spamd : send again

2015-08-01 Thread SSL

sorry for send dirty  mail .
so  i resend  .


perhaps  dreams come true , but test is needed.


--

All tests performed, no relays accepted.
--


1) mail+nginx-server.bat-openSMTPD-spam

pfctl -f /etc/mail/black.pf
pfctl -sr
/etc/rc.d/smtpd restart
/etc/rc.d/dovecot   restart
echo ''
echo ''
echo ''
echo ''
/etc/rc.d/spamd -f restart
ps ax| grep spam
/etc/rc.d/spamlogd  -f restart
ps ax| grep spam
/usr/libexec/spamd-setup



2)/et/mail/black.pf

ext_if=em0
tcp_services={  22, 80,  143 }
icmp_types=echoreq
set block-policy return
set loginterface $ext_if
set skip on lo
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo }
pass in on $ext_if proto tcp to any port submission
table spamd-white persist
table nospamd persist file /etc/mail/nospamd
pass in on $ext_if proto tcp from any to any port smtp rdr-to 
127.0.0.1 port spamd

pass in on $ext_if proto tcp from nospamd to any port  smtp
pass in log on $ext_if proto tcp from any to any port smtp
pass out log on $ext_if proto tcp to any port smtp
pass in  on  $ext_if   inet proto tcp from any to  ( $ext_if:0 ) port  
$tcp_services

pass in inet proto icmp all icmp-type $icmp_types
pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port  4915


3)/etc/rc.conf.local

ftpd_flags=-llUSA
smtpd_flags=
pf=YES  # Packet filter / NAT
pf_rules=/etc/pf.conf   # Packet filter rules file


4) /etc/mai/nospamd

114.22.25.247




ex) netstat -na -f inet
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
ip   0  0  *.**.* 17
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
tcp  0  0  157.7.208.141.143  61.214.236.211.33448 
ESTABLISHED
tcp  0  0  157.7.208.141.143  61.214.236.211.33447 
ESTABLISHED

tcp  0 68  157.7.208.141.22   43.229.53.19.43408 ESTABLISHED
tcp  0 44  157.7.208.141.22   114.22.25.247.44421 
ESTABLISHED
tcp  0  0  157.7.208.141.143  114.22.25.247.60516 
ESTABLISHED
tcp  0  0  157.7.208.141.143  114.22.25.247.60514 
ESTABLISHED
tcp  0  0  157.7.208.141.143  114.22.25.247.60513 
ESTABLISHED
tcp  0  0  157.7.208.141.143  114.22.25.247.60511 
ESTABLISHED

tcp  0  0  127.0.0.1.25   *.* LISTEN
tcp  0  0  157.7.208.141.25   *.* LISTEN
tcp  0  0  *.21   *.* LISTEN
tcp  0  0  157.7.208.141.587  *.* LISTEN
tcp  0  0  *.993  *.* LISTEN
tcp  0  0  *.8025 *.* LISTEN
tcp  0  0  *.143  *.* LISTEN
tcp  0  0  127.0.0.1.8026 *.* LISTEN
tcp  0  0  *.22   *.* LISTEN
tcp  0  0  *.80   *.* LISTEN
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
udp  0  0  157.7.208.141.26124157.7.236.66.123
udp  0  0  157.7.208.141.40444202.234.64.222.123
udp  0  0  157.7.208.141.3649 157.7.235.92.123
udp  0  0  157.7.208.141.37895157.7.154.134.123
udp  0  0  *.514  *.*


without opensmtpd's help , i cannot climb mountains .

sendmail is too long novel
postfix  is poem
opensmtpd is like japanese HAIKU very short poem only three lines.


-

regards tuyosi


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: spamd

2015-08-01 Thread SSL

thanks for Hansteen

On 2015e9408f01f% 22:47, Peter N. M. Hansteen wrote:
http://www.bsdly.net/~peter/nospamd, based on various episodes and 
some digging out of spf records (dig -ttxt domain.tld). 

first
wget http://www.bsdly.net/~peter/nospamd

and follow 
http://technoquarter.blogspot.jp/2015/02/openbsd-mail-server-part-2-opensmtpd.html


1) no spamd setting

mail+nginx-server.bat-openSMTPD
--
pfctl -f /etc/pf.conf
pfctl -sr
/etc/rc.d/smtpd restart
/etc/rc.d/dovecot   restart
/etc/rc.d/spamd stop
/etc/rc.d/spamlogd  stop


2) spamd setting

mail+nginx-server.bat-openSMTPD-spam

pfctl -f /etc/mail/black.pf
pfctl -sr
/etc/rc.d/smtpd restart
/etc/rc.d/dovecot   restart
/etc/rc.d/spamd restart
/etc/rc.d/spamlogd  -f restart
/usr/libexec/spamd-setup


 /etc/mail/black.pf
-
ext_if=em0
tcp_services={  22, 80,  143 }
icmp_types=echoreq
set block-policy return
set loginterface $ext_if
set skip on lo
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo }
pass in on $ext_if proto tcp to any port submission
table spamd-white persist
table nospamd persist file /etc/mail/nospamd
pass in on $ext_if proto tcp from any to any port smtp rdr-to 127.0.0.1 
port spamd

pass in on $ext_if proto tcp from nospamd to any port smtp
pass in log on $ext_if proto tcp from spamd-white to any port smtp
pass out log on $ext_if proto tcp to any port smtp
pass in  on  $ext_if   inet proto tcp from any to  ( $ext_if:0 ) port  
$tcp_services

pass in inet proto icmp all icmp-type $icmp_types
pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port  4915



3) commons file in both no-spamd setting and spamed setting are

 /etc/rc.conf.local

ftpd_flags=-llUSA
smtpd_flags=
pf=YES  # Packet filter / NAT
pf_rules=/etc/pf.conf   # Packet filter rules file



/etc/mail/smtpd.conf
-
pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key
listen on lo0
listen on em0 tls pki mail.aoiyuma.mydns.jp   
auth-optional

listen on em0 port submission tls-require pki mail.aoiyuma.mydns.jp   auth
table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir

accept from local


(conclusion )
i send mail to gmail and recieve mail from gmail .

but there is profound defect .
at the site http://www.rbl.jp/svcheck.php

 QUIT
 221 aoiyuma.mydns.jp

All tests performed, 20 relays accepted.--*

spamd is difficult .





--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL


thanks for advices .

i rewite smtpd.conf

pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key
listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth
table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 6.2.6.2/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay
reject from any for any

thunderbird automativally detects mail server .
about smtp
---
authentification nethod : passeword , transmitted insecurely
conectio security:none

perhaps TLS does not run .

so
--
accept for local alias aliases deliver to mda /usr/local/bin/maildrop 
-f -

accept from any for domain aoiyuma.mydns.jp \
deliver to mda /usr/local/bin/maildrop -f -
or like is needed ?

-
regards




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL



On 2015e9407f28f% 19:18, Mariano Baragiola wrote:

In my experience, Thunderbird auto-configuration is not good.

Configure it manually, choosing STARTTLS as the encryption method.


thanks lot .

i rewrite smtpd.conf


pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key

listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth

table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 61.214.236.211/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay

#reject from any for any
accept from local for any relay  - this line
accept from local for any relay
---
then i send mail y...@gmail.com .


my failure was 'reject from any for any' .
are there open relay when ' accept from local for any relay' is replaced .







--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL

i follow you .

On 2015e9407f28f% 19:18, Mariano Baragiola wrote:

In my experience, Thunderbird auto-configuration is not good.

Configure it manually, choosing STARTTLS as the encryption method.


surely i can send mail from x...@aoiyuma.mydns.jp   to x...@aoiyuma.mydns.jp
but cannod send mail   from x...@aoiyuma.mydns.jp   to y...@gmail.com
(previously can send )

 tail /var/log/maillog

Jul 29 04:36:36 aoiyuma smtpd[13370]: smtp-in: Closing session 
0d8c97396558bc0b


Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: New session 
0d8c973acd272d09 from host e0109-114-22-25-247.uqwimax.jp [114.22.25.247]


Jul 29 04:36:49 aoiyuma smtpd[13370]: smtp-in: Started TLS on session 
0d8c973acd272d09: version=TLSv1/SSLv3, 
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128


Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Accepted authentication 
for user tuyosi on session 0d8c973acd272d09


Jul 29 04:36:50 aoiyuma smtpd[13370]: smtp-in: Failed command on session 
0d8c973acd272d09: RCPT TO:y...@gmail.com = 550 Invalid recipient

^
Jul 29 04:36:52 aoiyuma smtpd[13370]: smtp-in: Closing session 
0d8c973acd272d09




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: SSL/TLS

2015-07-28 Thread SSL

i rewrite  smtpd.conf by auth-optional
this one allow to mail to  from gmail.com .

-by https://www.opensmtpd.org/smtpd.conf.5.html
If *auth-optional* is specified, then SMTPAUTH is not required to 
establish an SMTP transaction. This is only useful to let a listener 
accept incoming mail from untrusted senders and outgoing mail from 
authenticated users in situations where it is not possible to listen on 
the submission port.
Both *auth* and *auth-optional* accept an optional table as a parameter. 
When provided, credentials are looked up in this table. Credentials 
format is described in table(5).

---

how about this ?

pki mail.aoiyuma.mydns.jp certificate /etc/ssl/mail.aoiyuma.mydns.jp.crt
pki mail.aoiyuma.mydns.jp key /etc/ssl/private/mail.aoiyuma.mydns.jp.key
listen on lo0
listen on em0 port 25  tls pki mail.aoiyuma.mydns.jp auth-optional
listen on em0 port 465 tls pki mail.aoiyuma.mydns.jp auth-optional
listen on em0 port 587 tls pki mail.aoiyuma.mydns.jp auth-optional
table aliases db:/etc/mail/aliases.db
accept from any for domain aoiyuma.mydns.jp   alias aliases 
deliver to maildir
accept from any for domain aoiyuma.mydns.jp   
deliver to maildir
accept for localalias aliases 
deliver to maildir
accept for local
deliver to maildir

mynetwork1 = 6.2.6.2/32
mynetwork2 = 114.22.25.247/32
accept from source $mynetwork1 for any relay
accept from source $mynetwork2 for any relay
accept from local for any relay




Re: SSL/TLS

2015-07-28 Thread SSL

Hi all .
following the advices that I received in the past ,  Itry to put together .

I think that there aremistakes.
Please point out at that time.

In addition, please use the translation site because this is written in 
Japanese.


For example,
https://translate.google.co.jp/?hl=ja
--
tuyosi takesima