In two sentences:
>>>>> Sending from localhost to 'remote' addresses > infinite loop
>>>>> Sending from localhost to 'local' aliases and virtual users > all
>>>>> works fine
>>>>> In both ways I'm using Mutt locally on mail server. Mutt connects to
>>>>> 127.0.0.1:25 in clear without any auth.
>>>>> $ cat /etc/smtpd.conf
>>>>> ...
>>>>> table aliases db:/etc/mail/aliases.db
>>>>> table virtuals db:/etc/mail/virtuals.db
>>>>> listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname
>>>>>  tag SMTP
>>>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>>>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
>>>>> action "outbound" relay src  helo-src 
>>>>> match auth from any for any action "outbound"
>>>>
>>>> What are your other match rules (in correct order)?
>>>>
>>>> Reio
>>
>> --
>> Tervitades
>> Reio Remma
>>
>> MR Stuudio OÜ
>> Tondi 17b, 11316, Tallinn
>> Tel +372 650 4808
>> Mob +372 56 22 00 33
>> r...@mrstuudio.ee
>> www.mrstuudio.ee

Re: OpenSMTPd + Dovecot + mlmmj infinite loop while sending messages from localhost to any remote addresses

2020-03-10 Thread Martin 
Finally fixed smtpd looping behavior.

/etc/dkimproxy_out.conf points to message signing keys which have insufficient 
permissions to read.

Affected rules:

listen on lo0 port 1030 tag DKIM_OUT
action "dkim-sign" relay host smtp://127.0.0.1:1030
   
match from local for any action "dkim-sign"
   
match tag DKIM_OUT for any action "outbound"

Martin

‐‐‐ Original Message ‐‐‐
On Tuesday, March 10, 2020 1:46 PM, Reio Remma  wrote:

> Try running 'smtpd -d -T rules' and see what rule you're hitting.
>
> Or alternatively 'smtpctl trace rules' and look at maillog and later turn it 
> off with 'smtpctl untrace rules'.
>
> match auth most likely doesn't work at all if you submit to port 25 without 
> authentication.
>
> Good luck,
> Reio
>
> On 10/03/2020 15:35, Martin wrote:
>
>> table reject-subnet
>> file:/etc/mail/reject-subnet
>> (contains 192.168.2.0/24)
>> table reject-domain
>> file:/etc/mail/reject-domain
>> (contains nothing)
>> table reject-domain
>> file:/etc/mail/reject-domain-helo
>> (contains nothing)
>>
>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>> action "spampd-in" relay host
>> smtp://127.0.0.1:10025
>> action "dkim-sign" relay host
>> smtp://127.0.0.1:1027
>> action "outbound" relay src  helo-src 
>>
>> match from src  for any reject
>> match from any mail-from  for any reject
>> match from any helo  for any reject
>>
>> match from local for local action "local-aliases"
>> match tag SPAM_IN fro local action "local-aliases"
>> match from any for domain  action "virtual-users"
>> match tag SPAM_IN from any for domain  action "virtual-users"
>>
>> match tag DKIM_OUT for any action "outbound"
>> match auth from any for any action "outbound"
>>
>> ‐‐‐ Original Message ‐‐‐
>> On Tuesday, March 10, 2020 1:22 PM, Reio Remma
>> [](mailto:r...@mrstuudio.ee)
>> wrote:
>>
>>> On 10/03/2020 15:18, Martin wrote:
>>>
>>>> Hello list,
>>>> Undefined problem with mail infinite looping if I send messages from mail
>>>> server's localhost to any domains outside.
>>>> If I sent mail from mail server itself (from localhost) to aliased
>>>> addresses and virtuals on the same mail's server domain, all the
>>>> messages delivered fine even sent from localhost.
>>>> In two sentences:
>>>> Sending from localhost to 'remote' addresses > infinite loop
>>>> Sending from localhost to 'local' aliases and virtual users > all
>>>> works fine
>>>> In both ways I'm using Mutt locally on mail server. Mutt connects to
>>>> 127.0.0.1:25 in clear without any auth.
>>>> $ cat /etc/smtpd.conf
>>>> ...
>>>> table aliases db:/etc/mail/aliases.db
>>>> table virtuals db:/etc/mail/virtuals.db
>>>> listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname
>>>>  tag SMTP
>>>> action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
>>>> action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
>>>> action "outbound" relay src  helo-src 
>>>> match auth from any for any action "outbound"
>>>
>>> What are your other match rules (in correct order)?
>>>
>>> Reio
>
> --
> Tervitades
> Reio Remma
>
> MR Stuudio OÜ
> Tondi 17b, 11316, Tallinn
> Tel +372 650 4808
> Mob +372 56 22 00 33
> r...@mrstuudio.ee
> www.mrstuudio.ee

Re: OpenSMTPd + Dovecot + mlmmj infinite loop while sending messages from localhost to any remote addresses

2020-03-10 Thread Martin 
table reject-subnet file:/etc/mail/reject-subnet (contains 192.168.2.0/24)
table reject-domain file:/etc/mail/reject-domain (contains nothing)
table reject-domain file:/etc/mail/reject-domain-helo (contains nothing)

action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to alias 
action "spampd-in" relay host smtp://127.0.0.1:10025
action "dkim-sign" relay host smtp://127.0.0.1:1027
action "outbound" relay src  helo-src 

match from src  for any reject
match from any mail-from  for any reject
match from any helo  for any reject

match from local for local action "local-aliases"
match tag SPAM_IN fro local action "local-aliases"
match from any for domain  action "virtual-users"
match tag SPAM_IN from any for domain  action "virtual-users"

match tag DKIM_OUT for any action "outbound"
match auth from any for any action "outbound"

Martin

> > On 10/03/2020 15:18, Martin wrote:
> >
> > > Hello list,
> > > Undefined problem with mail infinite looping if I send messages from mail
> > > server's localhost to any domains outside.
> > > If I sent mail from mail server itself (from localhost) to aliased
> > > addresses and virtuals on the same mail's server domain, all the
> > > messages delivered fine even sent from localhost.
> > > In two sentences:
> > > Sending from localhost to 'remote' addresses > infinite loop
> > > Sending from localhost to 'local' aliases and virtual users > all
> > > works fine
> > > In both ways I'm using Mutt locally on mail server. Mutt connects to
> > > 127.0.0.1:25 in clear without any auth.
> > > $ cat /etc/smtpd.conf
> > > ...
> > > table aliases db:/etc/mail/aliases.db
> > > table virtuals db:/etc/mail/virtuals.db
> > > listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname
> > >  tag SMTP
> > > action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
> > > action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
> > > action "outbound" relay src  helo-src 
> > > match auth from any for any action "outbound"
> >
> > What are your other match rules (in correct order)?
> > Reio

OpenSMTPd + Dovecot + mlmmj infinite loop while sending messages from localhost to any remote addresses

2020-03-10 Thread Martin 
Hello list,

Undefined problem with mail infinite looping if I send messages from mail
server's localhost to any domains outside.

If I sent mail from mail server itself (from localhost) to aliased
addresses and virtuals on the same mail's server domain, all the
messages delivered fine even sent from localhost.

In two sentences:
Sending from localhost to 'remote' addresses > infinite loop
Sending from localhost to 'local' aliases and virtual users > all works fine

In both ways I'm using Mutt locally on mail server. Mutt connects to 
127.0.0.1:25 in clear without any auth.

$ cat /etc/smtpd.conf
...
table aliases db:/etc/mail/aliases.db
table virtuals db:/etc/mail/virtuals.db

listen on lo0 tls pki smtp.domain.tld mask-src no-dsn hostname
 tag SMTP

action "local-aliases" lmtp "/var/dovecot/lmtp" rcpt-to alias 
action "virtual-users" lmtp "/var/dovecot/lmtp" rcpt-to virtual 
action "outbound" relay src  helo-src 

match auth from any for any action "outbound"

Problem with elliptic key

2016-04-14 Thread Martin 
Hi folks, at first: thanks very much for the great piece of software!

Coming from Ubuntu I'm now at Arch Linux on my home server. In the fine Arch 
wiki I found opensmtpd as alternative to postfix - with much clearer config 
strategy 


My problem:

Running opensmtpd with an RSA 2048 key for the pki certificate+key is *no* 
problem.

With an elliptic key opensmtpd won't start. I have attached the config, the 
debug output and my used EC cert+key attached (both are only self signed test 
certs).

I would kindly ask, if someone has some time to give me a hint, what's wrong 
with an EC key.

Thanks very much,
best regards,
Martin,




sudo nano /etc/smtpd/smtpd.conf
table aliases file:/etc/smtpd/aliases
table creds   "/etc/smtpd/creds"
pki kk.fritz.box certificate "/etc/smtpd/ec_smtpd.crt"
pki kk.fritz.box key "/etc/smtpd/ec_smtpd.key"
ciphers EECDH+AES128:EECDH+AES 
curve secp384r1
listen on enp0s10 inet4 port 465 smtps pki kk.fritz.box auth 
accept alias  deliver to maildir



$ sudo smtpd -dv
debug: init ssl-tree
info: loading pki information for kk.fritz.box
debug: init ca-tree
info: OpenSMTPD 5.7.3p2 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: startup [debug mode]
debug: init ssl-tree
info: loading pki keys for kk.fritz.box
filter: building simple chains...
filter: building complex chains...
filter: done building complex chains
libevent 2.0.22-stable (epoll)
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: parent_send_config: configuring ca process
debug: init private ssl-tree
debug: ca_engine_init: using RSA privsep engine
debug: smtp: listen on 192.168.0.203 port 465 flags 0x44a pki "kk.fritz.box" ca 
""
debug: queue: done loading queue into scheduler
debug: SSL library error: ssl_ctx_create: error:0607907F:digital envelope 
routines:EVP_PKEY_get1_RSA:expecting an rsa key
debug: SSL library error: ssl_ctx_create: error:140AE006:SSL 
routines:SSL_CTX_use_PrivateKey:EVP lib
fatal: ssl_ctx_create: could not fake private key
warn: ca -> pony: pipe closed
warn: control -> pony: pipe closed
warn: parent -> pony: pipe closed
warn: lka -> pony: pipe closed
warn: queue -> pony: pipe closed
warn: scheduler -> control: pipe closed




-BEGIN EC PARAMETERS-
BgUrgQQAIg==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MIGkAgEBBDB4ShhlgEMphHWpsgT4IExLYpRHlctjJDFxPhRPICljpP8IVCbUm9br
SekPl28mFKSgBwYFK4EEACKhZANiAARnWhi/DIcgVdZ5kC4So7FBFRdkq17mGKX1
SSQseyegiVeuxSByzyQ4mPi34026iqssqr7tvVVW0eMN2YK2mImUAqJuUN3Mlu3O
ZtEHKi3Yh09zNpQndpsGSMwRnRKHkO0=
-END EC PRIVATE KEY-
-BEGIN CERTIFICATE-
MIICvzCCAkagAwIBAgIJAIADOUhl/X5VMAoGCCqGSM49BAMEMIGdMQswCQYDVQQG
EwJERTEVMBMGA1UECAwMa2suZnJpdHouYm94MRUwEwYDVQQHDAxray5mcml0ei5i
b3gxFTATBgNVBAoMDGtrLmZyaXR6LmJveDEVMBMGA1UECwwMa2suZnJpdHouYm94
MRUwEwYDVQQDDAxray5mcml0ei5ib3gxGzAZBgkqhkiG9w0BCQEWDGtrLmZyaXR6
LmJveDAeFw0xNjA0MTMxNzQyNTVaFw0yMTEwMDQxNzQyNTVaMIGdMQswCQYDVQQG
EwJERTEVMBMGA1UECAwMa2suZnJpdHouYm94MRUwEwYDVQQHDAxray5mcml0ei5i
b3gxFTATBgNVBAoMDGtrLmZyaXR6LmJveDEVMBMGA1UECwwMa2suZnJpdHouYm94
MRUwEwYDVQQDDAxray5mcml0ei5ib3gxGzAZBgkqhkiG9w0BCQEWDGtrLmZyaXR6
LmJveDB2MBAGByqGSM49AgEGBSuBBAAiA2IABGdaGL8MhyBV1nmQLhKjsUEVF2Sr
XuYYpfVJJCx7J6CJV67FIHLPJDiY+LfjTbqKqyyqvu29VVbR4w3ZgraYiZQCom5Q
3cyW7c5m0QcqLdiHT3M2lCd2mwZIzBGdEoeQ7aNQME4wHQYDVR0OBBYEFG+ghBw7
XUoc9yKloxH2+AEFQ4BwMB8GA1UdIwQYMBaAFG+ghBw7XUoc9yKloxH2+AEFQ4Bw
MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwQDZwAwZAIwVVgUIubVdGjEFKJ6I7JW
yWY5jJ3Kgsj7cwjxovQLpmhW7P02TuE261NwoMawk1+PAjBd5So5aO0VgKmEXmBr
AQsHinY8i4LAdTXnvgwSDyRr/6zJV6MkJMylcnHWp0oUX08=
-END CERTIFICATE-


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Continuing Syntax Errors Parsing Config File

2015-12-14 Thread Martin de Wendt 

Hi.

Same issue at my side when using this syntax in smtpd.conf. Just change 
it to


table email file:/etc/mail/email


then it is working



Martin

Am 15.12.2015 um 03:38 schrieb Scott Vanderbilt:

table senders file:/etc/mail/senders





smime.p7s
Description: S/MIME Cryptographic Signature

opensmptd-extra filters

2015-12-09 Thread Martin de Wendt 

Hello.

Ist there any good beginner howto the filter in the add-on package 
should work?

Thx.


Martin



smime.p7s
Description: S/MIME Cryptographic Signature

TLS verify

2015-11-27 Thread Martin de Wendt 

Hello.

I started to use opensmtpd some weeks ago. The configuration is quiet 
easy which i like very much.
I have enabled TLS on all connections. Sadly i can not enable verify for 
all incoming emails as i have certificate problems with some servers 
(paypal, ebay, facebook, amazon).
How to enable tracing of those verify problems (to see the exact problem 
of verify = NO)?


Is it possible with some magic configuration to differ verify for some 
servers and pin the IP of those?


example:
incoming from google tls verify and only from IP X
incoming from ebay tls with certificate X only (as e.g. self signed)
incoming from amazon tls only from IP X
incoming emails from any tls required


Thx for ideas.

Martin



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Is my server hijacked?

2014-06-05 Thread Martin Kropfinger 


Am 05.06.2014 20:41, schrieb Gilles Chehade:

Actually:

  As you can see the spam-sender sends a mail to info@MYDOMAIN.
   But info is no valid recepient on my server.

That's not right.

You have the following rule:

   accept tagged erstes_eintreffen from any for domain domains relay via
 smtp://127.0.0.1:10024 hostname localhost source 127.0.0.1

which accepts mails for domains listed in domains and accepts to relay them.

Since this rule eventually reenters the ruleset and matches:

   accept tagged nach_spamerkennung from any for domain domains virtual
 vusers deliver to lmtp /var/run/dovecot/lmtp

The mail gets rejected at this point, but your own mail system had already
accepted to take care of it so it must now notify someone ... and since the
spammer forged the sender address you notify an inexistant address.


[...]

The fix is to prevent the first rule from accepting to relay mail for users
that do not exist:

   accept tagged erstes_eintreffen from any for domain domains
 recipient a_list_of_valid_email_addresses  # - here
  relay via smtp://127.0.0.1:10024 [...]



Ah OK... Thanks... So after doing the loop there is no valid 
recepient... but the problem is that when entering the loop it accepts 
any destination on the domain.

Thanks a lot I'll fix it :)

But the most important thing to me is: The server is still secure and 
NOT hijacked :)


Cu!

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Should we use DKIM and SPF?

2014-04-30 Thread Martin Braun 
IMHO spam should be dealt with only on the client, not on the server.
It is not the task of the server to determine what is spam and what is
not. I know everyone does it, I used to do it too, but it is wrong.

2014-04-26 16:26 GMT+02:00 Stéphane Guedon steph...@22decembre.eu:
 Le samedi 26 avril 2014 07:20:19, vous avez écrit :
 Hi John,

 At 06:04 26-04-2014, John Cox wrote:
 Unfortunately the whole point of SPF (unlike Sender-ID which works
 much better and on much the same principles) is that you can reject
 the message before receiving it so you wouldn't have the DKIM stuff
 (which I think requires you to have the entire message?).

 SPF allows processing using envelope information.  DKIM processing
 can only occur after the entire message has been received.

 Regards,
 -sm

 I am myself in need for a good antispam solution with opensmtpd.

 if dkim (which I don't use yet) and spf are not really working, what's
 the good way (I am already using spamd, not enough !)

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Should we use DKIM and SPF?

2014-04-30 Thread Martin Braun 
I agree, it's not simple, but none the less it is true.

However I wouldn't waste time on reading or answering mail on my
phone. If you receive really important email, and you need to answer
such on the phone, you need to use a unique email just for such
clients - making sure no spam reaches you at all.

For all other clients Bogofilter works really well and fast on most
and you generally don't need to worry about keeping filters in sync.
Once bogofilter has learned about a few spam mails it runs like a
dream on any client. Compared to say Spamassassin/spamd Bogofilter is
at least ten times as fast, much better at recognizing spam, and it
can be run on old or weak hardware without problems.

2014-05-01 5:37 GMT+02:00 Hugo Osvaldo Barrera h...@barrera.io:
 On 2014-05-01 03:59, Martin Braun wrote:
 IMHO spam should be dealt with only on the client, not on the server.
 It is not the task of the server to determine what is spam and what is
 not. I know everyone does it, I used to do it too, but it is wrong.


 What if I have multiple clients? Eg: desktop, laptop, work laptop,
 mobile phone.

 I'd need to run daemonsn on all of those machines, and need to find
 mechanisms to keep the spam rules sycned.
 I also don't know of any anti-spam filters for my mobile phone.

 In theory, what you suggest is a great idea. But it's not as simple as
 it sounds.

 2014-04-26 16:26 GMT+02:00 Stéphane Guedon steph...@22decembre.eu:
  Le samedi 26 avril 2014 07:20:19, vous avez écrit :
  Hi John,
 
  At 06:04 26-04-2014, John Cox wrote:
  Unfortunately the whole point of SPF (unlike Sender-ID which works
  much better and on much the same principles) is that you can reject
  the message before receiving it so you wouldn't have the DKIM stuff
  (which I think requires you to have the entire message?).
 
  SPF allows processing using envelope information.  DKIM processing
  can only occur after the entire message has been received.
 
  Regards,
  -sm
 
  I am myself in need for a good antispam solution with opensmtpd.
 
  if dkim (which I don't use yet) and spf are not really working, what's
  the good way (I am already using spamd, not enough !)

 --
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org


 --
 Hugo Osvaldo Barrera
 A: No, it doesn't make sense.
 Q: Should I include quotations *after* my reply?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Should we use DKIM and SPF?

2014-04-30 Thread Martin Braun 
 you can very easily tell what should or should not be flagged for review
 with the most granular rules, anything with virus attachments should NEVER
 get to the user, period, ever. Id rather have 100 false positives for
 viruses than my network get turned into a zombie because I threw my users to
 the wolves.

Wrong thinking. It is not your task to determine whats a valid email
and whats not for users - period!

You rather having 100 false positives doesn't make it right -  on the contrary.

Only the user can decide what is right and what is wrong email for him
or her - period.

Protecting the network from getting turned into a zombie, as you call
it, has nothing to do with the above. And if you think, even in the
least, that your network is protected because you screen email for
viruses you're facing much more serious trouble and users should not
use your network at all.

 Also as best practices state, you never discard messages because you flagged
 them as spam unless you have a valid high confidence threat on them such as
 a well known virus, you flag them and let the user determine what to do with
 said flagged mail, but virus spam should always be dealt with much sooner
 than on the users machine. If a payload has reached the user you are already
 too late to deal with it. \

Yeah.. that's the modern practice now a days alright, but that doesn't
make it right.


 On Wed, Apr 30, 2014 at 8:58 PM, Martin Braun yellowgoldm...@gmail.com
 wrote:

  In theroy that idea isnt even that great, and in practice a hygene
  server is
  a better place to do the most course obvious spam. There is stuff that
  is
  very obviously not wanted such as items coming from rouge servers that
  we
  can prove thanks to SPF or Sender-ID being setup correctly.

 Validating that SPF or Sender-ID has been setup correctly - great when
 it works, not so much about fighting SPAM more about fighting bad
 admins. SPAM gets through still though. In many cases of SPAM it's the
 user account that has been cracked and the spammers are using full
 valid SPF and Sender-IDs, heck it's even signed with DKIM too.

  There is no
  reason that a server that can verify that another server has no right to
  send should pass on a potentially risky email to the user, it is
  actually
  very irresponsible to do so especially since you are going to treat a
  user
  that may have no clue about email headers as an idiot because they
  clicked
  on a message that if you had a script take two milliseconds to look at
  could
  have told you it was spam.
  Not everyone is a computer scientist, and stuff that is obvious should
  be
  dealt with long before your users have to deal with it manually.

 You're missing my point. You cannot determine what stuff should be
 dealt with on account of your users. Period. One single false
 positive is enough.

 
  On Wed, Apr 30, 2014 at 6:59 PM, Martin Braun yellowgoldm...@gmail.com
  wrote:
 
  IMHO spam should be dealt with only on the client, not on the server.
  It is not the task of the server to determine what is spam and what is
  not. I know everyone does it, I used to do it too, but it is wrong.
 
  2014-04-26 16:26 GMT+02:00 Stéphane Guedon steph...@22decembre.eu:
   Le samedi 26 avril 2014 07:20:19, vous avez écrit :
   Hi John,
  
   At 06:04 26-04-2014, John Cox wrote:
   Unfortunately the whole point of SPF (unlike Sender-ID which works
   much better and on much the same principles) is that you can reject
   the message before receiving it so you wouldn't have the DKIM stuff
   (which I think requires you to have the entire message?).
  
   SPF allows processing using envelope information.  DKIM processing
   can only occur after the entire message has been received.
  
   Regards,
   -sm
  
   I am myself in need for a good antispam solution with opensmtpd.
  
   if dkim (which I don't use yet) and spf are not really working,
   what's
   the good way (I am already using spamd, not enough !)
 
  --
  You received this mail because you are subscribed to misc@opensmtpd.org
  To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
 
 
 
 
  --
  Jason Barbier | jab...@serversave.us
  Pro Patria Vigilans

 --
 You received this mail because you are subscribed to misc@opensmtpd.org
 To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org




 --
 Jason Barbier | jab...@serversave.us
 Pro Patria Vigilans

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: table-passwd invialid without the shell

2014-04-17 Thread Martin Braun 
 In the documentation http://opensmtpd.org/table.5.html it doesn't use
 the shell in the passwd file.


table(5) describes the format of file, static and db tables which is
the internal format used by every table we support.

when you are using another table backend, you should read the
table_backend(5) man page, in this case, table_passwd(5)

I have been using the man pages on the website and not on the console,
ie. http://opensmtpd.org/table.5.html, in that regard I haven't seen a
table_passwd section on the website.

Thanks.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Pleasure vs pain

2014-04-16 Thread Martin Braun 
It was such a pleasure working with and experimenting on OpenSMTPD.

Had it up and running so fast due to the absolutely fantastic and
logical PF-like configuration.

As soon as Dovecot enteren ento the equation pleasure - slowly but
surely - turned into pain and frustration (having been at it for
almost 2 days).

I am not saying Dovecot stinks, I have had it running for years with
Postfix, but that was a major pain in the ass to setup too.

We need an OpenIMAP/POP for OpenBSD :))

Beoynd my C experience unfortunatly.

Gilles and others: Maybe it is possible to expand OpenSMTPD with IMAP/POP?

Kind regards.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD can't talk with Dovecot, wrong UID

2014-04-16 Thread Martin Braun 
Actually setting all users in vuser to vmail worked! I had missed a
% sign infront of {dest}

Gonna share my setup once I get my notes validated.

It would be really cool to have LMTP working too :)

2014-04-17 1:30 GMT+02:00 Martin Braun yellowgoldm...@gmail.com:
 Okay.. so I finally figured out what's going on.

 Getting dovecot to give some usefull debugging apparently needed to
 create it's own log file rather than logging to syslog, anyway..

 OpenSMTPD is calling dovecot-lda with the wrong user!

 Dovecot expects the user to be vmail, which is setup in unix_listener
 auth-userdb, which in this case is vmail, but OpenSMTPD is calling
 dovecot-lda with the username of the recipient.

 I have tried using something like:

 deliver to mda /usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d vmail

 But this still isn't working.

 Setting all users in vuser to vmail gives this:

 Apr 17 01:26:04 lda: Debug: auth input: f...@example.com uid=5000
 gid=5000 home=/var/vmail
 Apr 17 01:26:04 lda(f...@example.com): Fatal: setgid(5000(vmail) from
 userdb lookup) failed with euid=1001(foo), gid=1001(foo),
 egid=1001(foo): Operation not permitted (This binary should probably
 be called with process group set to 5000(vmail) instead of 1001(foo))

 And it doesn't matter what -d (username) is set to.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Why use lda or lmtp at all?

2014-04-16 Thread Martin Braun 
I have now (finally) a successful setup in which opensmtpd delivers
mail to dovecot-lda and dovecot handles imap, but I tried to have
opensmtpd deliver the mail directly into the maildir, and NOT to
dovecot, and just have dovecot serve IMAP.

Keeping them separated and using OpenSMTPDs own MDA seems much nicer.
So OpenSMTPD can focus on its job and Dovecot only has to serve IMAP.

If - for some reason - Dovecot should crash, OpenSMTPD can still deliver email.

One guy on this list wrote: It's better to either deliver via LMTP to
dovecot or via dovecot's delivery binary because this will keep the
indexes intact that dovecot
needs to work efficiently.

But I have testet Dovecots index and cache and both are kept intact
and updated even when Dovecot doesn't handle the mail delivery. Each
time a user checks his maildir via IMAP Dovecot scannes the directory
and updates the index.

So, currently I cannot see any reason as to why OpenSMTPD should
deliver mail directly to Dovecot.

Am I missing something?

Kind regards.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

table-passwd invialid without the shell

2014-04-16 Thread Martin Braun 
In the documentation http://opensmtpd.org/table.5.html it doesn't use
the shell in the passwd file.

The documentation uses the following example:

In a listener context, the credentials are a mapping of username and
encrypted passwords:

user1 $2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe
user2 $2a$06$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK

But in my case, because I am using vmail and having dovecot using
the same file, the file looks like this:

user1:$2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe:
5000:5000::/var/vmail:/bin/nologin

I wanted to remove the :/bin/nologin part because Dovecot doesn't
need that, but if I do that I get the following error from OpenSMTPD:

warn: table-passwd: invalid entry
warn: table-passwd: error parsing config file
warn: table-proc: pipe closed
fatal: table-proc: exiting

If I insert the login part and restart OpenSMTPD it works again.

Maybe I am overlooking something, but I just wanted to mention this as
I don't know if it is something currently disabled in latest snapshot
of OpenSMTPD.

Kind regards

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Why use lda or lmtp at all?

2014-04-16 Thread Martin Braun 
Thank you very much for explaining this! :)

2014-04-17 6:48 GMT+02:00 Bryan Vyhmeister br...@bsdjournal.net:
 The advantage in dovecot delivering the mail directly is that the indexes are 
 updated at delivery rather than later scanned when the user checks their 
 mail. Also, sieve scripts work great with dovecot-lda which is how I filter 
 the many lists I am subscribed to.

 Another advantage, and one I use, is the ability to use other mailbox formats 
 like sdbox or mdbox (what I'm using) which allows for more efficient folder 
 structures and less moving around of messages. With mdbox the index indicates 
 what is happening with the message and the on-disk message storage remains 
 essentially unchanged. The doveadm command does allow you to convert between 
 formats as well if need be. I use it to export an mbox of spam to use for 
 training spam filters.

 In my case, I have a little over five million messages (and growing) stored 
 in mdbox format and that seems to be the fastest format for my use case. The 
 mbox format would be an absolute nightmare and Maildir isn't as good as 
 mdbox. That's just for my mailboxes. My other users also have tens of 
 thousands up to hundreds of thousands of messages and they also have no 
 issues with that setup.

 Updating a mailbox with 200,000+ messages is very quick with dovecot indexes. 
 If, each time I accessed the mailbox, the indexes were updated, I would have 
 a major spike in CPU use every time I checked my mail where now, since the 
 indexes are already up to date, there is no spike at all.

 Those are my reasons for using dovecot-lda rather than some other mail server 
 to do the deliveries. The combination of OpenSMTPD and dovecot running on 
 OpenBSD is superb. This all works perfectly on a simple server I built with a 
 Pentium G640, 8GB of memory, and dual 2.5-inch WD Black drives in a 
 softraid(4) mirror.

 Bryan

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPD talking with Dovecot

2014-04-15 Thread Martin Braun 
I finally got OpenSMTPD talking with Dovecot. I am using a users.db
file which OpenSMTPD has no problems reading and authenticating
against, but I am getting really tired of Dovecot and its HUGE
configuration mess (IMHO).

So foo sends an email to bar and when OpenSMTPD sends the mail
through to Dovecot it looks like this:

SNIP
debug: smtp: new client on listener: 0x7acc5000
smtp-in: New session 5318eda411b4f299 from host 192.168.60.8 [192.168.60.8]
debug: lka: looking up pki serv1.example.com
debug: session_start_ssl: switching to SSL
smtp-in: Started TLS on session 5318eda411b4f299: version=TLSv1/SSLv3,
cipher=DHE-RSA-AES128-SHA, bits=128
debug: lka: authenticating for vpasswd:foo
smtp-in: Accepted authentication for user foo on session 5318eda411b4f299
debug: smtp: SIZE in MAIL FROM command
debug: aliases_virtual_get: 'b...@example.com' resolved to 1 nodes
debug: 0x8184b000: end of message, msgflags=0x
smtp-in: Accepted message 16dbd93c on session 5318eda411b4f299:
from=f...@example.com, to=b...@example.com, size=310, ndest=1,
proto=ESMTP
debug: scheduler: evp:16dbd93c11fc0afc scheduled (mda)
mda: new user 5318eda56c11fc0d for getpwnam:bar
smtp-in: Closing session 5318eda411b4f299
debug: lka: userinfo getpwnam:bar
debug: smtp: 0x8184b000: deleting session: done
debug: mda: new session 5318eda6263cb9cc for user getpwnam:bar
evpid 16dbd93c11fc0afc
debug: mda: no more envelope for getpwnam:bar
debug: mda: got message fd 4 for session 5318eda6263cb9cc evpid 16dbd93c11fc0afc
debug: mda: querying mda fd for session 5318eda6263cb9cc evpid 16dbd93c11fc0afc
debug: smtpd: forking mda for session 5318eda6263cb9cc:
/usr/local/libexec/dovecot/dovecot-lda -f f...@example.com -d
b...@example.com as bar
debug: mda: got mda fd 5 for session 5318eda6263cb9cc evpid 16dbd93c11fc0afc
debug: mda: end-of-file for session 5318eda6263cb9cc evpid 16dbd93c11fc0afc
debug: mda: all data sent for session 5318eda6263cb9cc evpid 16dbd93c11fc0afc
/SNIP

So OpenSMTPD has no problems authenticating foo.

But, Dovecot throws this in maillog:

SNIP
Apr 16 04:42:15 serv1 dovecot: lda: Error: userdb lookup(f...@bar.com):
Disconnected unexpectedly
Apr 16 04:42:15 serv1 dovecot: lda: Fatal: Internal error occurred.
Refer to server log for more information.
Apr 16 04:42:16 serv1 dovecot: master: Dovecot v2.2.10 starting up for
imap, lmtp
Apr 16 04:42:16 serv1 dovecot: master: Error: pipe() failed: Too many open files
/SNIP

I have no idear how to proceed from here other than trashing Dovecot
for something simpler? If any exists.

The /etc/smtpd/users.db is shared between the two and it looks like this:

SNIP
foo:$2a$08$Vks5ezM0TWja.fYQ6nCfgOMgKp8VC2QddqtTUw3D0Ykp61pkGkGEC:5000:5000::/var/vmail:/bin/nologin
bar:$2a$05$7MrgSQcqiphFHhvY9qGTWuihNeF5Hcgt8I0ozkO.lBgAMy39npmYG:5000:5000::/var/vmail:/bin/nologin
/SNIP

I actually prefered when Dovecot had just one huge configuration file
instead of the one gazillion files it has now.

Any ideas?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPD crashes on authentication

2014-04-14 Thread Martin Braun 
I have situation in which OpenSMTPD crashes. I don't know if this is due to
misconfiguration or something else.

I really think we need some more configuration samples on how to integrate
with other known MDA's used on the Internet.

Before integrating stuff with Dovecot I wanted to make things work with
some users have a local account and other users not having a local account,
but having their password in the vusers-passwd file. This file I intend
to share with Dovecot.

I am running snapshot.

Please excuse any misconfiguration on my part as I felt the need to locate
bits and pieces on the Internet as to how to get this working.

I have this in smtpd.conf:

SNIP
table vdoms /etc/smtpd/vdoms
table vusers /etc/smtpd/vusers
table vuserspasswd  /etc/smtpd/vusers-passwd

pki serv1.example.com certificate /etc/ssl/serv1.example.com.crt
pki serv1.example.com key /etc/ssl/private/serv1.example.com.key

listen on re0 tls-require pki serv1.example.com auth vuserspasswd

accept from any for domain vdoms virtual vusers deliver to maildir
%{user.directory}/Mail/%{rcpt.domain}/%{rcpt.user}/
accept from any for any relay
/SNIP

In /etc/smtpd/vusers-passwd I tried using smtpctl encrypt and I have
tried doveadm pw -s CRAM-MD5 -u foo.

In this case where OpenSMTPD crashes I am using the doveadm example.

SNIP
foo:5a84de92f28aa45aff3b78cc27348a71c3500a3677ec94695fac89d44393dd69
/SNIP

The mail client is claws-mail and it connects using SMARTLS and Automatic
on authentication method.

Debugging:

SNIP
# smtpd -vdf /etc/smtpd.conf
debug: init ssl-tree
info: loading pki information for serv1.example.com
info: OpenSMTPD 5.4.3 starting
debug: bounce warning after 4h
debug: using fs queue backend
debug: using ramqueue scheduler backend
debug: using ram stat backend
info: startup [debug mode]
debug: queue: done loading queue into scheduler
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: smtp: listen on IPv6:fe80::223:8bff:fe2b:7b8f%re0 port 25 flags 0x49
pki serv1.example.com
debug: smtp: listen on 192.168.60.20 port 25 flags 0x49 pki 
serv1.example.com
debug: smtp: will accept at most 502 clients
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x7d0bb000
smtp-in: New session c4bbeb34c522e072 from host 192.168.60.8 [192.168.60.8]
debug: lka: looking up pki serv1.example.com
debug: session_start_ssl: switching to SSL
smtp-in: Started TLS on session c4bbeb34c522e072: version=TLSv1/SSLv3,
cipher=DHE-RSA-AES128-SHA, bits=128
debug: lka: authenticating for vuserspasswd:foo
smtpd: session_imsg: unexpected IMSG_LKA_AUTHENTICATE imsg
warn: lka - pony: pipe closed
warn: parent - pony: pipe closed
warn: control - pony: pipe closed
warn: scheduler - control: pipe closed
bash-4.3# warn: queue - pony: pipe closed
/SNIP

And OpenSMTPD is crashed.

Is this a bug or have I messed up the configuration?

Kind regards.

Re: configuration example for SMTP account accessible from iOS (iPhone, iPad)?

2014-02-24 Thread Martin Kropfinger 

Am 23.02.2014 15:28, schrieb JiEC- NavrC!til:


I did

listen on vic0 tls certificate vic0 auth hostname my.server.bla
listen on vic0 port 587 tls certificate vic0 auth hostname
my.server.bla



I've done it this way and it's working well (with actual versions):

pki mail.example.com certificate 
/usr/local/etc/mail/certs/mail.example.com.crt
pki mail.example.com key 
/usr/local/etc/mail/certs/mail.example.com.key

listen on re0 port 25 tls pki mail.example.com
listen on re0 smtps pki mail.example.com auth
[...]

bye

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: configuration example for SMTP account accessible from iOS (iPhone, iPad)?

2014-02-23 Thread Martin Kropfinger 

Am 23.02.2014 09:37, schrieb JiEC- NavrC!til:

Hello,

I need to setup SMTP server accessible from my iOS devices. Could you
help me with some sample configuration? I will use stable OpenSMTP
version on OpenBSD 5.3.


You don't need any special configuration for using the SMTPd with an 
iOS-device. Cause OpenSMTPd is an SMTP-server (you can use it for 
sending and receiving mails) you will need an additional IMAP-server 
(e.g. dovecot) if you want to access your mails using the imap-protocol.


Greetings
Martin

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filtering spam with spamassassin

2014-01-12 Thread Martin Kropfinger 
Am Sat, 11 Jan 2014 09:54:47 +0100
schrieb Olaf Mersmann ol...@p-value.net:

 Hi Martin,

 I don't run that setup anymore and instead have each user (I have no
 virtual users) use procmail or maildrop to hook up spamassasin. If I
 remember correctly it was something along the lines of:
 
   ## Return path for spampd
   listen on lo0 port 10028 tag spampd_return
 
   accept tagged spampd_return deliver to ...
   accept from any relay via smtp://127.0.0.1:10027
 
 There must have been more logic involved because I think the above
 ruleset would also scan all outgoing mail. 
 
 Cheers,
 Olaf


Hey there,

got it working with spampd. Thanks for your hint.

Here is my smtpd.conf:

# =
# set certificate and key for ssl
pki mail.example.de certificate /usr/local/etc/mail/certs/mail.example.de.crt
pki mail.example.de key /usr/local/etc/mail/certs/mail.example.de.key

# Incoming mail on port 25
listen on re0 port 25 tls pki mail.example.de tag erstes_eintreffen
# for relaying mails listen on smtps port and request auth
listen on re0 smtps pki mail.example.de auth
# after processing mails with spamassassin spampd sends mails to port 10025
listen on 127.0.0.1 port 10025 tag nach_spamerkennung

# set my tables
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table vusers  file:/etc/mail/vusers

# st first deliver any local mails
accept from local for local alias aliases deliver to lmtp 
/var/run/dovecot/lmtp
accept from local for local deliver to lmtp /var/run/dovecot/lmtp

# anything coming from the outside world is deliverd to spampd listening on 
port 10024
accept tagged erstes_eintreffen from any for domain domains relay via 
smtp://localhost:10024 hostname localhost source 127.0.0.1

# after beeing processed by spamds, mails can be delivered by dovecot-lmtp 
accept tagged nach_spamerkennung from any for domain domains virtual vusers 
deliver to lmtp /var/run/dovecot/lmtp

# local users are alloed to relay
accept for any relay
#  E O F ==

Regards
Martin

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Filtering spam with spamassassin

2014-01-10 Thread Martin Kropfinger 
Hi there!

I have my OpenSMTPd running and use deliver to lmtp to use dovecots
lmtp for putting the mails into the maildir. 

Now I'd like to add some spam-filtering-ability. I thought about using
spamassassin, but could not find any documentation for this
combination.

Is it possible to use spamassassin in conjunction with OpenSMTPd and
dovecot without the use of Amavis?

Thank you!

Martin

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filtering spam with spamassassin

2014-01-10 Thread Martin Kropfinger 
Am Fri, 10 Jan 2014 22:51:37 +0100
schrieb Michiel van Es m...@protegam.nl:


 One simple and flexible way is to use the MDA procmail and forward
 all mail for every user or per user to procmail and call
 spamassassin/clamav from the procmail config.
 
 I also create something using clamsmtpd and clam without using
 procmail, see this thread:
 https://www.mail-archive.com/misc@opensmtpd.org/msg00420.html

Thanks for your hint. But I'd like to aviod procmail. Using dovecots
lmtp I can be shure to have my Maildir-index in sync and for filtering
I can use sieve, what is really nice, especially in conjunction with
roundcube.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPd and procmail - anything special to do?

2014-01-08 Thread Martin Kropfinger 
Hi,

now that my OpenSMTPd is running I would like to use procmail to sort
my incomming mails in folders.

I know I can just set deliver to mda /path/to/procmail to get it
done. But in procmailrc you can set the variables SENDMAIL and
SENDMAILFLAGS to point to sendmail. In this case there is no active
sendmail but OpenSMTPd.

Do I have to set there something special? I know this is a
procmail-specific question, but as beeing related to OpenSMTPd I asked
it here. Sorry if this bothers you.

Thanks Martin

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpd: socket: Protocol not supported on FreeBSD9.2

2014-01-07 Thread Martin Kropfinger 
Am Tue, 7 Jan 2014 19:27:13 +0100
schrieb Gilles Chehade gil...@poolp.org:

 On Tue, Jan 07, 2014 at 07:19:10PM +0100, Martin Kropfinger wrote:

 Care to share your ifconfig output ?

This is the ifconfig output from within the jail. The host holds
five IPs on one interface distributing them to the jails. The jail
itself has only one IP. I hope it is ok for you that I changed the
output a bit (I changed ether, inet and broadcast).

 # ifconfig
re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500

options=8209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE
ether rr:ss:tt:uu:vv:ww
inet xxx.yyy.53.125 netmask 0xffe0 broadcast xxx.yyy.53.127
media: Ethernet autoselect (1000baseT full-duplex)
status: active
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6
ipfw0: flags=8801UP,SIMPLEX,MULTICAST metric 0 mtu 65536

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: smtpd: socket: Protocol not supported on FreeBSD9.2

2014-01-07 Thread Martin Kropfinger 
Am Tue, 7 Jan 2014 19:09:53 +
schrieb James Polera pol...@mubsd.org:

 On Tue, Jan 07, 2014 at 08:03:35PM +0100, Martin Kropfinger wrote:
 Is security.jail.allow_raw_sockets and/or
 security.jail.sysvipc_allowed set to 0?

Yes, both are set to 0. But Using 0.0.0.0 instead of localhost in the
configfile, as gilles told me, seems to fix the problem.

Thank you
Martin

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org