Re: Relaying local mail

2020-08-24 Thread Thomas Bohl

Is there a reason you don't want to make root@host2 or @host2 a valid
recipient on host1?



Mainly because if I were to spin up host3, 4 and 5, I'd prefer not to
have to change the config on host1.


Than I would suggest to use authentication.

On hostX:

action "relay2host1" relay \
host smtps://foo@host1 \
auth { foo = password }

match from any for any action "relay2host1"



And on host1 mail from foo gets accepted no matter what:

listen on $v4adr port 12345 smtps \
hostname host1 pki host1 \
auth { foo = $2b$08$dB1z...$ smtpctl encrypt password }

action "send_by_hostX" ... virtual { "@" => user }

match auth foo from any for any action "send_by_hostX"


HTH



Re: Relaying local mail

2020-08-22 Thread Thomas Bohl

Hi,


If on host2 I do

 # sendmail -t <<- .
 From: root
 To: root
 Subject: Test

 .

it expands the address to root@host2 and gets rejected by the host1
because it doesn't know what to do with the address.


Is there a reason you don't want to make root@host2 or @host2 a valid 
recipient on host1?




Re: Problem with Dovecot LMTP delivery

2020-08-09 Thread Thomas Bohl

Hi,


action remote_delivery lmtp "/usr/lib/dovecot/lmtp" rcpt-to virtual 



    Camping - inotifywait -mrq /usr/lib/dovecot - show the
    lmtp executable is never touched, when Dovecot is running.


You have to call the LMTP server by IP:Port or UNIX socket, not by 
executable.


On OpenBSD it would look like this:
action remote_delivery lmtp "/var/dovecot/lmtp" rcpt-to virtual 


With
# doveconf | grep lmtp
you can look if your config uses "unix_listener lmtp"

# doveconf | grep state_dir
should tell you the directory of the lmtp unix socket.



2) Also there doesn't seem to be a working Dovecot LMTP
    example, anywhere I can find. If someone can point me
    to an example (using new syntax), that would be great.


https://prefetch.eu/blog/2020/email-server/



Re: smtp-out: Address family mismatch

2020-07-22 Thread Thomas Bohl

Currently I have 100+ EMails queued with "Network error on
destination MX". This is a severe regression since OpenBSD
6.6.

Every insightful comment is highly appreciated


Please show your complete config file. Maybe it has an error.



My current (new-style) smtpd.conf has a line

 action "relay_external" relay src 192.168.1.1 helo 
"mail.example.com"


Does your original config has a private IP-address too? Maybe you are 
behind a janky NAT router?




Re: smtp-out: Address family mismatch

2020-07-06 Thread Thomas Bohl

Hello,


I see a lot of outgoing EMails queued with a message "smtp-out:
Address family mismatch" in the log file. My colleagues don't like
EMails being put on hold at all.



My current (new-style) smtpd.conf has a line

 action "relay_external" relay src 192.168.1.1 helo "mail.example.com"



My guess would be that the target domain, at the time of the DNS query, 
only returned a IPv6 address.



I have a similar problem. My config is

action "relay2Internet" relay \
helo $hostn \
src {$v4adr, $v6adr}

as I want to allow IPv4 and IPv6. Since the src-adresses are getting 
alternated I often get "Address family mismatch" because the target 
doesn't have IPv6 yet. (At least I believe that is what's happening.)




Re: 553 ORCPT address syntax error

2020-06-15 Thread Thomas Bohl

In /etc/mail/aliases I used to say
  root: sys...@example.com 


Your /etc/aliases must look like:

root: sys...@example.com


And that’s what I used if you read my mail correctly.


The plane text version of your mail has exactly the quoted line.

https://www.mail-archive.com/misc@opensmtpd.org/msg05036.html



Re: Newbie config question

2020-06-13 Thread Thomas Bohl

I've been wrestling with this for days with no progress.


Next time, post what config you have, please.


Can someone drop me a v6.6.4 config to do something similar to the 
following.


Untested:

v4adr = 999.2.3.4
hostn = mx.davidfavor.com

table aliases file:/etc/mail/aliases
table ma2help { supp...@davidfavor.com }
table ma2user { da...@davidfavor.com = david, i...@davidfavor.com = 
david, da...@radicalhealth.com = david
supp...@radicalhealth.com = support, 
i...@radicalhealth.com = support }


pki $hostn cert "/etc//mx.davidfavor.com_Fullchain.pem"
pki $hostn key "/etc/ssl/mx.davidfavor.com_Key.pem"

listen on lo0
listen on $v4adr port 25 tls \
hostname $hostn pki $hostn
listen on $v4adr smtps \
hostname $hostn pki $hostn \
auth
listen on $v4adr port 587 tls-require \
hostname $hostn pki $hostn \
auth

action "receivedLocally" maildir alias 
action "receivedRemotely" maildir virtual 
action "relay2Helpdesk" relay \
host smtps://f...@mail.helpdesk.com \
auth { foo = password } \
helo $hostn \
src $v4adr
action "relay2Internet" relay \
helo $hostn \
src $v4adr

match for local action "receivedLocally"
match from any for rcpt-to  action "relay2Helpdesk"
match from any for domain { davidfavor.com, radicalhealth.com } action 
"receivedRemotely"

match auth from any for any action "relay2Internet"



Re: plain text authentication

2020-05-11 Thread Thomas Bohl

Hi,

I need to use plain text authentication. I have to migrate an old 
postfix server that uses this authentication mode. I have a lot of 
devices configured in this way. I have to plan the migration to TLS, 
while I want to use OpenSMTPD with plain text authentication. It's possible?


It's not possible to use plain text authentication with OpenSMTPD.
https://www.mail-archive.com/misc@opensmtpd.org/msg04397.html

I guess your migration plan has to give OpenSMTPD a different hostname 
or port and let postfix run till ever device is moved to a TLS config.




Re: How to set from: for bounce mails from OpenSMTPD

2020-05-10 Thread Thomas Bohl

Hello,


Let me know if you upgrade and this fixes the issue. I would be really 
interested to know if this is a bug which has been fixed in a newer version of 
OpenSMTPD.



updating to OpenBSD 6.6 (OpenSMTPD 6.6.0) indeed fixed the issue. Now I 
receive bounce back messages.


From: mailer-dae...@mx.aloof.de

Hi!

This is the MAILER-DAEMON, please DO NOT REPLY to this email.

An error has occurred while attempting to deliver a message for
the following list of recipients:

bouncet...@tribulant.com: 550 No such person at this address.

Below is a copy of the original message:


Reporting-MTA: dns; mx.aloof.de

Final-Recipient: rfc822; bouncet...@tribulant.com
Action: failed
Status: 5.0.0

...

The maillog still has the from=<> thing though.
May 10 21:24:29 o3 smtpd[79692]: 23da0fd0c56b2c65 smtp envelope 
evpid=a6a961ff5fbfaf7b from=<> to=




Re: Catchall user

2020-04-05 Thread Thomas Bohl

Hi,


Let' s assume I have 3 virtual users A, B and X on my domain
I want to receive mail for all of them. No problem, that's easy to set up.

But now, suppose some one (locally or non-locally) sends a mail to user 
C that does not exist (nor virtual nor as a account). I want my set-up 
to be able to deliver it to user X. Basically, I want X to receive all 
the mails that were sent to my domain, but not to an existing virtual user.


Is there a way to achieve that?


You have a virtual . Just do this:

a@mydomain  user_a
b@mydomain  user_b
@mydomain   user_x

You even can write
@   user_x
to receive absolutely everything.


> And more generally, is that a good idea?

Some bosses like it, so a potential customer email doesn't get lost 
because of a typo. But X will most likely only ever receive spam.

Do it and make your own experience :-)



Re: how to match my relay rules against a list of IP's?

2020-03-20 Thread Thomas Bohl

arrowhead$ more /etc/mail/localhosters
[::1]/128


It looks like there is bug. The table has to start with a IPv4 address.

This works
127.0.0.1
::1

while this doesn't
::1
127.0.0.1



Re: how to match my relay rules against a list of IP's?

2020-03-20 Thread Thomas Bohl

Hi

Is this possible? 


Yes


This is what I got but it gives me an error...

arrowhead# smtpd -dvvv
/etc/mail/smtpd.conf:34: table "mylocalhosters" may not be used for from lookups
arrowhead# grep mylocalhosters smtpd.conf
table mylocalhosters file:/etc/mail/localhosters
match auth from src  for any action "relay"


Looks ok.
What does your /etc/mail/localhosters look like?



Re: How to set from: for bounce mails from OpenSMTPD

2020-02-24 Thread Thomas Bohl

I have the same problem (my logs look the same) and are very interested
in a solution.


I was wondering which version of OpenBSD are you using? and which version of 
Dovecot?


Fully syspatched and 'pkg_add -u'ed
OpenBSD 6.5
OpenSMTPD 6.5.0
dovecot-2.3.9.2v0

I usually upgrade in a timely manner to the latest stable, but due to 
circumstances I'm still on 6.5.




Have you found a solution in the mean time?


Haven't found time to investigate further. I hope to find time in a view 
weeks to upgrade and look again into this topic. Will post an update if 
I find a solution.




Re: How to set from: for bounce mails from OpenSMTPD

2020-02-14 Thread Thomas Bohl

Hello,


I am running OpenBSD 6.5 with OpenSMTPD and dovecot and if I send an email to 
an invalid email address, I do not get a bounce back from OpenSMTPD telling me 
that the email address is invalid. So this means I never know that I made a 
mistake in sending my email.



I have the same problem (my logs look the same) and are very interested 
in a solution.



$ cat /etc/mail/smtpd.conf
v4adr = 192.168.0.202
v6adr = 1:2:3:4:5:6:7:8
hostn = example.com

table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table ma2user file:/etc/mail/mail2user
table legladr file:/etc/mail/legal-mail-from
table loclonl file:/etc/mail/local-mail-only
table pwdauth file:/etc/mail/pwdauth
table passwd  file:/etc/mail/passwd

pki $hostn cert "/etc/mail/example.com_Cert.pem"
pki $hostn key "/etc/mail/example.com_Key.pem"

smtp max-message-size 150M

listen on lo0
listen on $v4adr port 465 smtps \
hostname $hostn pki $hostn \
mask-src auth  senders 
listen on $v6adr port 465 smtps \
hostname $hostn pki $hostn \
mask-src auth  senders 
listen on $v4adr port 587 tls-require \
hostname $hostn pki $hostn \
auth  senders 
listen on $v6adr port 587 tls-require \
hostname $hostn pki $hostn \
auth  senders 

action "receivedLocally" lmtp "/var/dovecot/lmtp" alias 
action "receivedRemotely" lmtp "/var/dovecot/lmtp" virtual 
action "relay2MX" relay \
host smtps://e...@mx.example.com:465 \
auth  \
helo $hostn \
src $v6adr

match for local action "receivedLocally"
match auth from any for domain  action "receivedRemotely"
match auth from any for any mail-from  action "receivedRemotely"
match auth from any for any action "relay2MX"



Re: Skip recipient verification and forward everything to a LMTP socket

2020-01-17 Thread Thomas Bohl

> Hi,

Hi


I would like to put a OpenSMTPD server in front of a sourcehut lists
installation [1] (that is, a mailing list system for sourcehut).
OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is
my configuration (without the filter and pki parts):


 listen on eth0 tls pki lists.forge.mydomain.tld
 action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock


try
action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock rcpt-to



 match from any for domain "lists.forge.yaal.fr" action "sourcehut"

Now with this configuration I only get "550 Invalid recipient" errors,
which is expected because OpenSMTPD has no way to know what is a valid
sourcehut list recipient.


Your config doesn't verify recipients.



How can I make OpenSMTPD just skip the recipient verification, and just
forward everything to the lmtp socket?


In your case OpenSMTPD only "verifies" whether the host-part is 
"@rlists.forge.yaal.f" and than tries to forward it to lmtp. But lmtp 
additionally expects a local user for delivery. The rcpt-to parameter 
passes through the recipient email-address instead of a local user.


HTH



Re: myca submission and letsencrypt smtp

2020-01-06 Thread Thomas Bohl

Hello,


letsencrypt for tls on port 25 for remote servers to verify

and tls-require verify auth on port 587 permitting self signed certificates



You will need to use different hostnames.


hostmx = mx.example.com
hostsub = mail.example.com

pki $hostmx cert "/etc/ssl/letsencrypt-mx.example.com_Fullchain.pem"
pki $hostmx key "/etc/ssl/letsencrypt-mx.example.com_Key.pem"

pki $hostsub cert "/etc/ssl/myca-mail.example.com_Fullchain.pem"
pki $hostsub key "/etc/ssl/myca-mail.example.com_Key.pem"


listen on $v4adr port 25 tls \
hostname $hostmx pki $hostmx

listen on $v4adr port 587 tls-require \
hostname $hostsub pki $hostsub \



Re: table-passwd

2019-09-17 Thread Thomas Bohl

Hello,


Is there anyone using table-passwd for _any_ other purposes than sharing
with Dovecot ?


Unless I'm misunderstanding the question, I use it all the time.

If an appliance or server needs to be able to send or relay e-mail it 
gets an entry in the table-passwd, with an individual username and 
password combo. No need for Dovecot access under that user, no need for 
a system user.




I have built a fully virtual setup which shares credentials with Dovecot
and since I managed to do it _without_ table-passwd I'm wondering if the
table backend is really useful


My MXs are using individual credentials in order to relay incoming mails 
to the mailbox system. These credentials can't be abused to access a 
mailbox though. Same is true the other way around. (Mailbox server to 
"smarthost".) Without the table one would need to create system users?




Re: smarthost + aliases

2019-09-13 Thread Thomas Bohl

accept from local for any relay via \
   smtps+auth://gm...@smtp.gmail.com:465 \
   as tschwei...@gmail.com \
   auth  verify


Sorry, that is obviously wrong. I misunderstood.



Re: smarthost + aliases

2019-09-13 Thread Thomas Bohl

Hello,


listen on localhost
table aliases db:/etc/aliases.db
table secrets db:/etc/smtpd.secrets.db


(Just use file. There is no gain in using Berkeley DB.)


expire 4h


accept from local for any relay via \
  smtps+auth://gm...@smtp.gmail.com:465 \
  as tschwei...@gmail.com \
  auth  verify

https://man.openbsd.org/OpenBSD-6.3/smtpd.conf#relay_via

hth



Re: Virtual users with Dovecot/Neomutt/OpenSMTPD

2019-07-17 Thread Thomas Bohl

Hi,

what does your smtpd.conf look like? What versions are you using?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: what's your LMTP use-case

2019-07-05 Thread Thomas Bohl

Hello,


I know plenty of people use the lmtp action to deliver mail through LMTP
and I'm genuinely curious: what is your use-case ?


I use dovecot's lmtp to utilise Sieve[1] scripts and mailbox replication[2].

[1] https://wiki2.dovecot.org/Pigeonhole
[2] https://wiki2.dovecot.org/Replication

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: relay from authenticated users only

2019-07-02 Thread Thomas Bohl

Hello,


I'd like to change somehow the config to let authenticated users only
use my OpenSMPTD as a relay. Authentication should be based on the
machine's local user and password table (/etc/passwd).

I tried "listen on ... auth ..." but it complained about the lack of
TLS/smtps.


That is because you can't use authentication without encryption. Best 
you start looking into Let’s Encrypt. Though you could start with a 
self-signed certificate. Like it is shown in man smtpd.conf




accept from any for ! domain 486.hu relay via
tls+auth://t-onl...@mail.t-online.hu auth 


accept from local for any relay via \
tls+auth://t-onl...@mail.t-online.hu auth 


That should stop the visitors for now.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Intercepting mails with opensmtpd

2019-05-07 Thread Thomas Bohl

Hello,

accept from source  sender "" deliver 
to maildir "/home/mail/mydomain1/myuser/Maildir"


accept from source  sender "www-d...@mydomain2.com" deliver to 
maildir "/home/mail/mydomain1/myuser/Maildir"




Do you have an idea ?


Make sure it's above the relay rule.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: how could a safety mechanism be configured?

2019-05-01 Thread Thomas Bohl

Hello,


So what happened to me was that I activated a crontab accidentally that
fetchmails POP3 mail.  It connects to localhost and delivers to me
(pjp@localhost).  In my case the lmtp delivery caused a no such mailbox
error, and opensmtpd then sent a bounce to the originators of the mail as
MAILER-DAEMON via the relay.  How can I in future prevent this through the
config?


Let fetchmail directly deliver to /var/imap/socket/lmtp should do the 
trick, because no bouncing smtpd is involved.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Static Table Entry - smtpd.conf

2019-04-21 Thread Thomas Bohl

Hi,


Is it valid if I add a static table entry in "smtpd.conf" like so;

table blacklist { "@*.anonymous-email.*" }


Yes


Spamd is not stopping it so I though I can reject emails using a static 
table as noted above. Will my wildcard work?


Yes, given an appropriate match action like
match from any for any mail-from  reject

(The reject line has to be above other match lines.)

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-06 Thread Thomas Bohl

This is my host and the source of the connection info I use:
https://support.bell.ca/internet/email/how-to-use-bell-mail?step=5


(That is what you find when you search for smtphm. The .co.jp-part 
doesn't really anonymise it. You should have used the original from the 
get go.)




I get local "daily output" emails from "r...@local.home" sent to
"r...@local.home".


Do you have
root: wt...@bell.net
in /etc/mail/aliases?


Note: the domain is "local.home" and not "local.home.org" which is what it is
when I try to send to external addresses.


Not sure if I understand you there.

My last guess:

action "relay" relay \
host smtp+tls://my_re...@smtphm.sympatico.ca:587 \
mail-from wt...@bell.net \
auth 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-06 Thread Thomas Bohl

The format of my secrets file is:

my_relay sender:PASSWORD


Any strange glyph to be concerned about?


At one point I was trying to connect to the server with openssl and when I used
"
perl -MMIME::Base64 -e 'print encode_base64("SomeBase64Code");' " for my
password it was truncating because of a char, so I changed that password out but
it made no difference.


Can you authenticate with openssl?


Ok, lets rethink this. Assuming it stopped working the moment the system 
got rebooted. Than there once was a working configuration, that can be 
recreated. But if it stopped working around the time of the reboot there 
is the possibility the provider changed something, making it 
incompatible with OpenSMTPD. (Than it would be nice to have real hostnames.)


You could try:

action "relay" relay host smtps://my_re...@smtphm.example0.co.jp:465 
auth 


or:
action "relay" relay host smtp+tls://smtphm.example0.co.jp

(I assume you use smtpd only to send system message to your personal 
inbox on smtphm.example0.co.jp. So maybe sending to someone on the 
system doesn't require authentication.)


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-05 Thread Thomas Bohl

Looks good.
I bet money that the username:password pair in  is just wrong :-)


How much would you like to wager? :)


10€ for the project :-)



I copied and pasted the info into a weblogin and it worked (unfortunately?)


Hm, maybe you need a "application password".

Try
# smtpd -dv -Ttransfer

There will be the line "mta: 0x: >>> AUTH PLAIN SomeBase64Code

$ echo YourBase64Code | openssl enc -base64 -d
to see whether it contains the right login data.



The format of my secrets file is:

my_relay sender:PASSWORD


Any strange glyph to be concerned about?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-05 Thread Thomas Bohl

For the server I am trying to connect, I was told to use 587 if 25 didn't work,
so I've been trying both.


You should use 587.



Here is the smtpd.conf now:


Looks good.
I bet money that the username:password pair in  is just wrong :-)

Don't forget to run
# smtpctl update table secrets
after you edit /etc/mail/secrets

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-05 Thread Thomas Bohl

==
/etc/mail/smtpd.conf diffs (-OLD  +NEW)
==
--- /var/backups/etc_mail_smtpd.conf.current    Fri Feb 22 01:30:23 2019
+++ /etc/mail/smtpd.conf    Fri Mar 15 20:49:37 2019
@@ -17,3 +17,5 @@
  # match from any for domain "example.org" action "local"
  match for local action "local"
  match for any action "relay"
+
+#action "relay" relay host smtp+tls://sen...@example0.co.jp:25


I'm confused. The action line is commented out. Plus the explicit 
mention of port 25 while the logs show port 587.

Can't you just post the full /etc/mail/smtpd.conf?



Ok, my bad. The second diff is more current. The point about the port 
number still stands, though. And "user username" there is a syntax error.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-05 Thread Thomas Bohl

Am 05.04.2019 um 05:58 schrieb Juan Trippe:

What's the alternative? Did you make an update?


I don't know, it was about a month ago. I was trying to get the relay working so
I was making changes to the smtpd.conf file. AFAIK I was restarting smtpd after
each edit and stopped when it worked.


What happened "late March"? Did you reboot the system or did smtpd crash?



==
/etc/mail/smtpd.conf diffs (-OLD  +NEW)
==
--- /var/backups/etc_mail_smtpd.conf.currentFri Feb 22 01:30:23 2019
+++ /etc/mail/smtpd.confFri Mar 15 20:49:37 2019
@@ -17,3 +17,5 @@
  # match from any for domain "example.org" action "local"
  match for local action "local"
  match for any action "relay"
+
+#action "relay" relay host smtp+tls://sen...@example0.co.jp:25


I'm confused. The action line is commented out. Plus the explicit 
mention of port 25 while the logs show port 587.

Can't you just post the full /etc/mail/smtpd.conf?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-04 Thread Thomas Bohl

Yes, I know it's hard to believe, maybe I forget to reload smtpd.conf after I
made the edit, but I don't think so.


What's the alternative? Did you make an update?



Yes, secrets exists and has valid login info. I tested the info with Thunderbird
on a client and was able to send an email


(Assuming Port 587 with STARTTLS.)
Is your server IP on a blacklist? https://www.dnsbl.info/
Can you change the password of bob?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Unable to relay email

2019-04-04 Thread Thomas Bohl

Hello,

action “relay” relay user username host smtp+tls://b...@smtp.example.com 
auth 



It worked fine until late March.


Hard to believe, since it is a syntax error.


smtpd -n was ok after user [username] was removed but the relay no 
longer functioned. The main cause seems to be a lack of authentication 
as I get a "mta error reason=AUTH rejected: 535 Authentication failed" 
when I try to send an email while running smtpd -dv.


 exists or smtpd wouldn't start.
An entry for bob exist or a warning would appear.
An authentication is attempted or "530 Authentication required" would 
(most likely) appear.


1. Is bob still an active account on smtp.example.com?
2. Is the password in  still valid?
3. Is smtp.example.com still the preferred smarthost in the eyes of its 
provider?

4. Is your IP on a blacklist? https://www.dnsbl.info/

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: How to setup a "clean MTA" in 2019?

2019-04-03 Thread Thomas Bohl

Hello,


- setup the mta to use a EHLO name matching DNS for the IP


I continually get that the two do not match using the various email
testers. Yet the domain names do indeed match.


Care to share the logs of one of those testers?
When your server says "EHLO mx1.example.com" then the reverse DNS of the 
connected IP also has to be mx1.example.com.


A beginner's trap on systems with more than one IP address is to forget 
to explicitly set the right outgoing address. (Via src in the action 
directive.) Don't forget IPv6.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: 550 invalid recipient issue

2019-03-19 Thread Thomas Bohl

Can you maybe post your virtuals?


Here my /usr/local/etc/mail/virtuals:

ab...@domain.comus...@domain.com
postmas...@domain.com   us...@domain.com
webmas...@domain.comus...@domain.com


The line for us...@domain.com is missing.
The debug output shows that you are trying to send to us...@domain.com 
and no entry is found. Can you mail to ab...@domain.com?


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: 550 invalid recipient issue

2019-03-18 Thread Thomas Bohl

Which leads to the question: Does user1 exist?



But I do not understand why osmtpd is looking at the /etc/passwd file when I have always used my table files (defined in smtp.conf) with a working environment, 


My understanding is, according to the configuration you presented, that 
it has to lookup /etc/passwd. (I'm only unsure about the role of rcpt-to 
in this.)


https://man.openbsd.org/OpenBSD-6.3/table#Aliasing_tables
"Aliasing tables are mappings that associate a recipient to one or many 
destinations.

...
accept for domain example.org virtual  deliver to mbox
...
In a virtual domain context, the key is either a user part, a full email 
address or a catch all ... and the value is one or many recipients as 
described in aliases(5):"


https://man.openbsd.org/OpenBSD-6.3/aliases.5
"...The file consists of key/value mappings of the form:

key: value1, value2, value3, ...
...The key is expanded to the corresponding values, which consist of one 
or more of the following:


user
A user on the host machine. The user must have a valid entry in the 
passwd(5) database file. ..."



> and user1 has never been a system user.

What is user1 then? A virtual Dovecot user?
Can you maybe post your virtuals?

You could experiment with the "as user" parameter.
https://man.openbsd.org/OpenBSD-6.3/smtpd.conf.5#deliver_to_lmtp

P.S.
Like in your first message you again wrote "smtp.conf". I'm sure you 
meant "smtpd.conf", right?


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: 550 invalid recipient issue

2019-03-18 Thread Thomas Bohl

The configuration loaded is correct as I see the daemon is loading the correct 
certificates and stuff if launched with smtpd -dv -T smtp. I am very shocked as 
I am not able to figure out what happened. I never changed any config file 
since December and I have installed this environment at least 3 times in my lab 
and was always working. I have forced the daemon to load my config file with -f 
and the issue persist.


At this point I would recreate /usr/local/etc/mail/domains and 
/usr/local/etc/mail/virtuals. Rename the old files.

Start by retyping (no clipboard) one line per file.

Reload them via
# smtpctl update table domains
# smtpctl update table virtuals


You could also test a "catchall"
@   user1

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: 550 invalid recipient issue

2019-03-16 Thread Thomas Bohl

Both files are looking good/same as before and local delivery with sendmail 
does not work:

ga...@server.com... Connecting to [127.0.0.1] via relay...
220 mail.server.com ESMTP OpenSMTPD

EHLO mail.server.com

250-mail.server.com Hello mail.server.com [127.0.0.1], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250 HELP

MAIL From: SIZE=108

250 2.0.0: Ok

RCPT To:

550 Invalid recipient


Hm... You said it stopped working after you restarted smtpd.
Maybe it runs of a wrong config file?

I once accidentally typed "smtpd" in the middle of changing the 
configuration. Which started a daemonized smtpd with an unfinished 
config. No matter how often I changed the smtpd.conf and typed "rcctl 
restart smtpd" the wrong config persisted :-) It toke me about two hours 
until I realised smtpd was still running after "rcctl stop smtpd".


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: 550 invalid recipient issue

2019-03-15 Thread Thomas Bohl

Hello,


#Allow local delivery
accept from any for local alias  deliver to lmtp 
"/var/run/dovecot/lmtp" rcpt-to

#Allow virtual domains
accept from any for domain  virtual  deliver to lmtp 
"/var/run/dovecot/lmtp" rcpt-to


Are the files /usr/local/etc/mail/domains and 
/usr/local/etc/mail/virtuals still ok?

Does local delivery with sendmail work?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Mail to root not working anymore with 6.4

2019-01-12 Thread Thomas Bohl

userdb {
   args = uid=vmail gid=vmail home=/var/vmail/%d/%n
   driver = static
}
nuc#
I had forgotten that I had my dovecot setup like that.
I set it up that way so that I can have e-mail users that are not system 
users.


That is kind of important information.
That makes the question whether farid has a $HOME or the alias edit 
pointless.


...I don't know, have you tried to simply symlink 
/var/vmail/nuc.example.com to /var/vmail/example.com

And go for
fa...@example.com:$2b$09$x.::
fa...@nuc.example.com:$2b$09$x.::

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Mail to root not working anymore with 6.4

2019-01-11 Thread Thomas Bohl

Hello,


action lmtp-local lmtp "/var/dovecot/lmtp" rcpt-to
#action lmtp-local lmtp "/var/dovecot/lmtp" rcpt-to alias 


Looks like you commented the wrong line out.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Mail loops when relaying and using smtp auth

2018-11-28 Thread Thomas Bohl

By default, there is ‘accept from local for any relay’, and I’ve kept that in 
place. Is this what you were referring to?


That is what's casing the loop. "relay" looks for the MX record (Which 
is what you want for everting but your own domain). "relay via" skips that.




As I understand it, ‘accept from any’ would be inclusive of ‘local’—is this not 
the case?


No, I believe you are right.



As a test to understand what you’d recommended, I added

accept from local for domain  relay via 

and tested—that presented the same mail loop problem.


1. Is  what you call "upstream"? Aka your mailbox system?
2. Are the accept lines in the right order? From specific to common.
3. Can you post the error log?
(4. Full smtpd.conf would be nice.)



I’m somewhat new to OpenSMTPd


Then you should skip 6.3 and move to OpenBSD 6.4, because of the new 
configuration style. You are learning a deprecated config style at the 
moment.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Mail loops when relaying and using smtp auth

2018-11-28 Thread Thomas Bohl

Hi,


It is possible to configure OpenSMTPd to detect this scenario and to know that 
it should relay that email to domain.com rather than trying to deliver it to 
its MX server, which happens to be the server itself?

Here’s a very abridged version of my config, showing the relay and 
authentication configurations:

accept from any for domain  relay via  # relay config


Use "accept from local" to tell the server what to do with an 
authenticated sessions.


(It would be "match auth" for the new configuration style.)

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Opensmtpd failover

2018-11-24 Thread Thomas Bohl

Hi,


smtp2 doesn't deliver the mail to an IMAP mail storage daemon.

Instead, it spools it and waits


But why? Just deliver it and be done. Can't see many drawbacks in that.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Opensmtpd failover

2018-11-23 Thread Thomas Bohl

Hello,


Now smtp2 writes the message on the disk in order to store it.
What do you people do in order to have a common storage for both smtp 
which can be correct regardless whether a smtp goes up or down.


I'm afraid my answer has little to do with OpenSMTPD.
The common storage for my emails is managed by Dovecot.
I simply use its replication function between two machines.
https://wiki.dovecot.org/Replication

The replication is instantaneous. It's also super convenient for when 
you have to install a new server. You only setup the config and the live 
mailboxes will be pushed onto the system.

(Of course that doesn't excuse one from doing backups!)

HTH
Interested in what other people do as well.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: New config syntax

2018-10-26 Thread Thomas Bohl
Hello,

> In my aliases table I have entries like:
> 
> admin:fred, f...@crowsons.net

Is crowsons.net the hostname of the server?

> 
> but with my new smtpd.conf [1] I'm getting the following error:
> 
> 524 5.2.4 Mailing list expansion problem

What is the full line in /var/log/maillog?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Dovecot - Do I need this?

2018-08-25 Thread Thomas Bohl
> I am not sure what you mean by “read emails locally”. Can I use Roundcube to 
> read my emails or mutt? Do I need Dovecot for this?

The emails are gonna be read on the machine that runs OpenSMTP.
Whatever program you're planing on using has to be able to access the
Maildir/mbox directly on the file system level. Mutt is able to do this.
I'm not sure whether roundcube is capable of it. A quick look at the
website says it's a IMAP-client. So you would need dovecot as a IMAP-server.

IIRC SquirrelMail can work with direct Maildir access.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Dovecot - Do I need this?

2018-08-25 Thread Thomas Bohl
Hi,

> My question is, Can I use OpenSMTPD with Spamd (OpenBSD - Spamd, Greylisting, 
> Graytrapping) and not have anything to do with Dovecot or any other MDA.

Yes, dovecot is optional. You can read the emails locally.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: relay rule for sending email "n...@company.com" ?

2018-07-18 Thread Thomas Bohl
Hi,

> I want to add rule, which will use Google SMTP server to relay only
> these emails, in which I use from as n...@company.com (@company.com)

accept sender "n...@company.com" for any relay via \
tls+auth://foo...@googlesmtpserver.com:587 \
auth  verify


> Like
> mail -r n...@company.com
>  -r from-addr
>  Use from-addr as the from address in the message and envelope.
>  Overrides any from options in the startup files.
> 
> 
> I'm not sure, how to replace local with something from local domain
> "@company.com"

Maybe like this:

accept sender  for any relay via \
tls+auth://foo...@googlesmtpserver.com:587 \
as "n...@company.com" \
auth  verify

# cat relaynames
n...@company.com
name
name@hostname

# cat secrets
foobar  n...@company.com:Password

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: How to deal with spam and opensmtpd

2018-04-21 Thread Thomas Bohl
> But I was wondering what do you guys use to filter content of emails at
> the smtp server level.

*knocking on wood* Apart from the unused line
reject from any sender 
I didn't deploy any anti spam measures so far. And I have yet to receive
my first spam mail. I'm the only user on my mail server and it's running
since seven month.
I generate individual addresses for every contact though. Should I ever
receive spam I can easily kill the address, plus I will know the leak
source.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Trouble configuring OpenSMTPD - every incoming message rejected as 550 Invalid recipient.

2018-04-21 Thread Thomas Bohl
> I wasn't able to find a mailing list archive to review at the URL: 
> https://www.opensmtpd.org/list.html  If there is an archive, please direct me 
> to it, so I can benefit from other's misfortune.  :)

For example https://www.mail-archive.com/misc@opensmtpd.org/


> No matter who I address inbound eMails to (local users or aliases), I always 
> get 550: Invalid recipient in response on the sending server and in 
> /var/log/maillog.

Stop the smtpd daemon and a look that really no other smtpd processes
are running. Then run
# smtpd -d -v
Does it provide any additional output that isn't in /var/log/maillog?


> # Reject troublemakers
> reject from source 
> 
> # Add other filters here?  
> 
> # Accept from "whitelisted" IPs that are slightly misconfigured 
> accept from source 

Comment the lines out for now.


> # Receive eMails to addresses in the aliases table.
> accept from any for domain  alias  deliver to mbox
>
> # Receive eMails to addresses in the virtual account table.
> accept from any for domain  virtual  deliver to mbox
>
> # Receive eMails for local users
> accept from any for local deliver to mbox

Lets remove complexity a little by removing "from any".

What is the format of your /etc/mail/domains and /etc/mail/account?

Does local delivery via
# sendmail user1
work?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Forward copy.

2017-12-24 Thread Thomas Bohl
> I'm looking into moving from Qmail/vpopmail to OpenSMTPD/Dovecot and I
> cannot for the life of me figure out if/how it's possible to forward a
> copy for a user.

Would recommend to use Sieve: https://wiki.dovecot.org/Pigeonhole/Sieve

protocol lda {
mail_plugins = sieve
}
protocol lmtp {
mail_plugins = sieve
}


Than you can forward with a .dovecot.sieve file like so:

if true {
redirect "forward-addr...@example.com";
}

It has you covered should the need for more than just forwarding arise.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: opensmtpd cannot read passwd-file

2017-11-05 Thread Thomas Bohl
Hello,

>   passwd[7508]: warn: table-proc: bogus data
>   passwd[7508]: fatal: table-proc: exiting
>   warn: table-proc: pipe closed
>   fatal: table-proc: exiting
> 
> My passwd-file only has one entry for now which is
> 
>   t...@domain.tld:$6$A0…:

I'm not familiar with what opensmtpd-table-passwd is trying to achieve.
One explanation I found was it's supposed to read /etc/passwd. Such
files no longer contain a password-string. Maybe that is where the bogus
data warning is coming from.

> Any help is appreciated.

If it isn't to inconvenienced you could create a separate credentials
table that doesn't depend on an extra-package.
https://man.openbsd.org/table#Credentials_tables

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Ignore subdomain in lmtp/rcpt-to

2017-11-02 Thread Thomas Bohl
> sorry, my fault. Filename is "mailname" not "mailme". I added
> example.com to "/etc/mail/mailname" and it works, with and without
> subaddressing. Extra aliases not needed

:-) I was going to commend on the typo, but I didn't want to appear
nitpicky and assumed it was just in the mail.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Ignore subdomain in lmtp/rcpt-to

2017-11-02 Thread Thomas Bohl
>> Can you post your full configuration? Because it should work
>> immediately. See:
> 
>  table aliases file:/etc/mail/aliases
>  table domains file:/etc/mail/domains
>  table passwd passwd:/etc/mail/passwd
>  table virtuals file:/etc/mail/virtuals
>  subaddressing-delimiter "-"
> 
>  accept for local alias  deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>  accept from any for domain  virtual  deliver to lmtp 
> "/var/dovecot/lmtp" rcpt-to
>  accept from local for any relay
> 
>  cat virtuals
>  u...@host.example.comu...@example.com
>  ...
> 
>  cat mailme>  example.com
> 

The only two real differences to my configuration are rcpt-to and
subaddressing-delimiter "-".

I temporarily added rcpt-to and the mailname-file was still horned. As I
added subaddressing-delimiter "-" things started to work differently.
There could be a bug, because the delimiter was used on the host-part.
(I will try to look into it in detail later.)

For the time being. Could you test your setup without the
subaddressing-delimiter "-" part?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Ignore subdomain in lmtp/rcpt-to

2017-11-01 Thread Thomas Bohl
Hi,

>> # echo example.com > /etc/mail/mailname
> 
> I've tried it but it does not solve the problem:
>  
>  $ mail -v user
>  <<< 220 host.example.com ESMTP OpenSMTPD
>  >>> EHLO localhost
>  <<< 250-host.example.com Hello localhost [local], pleased to meet you
>  <<< 250-8BITMIME
>  <<< 250-ENHANCEDSTATUSCODES
>  <<< 250-SIZE 36700160
>  <<< 250 HELP
>  >>> MAIL FROM:
>  <<< 250 2.0.0: Ok
>  >>> RCPT TO:
>  <<< 250 2.1.5 Destination address valid: Recipient ok
>  >>> DATA
>  <<< 354 Enter mail, end with "." on a line by itself
>  >>> .
>  <<< 250 2.0.0: 1dbf7b05 Message accepted for delivery
>  >>> QUIT
>  <<< 221 2.0.0: Bye
> 
>  Nov  1 22:08:35 host smtpd[31333]:  mda event=delivery 
> evpid=1dbf7b05c357c219 from= 
> to= user=user method=lmtp delay=1m30s result=TempFail 
> stat=Error ("smtpd: RCPT TO rejected: 550 5.1.1  User 
> doesn't exist: u...@host.example.com")

Can you post your full configuration? Because it should work
immediately. See:

# smtpd -h
version: OpenSMTPD 6.0.0
usage: smtpd [-dFhnv] [-D macro=value] [-f file] [-P system] [-T trace]
# cat /etc/mail/mailname
sw3
# mail -v root
Subject: test1
fdsa
EOT
<<< 220 sw3 ESMTP OpenSMTPD
>>> EHLO localhost
<<< 250-sw3 Hello localhost [local], pleased to meet you
<<< 250-8BITMIME
<<< 250-ENHANCEDSTATUSCODES
<<< 250-SIZE 36700160
<<< 250 HELP
>>> MAIL FROM:
<<< 250 2.0.0: Ok
>>> RCPT TO:
<<< 250 2.1.5 Destination address valid: Recipient ok
>>> DATA
<<< 354 Enter mail, end with "." on a line by itself
>>> .
<<< 250 2.0.0: d847a29a Message accepted for delivery
>>> QUIT
<<< 221 2.0.0: Bye

# echo test.example.com > /etc/mail/mailname
# mail -v root
Subject: test2
fdsa
EOT
<<< 220 sw3 ESMTP OpenSMTPD
>>> EHLO localhost
<<< 250-sw3 Hello localhost [local], pleased to meet you
<<< 250-8BITMIME
<<< 250-ENHANCEDSTATUSCODES
<<< 250-SIZE 36700160
<<< 250 HELP
>>> MAIL FROM:
<<< 250 2.0.0: Ok
>>> RCPT TO:
<<< 550 Invalid recipient
send-mail: command failed: 550 Invalid recipient

# echo foo.bar > /etc/mail/mailname
# mail -v root
Subject: test3
fdsa
EOT
<<< 220 sw3 ESMTP OpenSMTPD
>>> EHLO localhost
<<< 250-sw3 Hello localhost [local], pleased to meet you
<<< 250-8BITMIME
<<< 250-ENHANCEDSTATUSCODES
<<< 250-SIZE 36700160
<<< 250 HELP
>>> MAIL FROM:
<<< 250 2.0.0: Ok
>>> RCPT TO:
<<< 550 Invalid recipient
send-mail: command failed: 550 Invalid recipient

# echo sw3 > /etc/mail/mailname
# mail -v root
Subject: test-ok
fdsa
EOT
<<< 220 sw3 ESMTP OpenSMTPD
>>> EHLO localhost
<<< 250-sw3 Hello localhost [local], pleased to meet you
<<< 250-8BITMIME
<<< 250-ENHANCEDSTATUSCODES
<<< 250-SIZE 36700160
<<< 250 HELP
>>> MAIL FROM:
<<< 250 2.0.0: Ok
>>> RCPT TO:
<<< 250 2.1.5 Destination address valid: Recipient ok
>>> DATA
<<< 354 Enter mail, end with "." on a line by itself
>>> .
<<< 250 2.0.0: d0bfadd9 Message accepted for delivery
>>> QUIT
<<< 221 2.0.0: Bye

It's not even necessary to restart smtpd after changes to
/etc/mail/mailname.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Ignore subdomain in lmtp/rcpt-to

2017-11-01 Thread Thomas Bohl
> If I send a message from local the FQDN is added so the mail is send
> to u...@host.example.com. Is it possible to ignore the "host." part or
> rewrite the address to u...@example.com?

# echo example.com > /etc/mail/mailname

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: from virtual domain, deliver 1 address to local mbox

2017-10-21 Thread Thomas Bohl
> My essential question:
> Is there a good way to have  go to a local user mbox?

Since you are using Dovecot you could use Sieve to redirect virtual
postmas...@example.org to local larry.

https://wiki2.dovecot.org/Pigeonhole/Sieve

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: pony express: smtpd: bind: Cannot assign requested address

2017-09-24 Thread Thomas Bohl
> listen on lo0  port 10028 tag DKIM

Does lo0 exist?
You used just lo for the other ports.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: domain name as accept from source

2017-09-14 Thread Thomas Bohl
> opensmtpd is only relaying, and will only accept outbound from one ip,
> and will only accept inbound for my domain I don't really need to
> authenticate ? In fact I'm not even sure what I'd be authenticating ?

You would authenticate that you are allowed to send emails. :-) No
matter your IP address. Instead in relying on a changing IP, you could
rely on a username and password. No workaround needed.

For example:
table passwd file:/etc/mail/passwd
listen on venet0:0 port 2525 hostname picmail.***.co.uk auth 

# cat /etc/mail/passwd
usersmtpctl encrypt password

On the *.freemyip.com side you would need to add auth to the
corresponding accept/relay part.

With you current setup nothing is encrypted though.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: domain name as accept from source

2017-09-14 Thread Thomas Bohl
> Is there a way I can use a domain name for accept from source as I'd
> rather not have to login and edit the config when my ip changes ?

You could write a script that resolves your hostname, puts the IP into a
netaddr table and calls "smtpctl update table sources". Run by cron.

Is there a reason not to use authentication?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Re: Flushing SMTPD's queue

2017-09-02 Thread Thomas Bohl
> 
> How does one achieve the equivalent of
> 
> sendmail -q
> 
> i.e. rescan the queue and try and send traffic.

# smtpctl schedule all


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



Associate a custom CA certificate with hostname

2017-08-14 Thread Thomas Bohl
Hello,

in order to prevent man in the middle attacks between my servers, I want
to use my own CA. But I have trouble verifying that the destination is
really using it.

# uname -a
OpenBSD c7.example.com 6.1 GENERIC#21 amd64
# smtpd -h
version: OpenSMTPD 6.0.0
# cat /etc/mail/smtpd.conf
table pwdauth file:/etc/mail/pwdauth

ca brief.example.com certificate "/etc/mail/example.com_CACert.pem"

listen on lo0

accept for domain c7.example.com relay via \
smtps+auth://e_local...@brief.example.com \
source 0.1.2.3 hostname mx.example.com \
auth  verify


# sendmail fdsa
fdsa

That leads to "mta event=error reason=SSL certificate check failed",
unless I add /etc/mail/example.com_CACert.pem to /etc/ssl/cert.pem.
But that means I have to trust all of /etc/ssl/cert.pem. Some nation
states could capture my juicy status emails ;-)

Have I misunderstood the ca option?

To rephrase: What I'm trying to achieve is, that the certificate of
brief.example.com is checked against the CA from
/etc/mail/example.com_CACert.pem and not from /etc/ssl/cert.pem.



smime.p7s
Description: S/MIME Cryptographic Signature