Hi,
Find below the first stab at a final patch making generated bounce
mails follow more closely the RFCs 3461, 3464 and 6522. The patch
includes the patch from my previous mail in this thread.
The patch is based on opensmtp 7.5.0rc1 (w/ the additional patch in
the rc1 announcement thread
art is US-ASCII when
generating a bounce - and if it's not, doesn't write it to the
respective DSN field(s).
I think the SMTP handling might be the better place to check for that,
and refuse such SMTP params outright, maybe?
Thanks
On Tue, Mar 19, 2024 at 04:22:13PM +0100, Tassilo Philipp wrote:
Al
I agree with Gilles, your filter should react on stdin closing, but not
sure how your filter is set up.
Also, just a guess... are you running smtpd on Linux?
Linux doesn't kill children when the parent process dies, maybe that's
related? (To make it do that prctl(2) would need to be used w/
:40PM +0100, Omar Polo wrote:
On 2024/03/20 17:36:01 +0100, Tassilo Philipp
wrote:
Hi,
while working on the DSN patches mentioned in another thread, I came
across an oversight in the final ORCPT patch that will be part of 7.5.0.
Find the patch attached - IMHO, this patch should make
Hi,
while working on the DSN patches mentioned in another thread, I came
across an oversight in the final ORCPT patch that will be part of 7.5.0.
Find the patch attached - IMHO, this patch should make it into 7.5.0, as
it's fixing an error writing to a wrong buffer, which could be abused
en the ENVID= param was present, as well as "Original-Recipient"
for any ORCPT= param. Those are specified in RFC3461 section 6.3., but
they are a bit more involved as the params need to be decoded and
recoded, and I just haven't found the time, yet.
Thanks!
On Wed, Mar 13, 2024
, as well. Might take a few days, though... will keep you
posted.
Cheers
On Wed, Mar 13, 2024 at 11:00:51AM +, gil...@poolp.org wrote:
March 13, 2024 10:31 AM, "Tassilo Philipp" wrote:
Hello,
I noticed that DSNs generated by OpenSMTPd use "Content-Type: multipart/mixed",
Hello,
I noticed that DSNs generated by OpenSMTPd use "Content-Type:
multipart/mixed", instead of "Content-Type: multipart/report", as
defined by RFC3461 (and described in RFC3464 and RFC3462). I wonder if
there's a reason for that?
I haven only done a cursory review of the actual
Wrong ML? This is OpenSMTPD
On Sun, Dec 31, 2023 at 07:22:04PM +0100, Kirill A. Korinsky wrote:
Greetings,
How can I run a VM with more than 16G of memory?
A naive approach fails with error:
vmctl: start vm command failed: Cannot allocate memory
Yes, the host machine has that memory and
Thanks for looking into this! Also thanks for taking this a step further
and removing unneeded complexity, given the train of thought to consider
this param an opaque string.
I tried the patch in a real world scenario, having rolled it out to
multiple machines and relays, ran manual tests
mta limit session-transaction-delay 10
Is there any way to limit where this is implemented? Such as only
sessions from a specific server (via tag, action, match, etc.)?
From my limited understanding of the few bits of code I read, around
this and other mta options, those "limit" options seems
Not sure if this applies to you, but I just gave an answer to Paul
Pace's "Limit messages sent per unit time?" question on this mailing
list, which might also help you.
On Tue, Dec 05, 2023 at 10:32:20PM -0800, Sean Kamath wrote:
Hi.
I have a couple of (hopefully quick) questions about some
So your question made me curious to read more of the source... and there
are actually multiple undocumented knobs, and there might be this one
that maybe works for you, e.g. put this in you smtpd.conf for a minimum
of 10s delay between MTA transactions:
mta limit session-transaction-delay 10
Sorry, some unnecessary whitespace change was part of the attached
patch. Find attached a cleaned up version of the patch (functionally the
same).
On Thu, Dec 07, 2023 at 01:34:42PM +0100, Tassilo Philipp wrote:
After a direct exchange with Omar Polo about the ORCPT patch, find
attached
ow rebased against the latest version of opensmtpd.
Patch is attached
Cheers
On Sat, Nov 18, 2023 at 11:54:33AM +0100, Tassilo Philipp wrote:
Sorry for another bump of this patch: can it be merged?
I know the groupwise example in this thread is rare and doesn't affect
a lot of smtpd users, b
Since you mentioned "all mails" and "without creating non deliverable
notices", I think it's worth pointing out that the mail server will
probably send delivery status notifications for successfully delivered
mails, if the sender requested it, so also look for the no-dsn option
you can set on
Hi,
I stumbled across an issue when trying to send mail with opensmtpd by
submitting via the unix domain socket, when requesting any kind of DSN,
(e.g. mailwrapper(8) based sendmail command's -N param).
Such mail gets refused by smtpd when the unix domain socket in use is
the default one,
, after all, and is valid.
If this cannot/won't be merged, please share the reasons for why not.
Thank you
On Thu, Jul 20, 2023 at 09:58:16AM +0200, Tassilo Philipp wrote:
Sorry to shamelessly "bump" this, but any way to get this integrated
into upstream, eventually?
We used the orig
I'm just guessing as you don't post your entire smtpd.conf:
auth needs a table (in your case "creds", but it misses the <>), which
you have to define beforehand and point to your file via the "table"
keyword.
At the end of smtpd.conf(5) you have examples.
On Sat, Oct 21, 2023 at 09:07:04PM
You basically write a script that processes incoming lines on stdin, and
writes back to stdout. The protocol is described in smtpd-filters(7).
This basic idea in lua would be something like:
for line in io.lines() do
if line == 'in' then
io.write('out')
end
end
Now handle the
Post your script that you got so far, explain where you get
stuck/confused, and someone will probably be happy to help.
On Fri, Oct 20, 2023 at 02:05:13PM +0200, Sagar Acharya wrote:
Can you please help me with a sample script for accepting or rejecting mail in
lua.
Say there is
Longland wrote:
On 9/9/23 01:28, Tassilo Philipp wrote:
[...] I didn't bother with DKIM until Google started mandating
it for example [...[
Hm... do you have a reference for that? I don't have that
experience with gmail servers. Also I don't find info about that
being mandatory, online.
https
[...] I didn't bother with DKIM until Google started mandating it for
example [...[
Hm... do you have a reference for that? I don't have that experience
with gmail servers. Also I don't find info about that being mandatory,
online.
On Fri, Sep 08, 2023 at 08:24:38AM +1000, Stuart Longland
Give me a configuration for such a thing.
I think several people mentioned by now reading the doc and getting
familiar with email. This is not trying to be mean, I think you really
would set it up faster by learning and using it, then also understanding
it b/c you have to maintain it, than
I tested all of the IPs from your output, and all of them listen on port
25 and a smtp server is answering. So if you are relaying to those via
port 25, and you get a network error (I guess a timeout), then I guess
your outgoing port 25 is blocked. This is relatively common with
residential
If you want to apply the logic you are asking for to emails that are
transmitted, I think you need to work with custom filters for specific
logic (e.g. looking only at attachment size, per day limits, etc.).
There is no "here you go" answer to that, or simple smtpd.conf
statements that would
The error is clear: whatever you connect to requires authentification,
before submitting the mail. So, provide that info.
Authentication is not TLS encryption, so no idea what you mean by you
added TLS certs and that STARTTLS should make it work: it's simply not
authentication.
On Fri, Sep
From the doc (smtpd.conf(5)):
maildir [pathname [junk]]
Deliver the message to the maildir in pathname if
specified, or by default to ~/Maildir.
So given your config, you seem to get exactly what you configured.
For your "whitelist", create the
Sorry to shamelessly "bump" this, but any way to get this integrated
into upstream, eventually?
We used the original patch from Frank Scholl and then this improved one
in production now for like a year, now, and didn't experience issues. In
our case it is specifically needed for a client that
If I understand correctly, this is part of the SPF spec. Those things
are defined hard, e.g. %{i} is the source IP of the message, %{ir} is
the same reversed, etc.. There are more, but it's a short list.
So, I guess this is simply not implemented in smtpctl spfwalk.
Btw... this is the first
I think you wrote to the wrong mailing list, this is OpenSMTPd. Maybe
you wanted to write to the OpenBSD ML?.
On Mon, Oct 24, 2022 at 04:59:23PM +, Peter Fraser wrote:
I make a stupid mistake; I didn't check partition sizes before doing a sysupgrade.
sysupgrade ran out of space or /usr in
On 21. Nov 2020, at 10:44, Tassilo Philipp wrote:
FYI, I run into the same issue with a different provider:
relay.yourmailgateway.de which also has a large number of A records.
Trying to reproduce and digging deeper now, by adding debug logs etc.
Interesting... thanks for checking
Yes, a bounce message is an email, so it won't be on stdout or stderr.
Either way, Martijn's answer probably points out a better approach for
your case, anyways.
On Sat, Oct 15, 2022 at 02:34:52PM +0100, Simon Harrison wrote:
On Sat, 15 Oct 2022 14:44:01 +0200
Tassilo Philipp wrote:
I
I guess your python subprocess is the submission agent? In that case you
get the error in theory automatically, but it would be in form of a
bounce message. If your submission agent cannot receive bounces they
will be lost (probably hanging in the next MTA's queue for a while until
they hit a
I think you wrote to the wrong mailing list, this is OpenSMTPd, not
OpenBSD.
On Fri, Oct 14, 2022 at 09:49:05PM +0900, Gabor LENCSE wrote:
Dear All,
I am a researcher and I would like to benchmark the stateful NAT64
performance of OpenBSD PF.
I use a 32-core server as DUT (Device Under
3): or it's the side that composes the mail that writes bad mail headers
On Tue, Sep 13, 2022 at 07:58:48PM +0200, Tassilo Philipp wrote:
Well:
1) if it's really 'Content-Type: Type: text/plain; charset=“utf-8”',
it's also wrong, the other "Type:" shouldn't be there, and
n Ongstad wrote:
Nice catch. Actually that’s how it was in the message ( Content-Type:
Type: text/plain; charset=“utf-8” ). After looking at it again, the
unreadable messages do have a base64 encoding, should this be an
issue?
On Sep 13, 2022, at 08:58, Tassilo Philipp wrote:
not sure if
not sure if related, but I noticed your line says "text:plain" instead
of "text/plain" (which should be used according to rfc2045)
On Mon, Sep 12, 2022 at 10:20:38PM -0700, Ethan Ongstad wrote:
The messages I receive that have the line ‘ Content-Type: text:plain; charset="utf-8” ‘
are not
, 2022 at 12:35:04AM +0200, Tobias Fiebig wrote:
Heho,
Why don't you add mailrelays.domain as a DNSAltName to the certs of these
hosts? Or are they not under your control?
With best regards,
Tobias
-Original Message-
From: Tassilo Philipp
Sent: Wednesday, 7 September 2022 11:31
To: misc
Hello,
I'd like to pick y'all's brains about a TLS enabled multi-relay-host
setup, where I'm not sure about what is right, or should maybe be
possible.
The setup in question is an OpenSMTPd box that is configured to relay to
multiple, explicitly specified, redundant hosts, the crucial
+0300, Reio Remma wrote:
Hello!
I may be wrong, but list.domain.tld might be routed back to the same
server (domain.tld)? Maybe you should be relaying to the Sympa server?
Good luck
Reio
On 16.08.2022 12:16, thiery wrote:
On 2022-08-16 10:13, Tassilo Philipp wrote:
I might misunderstand your
2 at 11:16:00AM +0200, thiery wrote:
On 2022-08-16 10:13, Tassilo Philipp wrote:
I might misunderstand your question, but I noticed that your line:
match for rcpt-to action "mailinglist"
does not specify a "from" option, so it defaults to "from local". This
means
I might misunderstand your question, but I noticed that your line:
match for rcpt-to action "mailinglist"
does not specify a "from" option, so it defaults to "from local". This
means it won't match for non-local IPs. Maybe that's the culprit?
hth
On Tue, Aug 16, 2022 at 10:07:02AM +0200,
Hello,
it looks indeed like you are facing a different issue. I helped Frank
with that ORCPT issue he was facing, and when I saw your post I thought
"oh, sounds familiar" and told Frank about it, and he shared his
work/patch.
So yeah, my bad that I misinterpreted your question and didn't
Looks to me as it has to have exactly 32 chars.
From crypto.c:
#define KEY_SIZE32
...
static struct crypto_ctx {
unsigned char key[KEY_SIZE];
} cp;
...
int
crypto_setup(const char *key, size_t len)
{
if (len != KEY_SIZE)
return 0;
...
This is very cool, thank you!
One question about the fflush() you mention: I use awk filters a lot and
never had any need to explicitly flush, but you probably did. Mind
sharing some details on your use case?
Thank you!
On Sat, Apr 16, 2022 at 01:04:21PM -0500, Edgar Pettijohn wrote:
I've
About your original question:
From your message I deduce that the message-id is added by your client
in the first place? In that case, no, I don't think OpenSMTPd can be
told to basically *replace* the message id for you.
That said, OpenSMTPd as a standard compliant mail server will add or
Hello,
I cannot help you with your specific config, and don't know if opensmtp
has problems resolving the subaddressing for 'maildir' delivery.
However, I guess you use dovecot (which I assume, given the vultr link
you posted), so you could use LMTP to deliver the messages to dovecot's
lmtp
FYI, I run into the same issue with a different provider:
relay.yourmailgateway.de which also has a large number of A records.
Trying to reproduce and digging deeper now, by adding debug logs etc.
Interesting... thanks for checking and having thought of my report. I
for myself didn't have any
Mhmm… but they returned different results, for dig vs OpenSMTPd filter lookup?
Not sure, as I don't log the replies, but I don't think so.
May cache TTL have expired and record re-fetched with your local test?
What’s your local cache software, is it able to handle large A record lists?
Thanks for the reply and your thoughts.
There should be nothing limit FCrDNS here, despite that
these are a lot of records.
But have you tried the dig lookup below from the actual mail
server at the time (or shortly after) the time of the failure?
Yes, that was the first thing I tried, and I
I might be misunderstanding what you are trying to achieve, but it
sounds to me that you need mail aliases.
Check the "alias" option of "action", and also the section "Aliasing
tables" in table(5).
hth
On Sun, Apr 05, 2020 at 02:24:01PM +0200, Leo Unglaub wrote:
Hey,
first of all i want to
Ok, I have a better idea now...
a- an envelope is created for each RCPT TO in a transaction...
b- ... and additional envelopes may be created by aliases _during_ that RCPT TO
Thanks a ton for those two pointers, I'll investigate and write what I
can figure out.
You correctly guessed a),
There is something that needs to be investigated, this is not normal no.
I won't rule out a bug in OpenSMTPD but given how envelopes are created, it is
very unlikely:
a- an envelope is created for each RCPT TO in a transaction...
b- ... and additional envelopes may be created by aliases
Hello,
I noticed that for most emails I submit through my instance of OpenSMTP,
there are most of the time (but interestingly not always) two envelopes
in the queue. However, mail delivery works fine, and only one copy
arrives at the recipient.
To illustrate the case, sending a mail
Hello,
thank you for writing OpenSMTPD, it's working great!
Is it possible to somehow get a username from a client certificate? This would
allow for user specific auth based on a certificate, instead of providing a
username via standard SMTP auth.
The use case I am thinking of would be using a
56 matches
Mail list logo