Re: [LOG] Warning table

2016-01-11 Thread Michael Morak 
Hi,

it seems that Joerg's fix was missing a closing parenthesis. The following
should work:

if ((fp = fopen(config, "r")) == NULL) {
log_warn("warn: table \"%s\"", config);
return 0;
}

Cheers,
Michael

On 11 January 2016 at 14:28, Alexis VACHETTE  wrote:

> It's working with small change :
>
> *** a/table_static.c2016-01-11 14:23:24.595515300 +0100
> --- b/table_static.c2016-01-11 14:25:26.991220345 +0100
> ***
> *** 93,104 
> char*valp;
> size_t   ret = 0;
>
> ! fp = fopen(config, "r");
> !
> ! if (fp == NULL) {
> ! log_warn("warn: table \"%s\"", config);
> ! return 0;
> ! }
>
> while ((flen = getline(&buf, &sz, fp)) != -1) {
> if (buf[flen - 1] == '\n')
> --- 93,101 
> char*valp;
> size_t   ret = 0;
>
> !   fp = fopen(config, "r");
> !   if (fp == NULL)
> !   return 0;
>
> while ((flen = getline(&buf, &sz, fp)) != -1) {
> if (buf[flen - 1] == '\n')
>
> Regards,
> Alexis VACHETTE.
>
> On 11/01/2016 14:18, Alexis VACHETTE wrote:
>
> Joerg,
>
> Thanks for your advice.
>
> I introduced a "goto label" because if I add a log_warn() function before
> the return, smtpd start and exit right away.
>
> Your fix produce a segmentation fault with the portable version.
>
> Either way I don't know why a debugging function exit/crash the daemon.
>
> Regards,
>
> *Alexis VACHETTE | Network and System Engineer * Sisteer France: 43 rue
> Pierre Valette, 92240 Malakoff – France
> Direct line: +33 1 70 95 51 19 | Fax: +33 1 70 95 50 90
> www.sisteer.com
> On 11/01/2016 12:52, Joerg Jung wrote:
>
> On Mon, Jan 11, 2016 at 10:25:47AM +0100, Alexis VACHETTE wrote:
>
> Hi,
>
> It was stated last week that OpenSMTPD daemon doesn't throw any warning if a
> specific table isn't readable by OpenSMTPD user.
>
> I made a patch for the portable version on github :
>
> *** a/table_static.c2016-01-11 10:16:15.486422024 +0100
> --- b/table_static.c2016-01-08 12:58:58.564321019 +0100
> ***
> *** 95,101 
>
>   fp = fopen(config, "r");
>   if (fp == NULL)
> ! return 0;
>
>   while ((flen = getline(&buf, &sz, fp)) != -1) {
>   if (buf[flen - 1] == '\n')
> --- 95,101 
>
>   fp = fopen(config, "r");
>   if (fp == NULL)
> ! goto err;
>
>   while ((flen = getline(&buf, &sz, fp)) != -1) {
>   if (buf[flen - 1] == '\n')
> ***
> *** 143,148 
> --- 143,151 
>   free(buf);
>   fclose(fp);
>   return ret;
> + err:
> + log_warn("warn: Table \"%s\"", config);
> + return 0;
>   }
>
>   static int
>
> If someone could review it and test it before I fork the repository and make
> a merge request on github.
>
> Some notes:
>
> - Development happens in OpenBSD -current, so please diff against CVS.
> - Please send unified diffs (not context output as above).
> - I do not see the point of introducing a goto/label, just add the log
>   message and return, also if check can be folded, like this:
>
> if ((fp = fopen(config, "r") == NULL) {
>   log_warn("warn: table \"%s\"", config);
>   return 0;
> }
>
>
> Thank you.
>
> Regards,
> Alexis VACHETTE.
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>
>
>

Re: Configuring opensmtpd to send local mails via smarthost

2015-11-25 Thread Michael Morak 
The website you mentioned says that the port of the outbound SMTP
server is 465, but you are trying to send via the default port, which
is 25. See your log:

> Nov 25 16:09:50 se-gips smtpd[8102]: smtp-out: session 1b314fa0a2f272ba: 
> connecting to tls://217.74.64.236:25 (poczta.interia.pl)

Cheers.

On 25 November 2015 at 16:25,   wrote:
> :-( it still does not work
>
>
> I have corrected:
>
> /etc/opensmtpd/secrets_for_relay_via:
> label   tomaszdro...@interia.eu:my_pasword
>
> /etc/opensmtpd/smtpd.conf:
> accept from local for any relay via secure+auth://la...@poczta.interia.pl 
> auth 
>
> or even to
> accept from local for any relay via secure+auth://la...@poczta.interia.pl 
> auth  as tomaszdro...@interia.eu
>
> or event to
> accept from local for any relay via tls+auth://la...@poczta.interia.pl 
> auth 
>
> But still:
> a)
> smtpctl show queue
> 
> a81ab810ad07ac63|local|mta|auth|tomaszdro...@interia.eu|tomaszdro...@interia.eu|tomaszdro...@interia.eu|1448464190|1448809790|0|1|invalid||Network
>  error on destination MXs
>
> b)
> smtpctl show envelope a81ab810ad07ac63
>
> version: 2
> tag: local
> type: mta
> smtpname: se-gips
> helo: localhost
> hostname: se-gips
> errorline: Network error on destination MXs
> sockaddr: local
> sender: tomaszdro...@interia.eu
> rcpt: tomaszdro...@interia.eu
> dest: tomaszdro...@interia.eu
> ctime: 1448464190
> last-try: 0
> last-bounce: 0
> expire: 345600
> retry: 1
> flags: authenticated
> dsn-notify: 0
> esc-class: 4
> esc-code: 0
> mta-relay: secure+auth://la...@poczta.interia.pl
> mta-relay-auth: secrets_for_relay_via
> mta-relay-flags: tls
>
> c)
> tail -f /etc/opensmtpd/maillog
>
> Nov 25 16:09:50 se-gips smtpd[8102]: smtp-in: session 1b314f94e2f7cdee: 
> connection from host se-gips [local] established
> Nov 25 16:09:50 se-gips smtpd[8102]: smtp-in: session 1b314f94e2f7cdee: 
> msgid=a81ab810, status=Ok, from=, 
> to=, size=457, ndest=1, proto=ESMTP
> Nov 25 16:09:50 se-gips smtpd[8102]: smtp-in: session 1b314f94e2f7cdee: 
> connection from host se-gips [local] closed (client sent QUIT)
> Nov 25 16:09:50 se-gips smtpd[8102]: smtp-out: session 1b314fa0a2f272ba: 
> connecting to tls://217.74.64.236:25 (poczta.interia.pl)
> Nov 25 16:09:51 se-gips smtpd[8102]: smtp-out: session 1b314fa0a2f272ba: TLS 
> started version=TLSv1/SSLv3 (), cipher=ECDHE-RSA-AES256-SHA, bits=256
> Nov 25 16:09:51 se-gips smtpd[8102]: smtp-out: session 1b314fa0a2f272ba: 
> server certificate verification succeeded
> Nov 25 16:09:51 se-gips smtpd[8102]: smtp-out: session 1b314fa0a2f272ba: 
> error: AUTH rejected: 535 5.7.8 Error: authentication failed:
> Nov 25 16:09:51 se-gips smtpd[8102]: smtp-out: routing: Disabling route [] 
> <-> 217.74.64.236 (poczta.interia.pl) for 15s
> Nov 25 16:09:52 se-gips smtpd[8102]: smtp-out: routing: No valid route for 
> [connector:[]->[relay:poczta.interia.pl,starttls,smtps,auth=secrets_for_relay_via:label,mx],0x0]
> Nov 25 16:10:01 se-gips smtpd[8102]: smtp-out: session : 
> evpid=a81ab810ad07ac63, status=TempFail, from=, 
> to=, rcpt=<->, source=-, relay=poczta.interia.pl, 
> delay=11s, stat=Network error on destination MXs
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: backup mx -- delivery loop

2015-11-02 Thread Michael Morak 
Hi,

I meant that you specify a value as a *number* like this:

"relay backup 20"

and then, the backup server would relay to all MXs where the value is
lower than 20. However, since you didn't specify a value (which, as I
read it, should be a number), all mail gets relayed via the default
server name.

Cheers,
Michael



On 2 November 2015 at 09:25, LÉVAI Dániel  wrote:
> Michael Morak @ 2015-11-01T18:40:01 +0100:
>> Hi Daniel,
>>
>> as far as I've seen from the manual, the syntax is "relay [backup
>> [mx]]" and the description says: "Accepted mails are only relayed
>> through servers with a lower preference value in the MX record for the
>> domain than the one specified in mx. If mx is not specified, the
>> default server name will be assumed." <- I read this to say "If mx is
>> not specified, relay to the default server name."
>
> Hm, not quite. It says that it relays the mail to a server *with a lower
> preference value* than the one specified as mx, or got from other sources
> (mailname, gethostname(3), etc...). And that is what it should do, because
> the mx1 will have a lower preference, than the mx2 (and I'm configuring
> the mx2).
> Unfortunately, it doesn't act per the man page; it seems it doesn't do
> the MX lookup, and relays through itself again and again...
>
>>
>> Further on in the manual it says this:
>>
>> "/etc/mail/mailname  If this file exists, the first line is used as
>> the server name. Otherwise, the server name is derived from the local
>> hostname returned by gethostname(3), either directly if it is a fully
>> qualified domain name, or by retrieving the associated canonical name
>> through getaddrinfo(3)."
>>
>> I guess, since you didn't supply an mx value, OpenSMTPD tries to relay
>> mail to the default server name, which in your case seems to resolve
>> to the server running the backup MX (which is not unusual, and one can
>> argue whether this is therefore a good default for the "backup" option
>> without an "mx" value supplied).
>>
>> TL;DR: I guess you need to supply an mx value in your smtpd.conf for
>> this to work as intended.
>
> Again, even if I had specified a value for 'mx', it must've only routed
> the the mail through a server with a lower preference number. So if I
> had specified mx1, then there wouldn't have been any servers that are
> with a lower pref. value, in turn, if I had specified the mx2, it
> would've acted like the same as with the default value.
>
> Daniel
>
>> On 1 November 2015 at 13:57, LÉVAI Dániel  wrote:
>> > LÉVAI Dániel @ 2015-10-31T10:24:35 +0100:
>> >> Hi!
>> >>
>> >> I'm trying to setup a simple backup mx on OpenBSD 5.8-stable, but so far
>> >> it seems more of a burden than a "simple" task :)
>> >>
>> >> smtpd.conf:
>> >> 8<
>> >> pki hostname certificate "/etc/ssl/smtpd_cert.pem"
>> >> pki hostname key "/etc/ssl/private/smtpd_key.pem"
>> >>
>> >> listen on pppoe0 tls pki hostname
>> >>
>> >> table aliases db:/etc/mail/aliases.db
>> >>
>> >> accept for local alias  deliver to mbox
>> >>
>> >> accept from any for domain "example.com" relay backup tls verify expire 
>> >> 30d
>> >>
>> >> accept from local for any relay
>> >> 8<
>> >
>> > Alright, so the backup mx handling is clearly broken in opensmtpd.
>> > Using "relay via" instead of "relay backup" works:
>> >
>> > accept from any for domain "example.com" \
>> > relay via "tls://mx1.example.com" pki hostname verify \
>> > expire 30d
>> >
>> >
>> > Anyway, it would nice to hear some words on this from one of the devs.
>> > Is this intended? How can one debug this further?
>> >
>> >
>> > Daniel
>> >
>> > --
>> > You received this mail because you are subscribed to misc@opensmtpd.org
>> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>> >
>>
>> --
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>>
>
> --
> LÉVAI Dániel
> PGP key ID = 0x83B63A8F
> Key fingerprint = DBEC C66B A47A DFA2 792D  650C C69B BE4C 83B6 3A8F
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: backup mx -- delivery loop

2015-11-01 Thread Michael Morak 
Hi Daniel,

as far as I've seen from the manual, the syntax is "relay [backup
[mx]]" and the description says: "Accepted mails are only relayed
through servers with a lower preference value in the MX record for the
domain than the one specified in mx. If mx is not specified, the
default server name will be assumed." <- I read this to say "If mx is
not specified, relay to the default server name."

Further on in the manual it says this:

"/etc/mail/mailname  If this file exists, the first line is used as
the server name. Otherwise, the server name is derived from the local
hostname returned by gethostname(3), either directly if it is a fully
qualified domain name, or by retrieving the associated canonical name
through getaddrinfo(3)."

I guess, since you didn't supply an mx value, OpenSMTPD tries to relay
mail to the default server name, which in your case seems to resolve
to the server running the backup MX (which is not unusual, and one can
argue whether this is therefore a good default for the "backup" option
without an "mx" value supplied).

TL;DR: I guess you need to supply an mx value in your smtpd.conf for
this to work as intended.

-- Michael

On 1 November 2015 at 13:57, LÉVAI Dániel  wrote:
> LÉVAI Dániel @ 2015-10-31T10:24:35 +0100:
>> Hi!
>>
>> I'm trying to setup a simple backup mx on OpenBSD 5.8-stable, but so far
>> it seems more of a burden than a "simple" task :)
>>
>> smtpd.conf:
>> 8<
>> pki hostname certificate "/etc/ssl/smtpd_cert.pem"
>> pki hostname key "/etc/ssl/private/smtpd_key.pem"
>>
>> listen on pppoe0 tls pki hostname
>>
>> table aliases db:/etc/mail/aliases.db
>>
>> accept for local alias  deliver to mbox
>>
>> accept from any for domain "example.com" relay backup tls verify expire 30d
>>
>> accept from local for any relay
>> 8<
>
> Alright, so the backup mx handling is clearly broken in opensmtpd.
> Using "relay via" instead of "relay backup" works:
>
> accept from any for domain "example.com" \
> relay via "tls://mx1.example.com" pki hostname verify \
> expire 30d
>
>
> Anyway, it would nice to hear some words on this from one of the devs.
> Is this intended? How can one debug this further?
>
>
> Daniel
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org