Re: mlmmj upgrade

[Chris Brannon]

gil...@poolp.org writes:

> I'd appreciate a couple answers to this mail to make sure it does not
> introduce a regression ;-)

I received your message.

-- Chris

Re: mlmmj, public-inbox broken after upgrade to (portable) 7.4.0p1

[Chris Brannon]

Well, maybe the thing I thought would be very stupid isn't so stupid
after all.  In doas.conf:

permit nopass smtpd as mlmmj cmd /usr/bin/mlmmj-receive
permit nopass smtpd as inboxen cmd /usr/bin/public-inbox-mda

And then in the ~/.forward file for those two users,
"| /usr/bin/doas -u USERNAME COMMAND"

-- Chris

mlmmj, public-inbox broken after upgrade to (portable) 7.4.0p1

[Chris Brannon]

I'm running OpenSMTPD on Alpine Linux, and I recently upgraded to
7.4.0P1.  Now my mlmmj and public-inbox are broken because they use
"|command" in ~/.forward and the command is running as the smtpd user
rather than the recipient.

Can anyone help?  I know some amazingly stupid ways to "fix" this, but
I'd rather not resort to a blunt instrument.

Jan 25 19:11:55 [smtpd] 3d0de01c993d1671 smtp message msgid=32238bb8 size=1912 
nrcpt=1 proto=ESMTP_
Jan 25 19:11:55 [smtpd] 3d0de01c993d1671 smtp envelope evpid=32238bb864c7d0a0 
from= to=_
Jan 25 19:11:55 [/usr/bin/mlmmj-receive] mlmmj-receive.c:112: Have to invoke 
either as root or as the user owning listdir Invoked with uid = [108]: No error 
information_
Jan 25 19:11:55 [smtpd] 3d0de01d8a01a1bb mda delivery evpid=32238bb864c7d0a0 
from= to= 
rcpt= user=mlmmj delay=2s result=PermFail 
stat=Error ("Have to invoke either as root or as the user owning listdir")_
Jan 25 19:11:55 [smtpd] 3d0de01c993d1671 smtp disconnected reason=quit_

-- Chris

Re: Hello everybody

[Chris Brannon]

"Unicorn"  writes:

> Not quite the topic of the ML, but it's awesome that you founded the
> BLVUUG!

Right now, it's just a dirty hippie in his office/bedroom with a
mailing list and some computing resources, but I'm hoping someone who
knows what they're doing will step in.

> I originally started using OpenSMTPD with the great guide on
> poolp.org from 2019, which was also pretty much the start of my server
> journey, starting with Debian, continuing to OpenBSD and finally
> settling on Alpine Linux.

Yes, that's a great guide, and it was my intro to OpenSMTPD as well.

> Thanks to Gilles for his fantastic guide and thanks to everybody else
> here for this great piece of software! :)

I second that.

-- 
Chris Brannon
Founder: Blind and Low Vision Unix Users Group (https://blvuug.org/).
Personal website: (https://the-brannons.com/)
Chat: IRC: teiresias on libera.chat and OFTC, XMPP: ch...@chat.number89.net

Re: Hello everybody

[Chris Brannon]

I suppose I should give my own introduction.  I've been lurking here
for about two years now.  In 2020, I replaced my postfix+spamassassin
setup with opensmtpd+rspamd.  I got tired of feeling dread every time I
went to make changes to postfix config, which while not as inscrutable
as sendmail, is still pretty complicated.  I've been a lot happier with
the new setup.

-- 
Chris Brannon
Founder: Blind and Low Vision Unix Users Group (https://blvuug.org/).
Personal website: (https://the-brannons.com/)
Chat: IRC: teiresias on libera.chat and OFTC, XMPP: ch...@chat.number89.net

Google domain ownership tokens for an mx. domain

[Chris Bennett]

To: misc@opensmtpd.org
From: Chris Bennett 
Subject: Google domain ownership tokens for an mx. domain
Date: Sun, 12 Dec 2021 12:24:12 -0800

Hi,
I use these for my website domains, but it just occurred to me that I
could also get those for my mail only domains.

I will, now that I thought of it, but I was wondering. Does this make
any difference to my domains (A records) avoiding getting sent messages
SPAM blocked, especially by the BIG GUYS?

-- 
Thanks,
Chris Bennett

Re: Misunderstanding and/or possible bug regarding SNI

[Chris Brannon]

papush  writes:

> Hello,
> I'm having issues getting SNI to work, or maybe I'm misunderstanding
> its purpose.

You don't need SNI just to host mail for multiple domains, though maybe
there are other reasons you might want it.  I host multiple domains on
my mail server hurricane.the-brannons.com.  Two of them are
the-brannons.com and blvuug.org.
Both of those domains just have an MX record pointing to
hurricane.the-brannons.com, so a certificate for
hurricane.the-brannons.com is good enough to authenticate the MX for all
of those domains.

-- 
Chris Brannon
Founder: Blind and Low Vision Unix Users Group (https://blvuug.org/).
Personal website: (https://the-brannons.com/)
Chat: IRC: teiresias on libera.chat and OFTC, XMPP: ch...@chat.number89.net

Re: How to check if TLS enabled?

[chris]

$ openssl s_client -starttls smtp -connect example.com:25

On Fri, Jun 25, 2021 at 03:55:51PM +0100, Simon Harrison wrote:
> From what I can gather, SPF and DKIM are in the mail headers. What is
> an easy way to check that TLS is working correctly? I have the
> following in my /etc/stmpd.conf
> 
> listen on eth0 tls pki example.com
> 
> Thanks
> 
> -- 
> Web: https://simonh.uk
> Email: m...@simonh.uk
> 
> 

Re: Pluses in addresses do not work as expected

[Chris Bennett]

On Sun, Jan 31, 2021 at 08:39:18PM -0600, Edgar Pettijohn wrote:
> > action "outbound" relay host smtp+tls://b...@smtp.example.com auth secrts
> > ^^^
> 
> Along with your other 100 users. You would then need to have match rules to 
> correspond to 
> their action rules. I don't really see much need since you could just 
> configure
> their mua's to do this.
> I think the majority of people use this so that their system
> mail reaches them. Such as the output from /etc/daily and the like.

OK, that makes a lot of sense using it for system mail or with just one
or two users.
Thanks
Chris

> 
> Edgar
> 

Re: Pluses in addresses do not work as expected

[Chris Bennett]

On Sun, Jan 31, 2021 at 03:51:01PM +0100, Pascal Huisman wrote:
> Which got me out of the mess. See man smtpd.conf
> It now switches to the user before delivering. So it's not vmail as
> directory owner, but the username who is directory owner. In the trace
> you can see the switch in user in the trace.
> 
> My virtual user config: 
> pascal:someencryptedpasswdhash:pascal:1000:1000:/home/pascal::userdb_ma
> il=maildir:/home/pascal/Maildir
> 

The example in smtpd.conf shows:

action "outbound" relay host smtp+tls://b...@smtp.example.com auth secrts
^^^
Having bob here completely confuses me.
I'm not using this method, but I have to ask the question:
What happens if you have two users, bob and jane? Or a hundred users?
It seems to me that there needs to be a table or something in
smtpd.conf.
Could someone explain this example to me, please.

I'd really like to remove my dunce cap on this one.
Thanks,
Chris Bennett

Re: your mail

[Chris Bennett]

On Tue, Nov 17, 2020 at 05:29:36PM +0100, Matthieu C wrote:
>  Hi,
> 
> I am new to mail servers, and I ran into a nice tutorial from a French NGO.
> However, I'd like to tweak a bit my configuration, and I cannot find a
> proper way to achieve my goal: I want to discard mails whose recipient is
> the address my_system_u...@my-domain.net (and r...@my-domain.net and so
> on), while accepting mails to be routed to my_system_user, through a list
> of aliases or virtual users. In fact, I want all the mails to go through
> this system user, and to be read by a unique dovecot account (hence, I'd
> say the simplest way to do is to have an unique Maildir?).

You don't have to use virtual users, but if you want separate Maildir's,
then virtual users through dovecot works nice.
I use usernames as chris@bennettconstruction instead of just chris.
But this is mostly a matter of preference. I have multiple domains, so
that is pretty necessary for me to avoid confusion. Dovecot explains
this moderately well and has a mailing list that's active.

> 
> I created a thread on Stack Overflow for that matter:
> https://stackoverflow.com/questions/64715521/prevent-mailing-to-my-username-in-opensmtp-config
> ; its content is below:
> 
> > I just set up my own mail server at home with OpenSMTP and Dovecot (I used 
> > this
> > tutorial
> > <https://framacloud.org/fr/auto-hebergement/installation.html#courrier-%C3%A9lectronique>
> > from Framasoft). I don't like the idea that people can mail to 
> > *my_system_u...@my-domain.net
> > * or *r...@my-domain.net
> > * (or any other system user), although I'll use this
> > only *my_system_user* account to receive my mails.
> >
> > That's why I added root: /dev/null and my_system_u...@my-domain.net:
> > /dev/null to my /home/my_system_user/.myaliases file (+ makemap -t
> > aliases ~/.myaliases). But I still receive the mails for 
> > *my_system_u...@my-domain.net
> > *. Maybe I shouldn't go through the hassle
> > of preventing this?

Probably not easily, but my-domain.net is the server's domain. That's
tacked on by default. Someone probably has a fix for this.


> >
> > table aliases file:/etc/aliases
> > table own_aliases file:/home/my_system_user/.myaliases
> >
> > pki mail.my-domain.net key 
> > "/etc/letsencrypt/live/mail.my-domain.net/privkey.pem"
> > pki mail.my-domain.net certificate 
> > "/etc/letsencrypt/live/mail.my-domain.net/cert.pem"
> >
> > # Deliver
> > listen on lo
> > listen on lo port 10029 tag DKIM
> > listen on lo port 10036 tag ANTISPAM
> > listen on eth0 port 25  hostname mail.my-domain.net tls pki 
> > mail.my-domain.net
> > listen on eth0 port 587 hostname mail.my-domain.net tls-require pki 
> > mail.my-domain.net auth
> >
> > accept tagged ANTISPAM for any alias  deliver to maildir 
> > "~/Maildir"
> > accept from local for local alias  deliver to maildir "~/Maildir"
> > #accept from any for domain "my-domain.net" alias  deliver to 
> > maildir "~/Maildir"
> >
> > # antispam
> > accept from any for domain "my-domain.net" relay via smtp://127.0.0.1:10035
> >
> > # Relay
> > # dkim tagged can be sent
> > accept tagged DKIM for any relay hostname mail.my-domain.net
> > # if not dkim tagged, send it to dkimproxy
> > accept from local for any relay via smtp://127.0.0.1:10028 hostname 
> > mail.my-domain.net
> >
> > In my search, I found out that virtual users could be a solution (source)
> > <http://z5t1.com:8080/cucumber/cucumber-1.1/source/net-extra/opensmtpd/doc/example1.html#stats>,
> > but it seems overkill to me (setting up a new *vmail* user, new password
> > table, new services...): I have only one repicient account with multiple
> > (~10) aliases.

I use neomutt. It's a bit confusing, but it's very easy to setup account
and folder hooks to let you put all 10 aliases into one .neomuttrc
I have 5 in one .neomuttrc.
Other email clients should be able to do the same.
neomutt-users mailing list is also active and helpful.

I thought using vmail was weird myself at first, but it works like a
charm. I use /home/vmail, others /var/vmail. It doesn't really matter
where as long as you set HOME for it right.

I actually decided to use postgresql with dovecot for passwords and
users, etc. BSD auth is scheduled to be removed at some point in the
future, so consider not using it for dovecot or you *might* have to
change it later.

Good luck,
Chris Bennett


> Any help is appreciated!
> Best regards,
> 
> choumat

Confused about results of changing hostname of server on delivery works or rejected

[Chris Bennett]

Hi!

I've made changes to work off of virtual users with IMAP to dovecot.
All of that works great.

But I haven't been able to get auth to work yet, so I'm just sending
through smtpd from the server that contains the mail or mx domains and
also some of the regular domains also.

Delivery is sorta working.
I have been able to get delivery to work properly now only by changing
to a mail. hostname and the same in /etc/myname. The server's primary IP
is a non mail IP, the rest are IP aliases.

However, something strange is happening that I don't understand.
My subscription to neomutt-users wasn't working all of a sudden.
After changing the email and contacting the list owner, he was able to
approve the current situation and sending and receiving from the list
worked.
Then I changed the hostname to a different mail. and delivery was once
again blocked by policy of the mailing list.

(I'll also mention that using the shithole table totally failed until I
moved the match for it way up to where it is now, so I think I'm really
having problems also with ordering match rules.)

What is happening here? How can I see what is going on?
I can send anything else helpful, just ask.
Thanks for any help.
Chris Bennett

The main IP address here is:


172.107.198.226 cowboyup.xyz
172.107.198.227 no-seas-necio.ninja
172.107.198.228 consulting-diy-construction.com
172.107.198.229 mail.consulting-diy-construction.com
172.107.198.230 mx.no-seas-necio.ninja
172.107.198.231 mail.freedomforlife.rocks
172.107.198.232 mail.bennettconstruction.us
172.107.198.233 bennettconstruction.us
172.107.198.234 capuchado.com
172.107.198.235 strengthcouragewisdom.rocks

/etc/hosts


127.0.0.1   localhost
::1 localhost

172.107.198.226 cowboyup.xyz cowboyup
172.107.198.227 no-seas-necio.ninja no-seas-necio
172.107.198.228 consulting-diy-construction.com
172.107.198.229 mail.consulting-diy-construction.com
172.107.198.230 mx.no-seas-necio.ninja
172.107.198.231 mail.freedomforlife.rocks
172.107.198.232 mail.bennettconstruction.us
172.107.198.233 bennettconstruction.us
172.107.198.234 capuchado.com
172.107.198.235 strengthcouragewisdom.rocks

/etc/mail/smtpd.conf


#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# TABLES ##

table aliases file:/etc/mail/aliases
table vdomains file:/etc/mail/vdomains
table vusers file:/etc/mail/vusers
table passwd file:/etc/mail/passwd
table vaddr file:/etc/mail/vaddr
table addrnames file:/etc/mail/addrnames
table shithole { "@your.riteaid.com", "@abacusnext.com", "@immo-eden.com", 
"@cofferman.net", \
  "@cmitsolutions.com", "@mail-seruices.cf", "@advantrack.com", 
"@e.officedepot.com", \
  "@bts-tx.com", "@protectivesupplyplus.com", "@cointelegraph.com", 
"@jets.com", \
  "@digitalluxuryagency.com", "@abbeywealth-news.com", 
"@findrussianbuyers.ru", \
  "@summitshirts.net", "@bookkeepingandfinancials.com", 
"@phsmobilesolutions.com", \
  "@inquiry.haizol.com", "@info.geappliances.com", "@planhub.com", 
"@refundguide.io" }

## PKI 

pki mail.consulting-diy-construction.com cert 
"/etc/ssl/mail.consulting-diy-construction.com.fullchain.pem"
pki mail.consulting-diy-construction.com key 
"/etc/ssl/private/mail.consulting-diy-construction.com.key"

pki mx.no-seas-necio.ninja cert "/etc/ssl/mx.no-seas-necio.ninja.fullchain.pem"
pki mx.no-seas-necio.ninja key "/etc/ssl/private/mx.no-seas-necio.ninja.key"

pki mail.freedomforlife.rocks cert 
"/etc/ssl/mail.freedomforlife.rocks.fullchain.pem"
pki mail.freedomforlife.rocks key 
"/etc/ssl/private/mail.freedomforlife.rocks.key"

pki mail.bennettconstruction.us cert "/etc/ssl/mail.bennettconstruction.us.crt"
pki mail.bennettconstruction.us key 
"/etc/ssl/private/mail.bennettconstruction.us.key"


# FILTERS AND FILTER CHAINS ###

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', 
'.*\.dsl\..*' } \
 disconnect "550 no residential connections"

filter check_rdns phase connect match !rdns \
 disconnect "550 no rDNS is so 80s"

filter check_fcrdns phase connect match !fcrdns \
 disconnect "550 no FCrDNS is so 80s"

filter senderscore \
 proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 
5000"

filter c01 chain { che

Re: Single PR or many smaller PRs?

[Chris Bennett]

On Thu, Oct 15, 2020 at 01:14:00PM -0400, Demi M. Obenour wrote:
> On 10/15/20 12:05 PM, Joerg Jung wrote:
> > As mentioned by Gilles earlier, please send them as unified diffs 
> > to t...@openbsd.org <mailto:t...@openbsd.org> if you want to have them 
> > reviewed.
> 
> My branch is based on the portable branch.  Do I need to rebase off
> of the OpenBSD repository first?
> 
> Demi

Your diff's must come off of src for OpenBSD -current and you must also
be running the latest and constantly moving -current.
See the FAQ on https://www.openbsd.org

Git is not relevant for this work.

Thanks for your work.

Chris Bennett

Re: Unable to remove mail from queue

[Chris Bennett]

On Sun, May 31, 2020 at 05:24:18PM +0200, Mischa Peters wrote:
> Hi All,
> 
> I just noticed something strange on one of my mailservers running OpenSMTPd 
> 6.7.0p1  (OpenBSD 6.7).
> The mailserver was trying to deliver a spam mailbounce to fedex, it kept 
> failing so I removed it from the queue.
> The logs kept showing it was being delivered, eventhough nothing was showing 
> in the queue.
> After a restart of smtpd the message did show up in the queue again. 
> 
> root@smtp1:~ # smtpctl show queue
> cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937323|0|inflight|99|
> 
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove 
> cd9b0933db878954
> 1 envelope removed
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl remove 
> cd9b0933db878954
> 0 envelope removed
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la
> total 52
> drwx--  2 _smtpq  wheel512 May 28 16:26 .
> drwx--  3 _smtpq  wheel512 May 30 20:49 ..
> -rw---  1 _smtpq  wheel316 May 28 16:26 cd9b0933db878954
> -rw---  1 _smtpq  wheel  19296 May 28 16:26 message
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # rcctl restart smtpd
> smtpd(ok)
> smtpd(ok)
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # smtpctl show queue
> cd9b0933db878954|local|mta|auth|@|prvs=1417a4ec2a=bou...@nds.fedex.com|prvs=1417a4ec2a=bou...@nds.fedex.com|1590676002|1590676002|1590937456|0|inflight|1|
> root@smtp1:/var/spool/smtpd/queue/cd/cd9b0933 # ls -la
> total 52
> drwx--  2 _smtpq  wheel512 May 28 16:26 .
> drwx--  3 _smtpq  wheel512 May 30 20:49 ..
> -rw---  1 _smtpq  wheel316 May 28 16:26 cd9b0933db878954
> -rw---  1 _smtpq  wheel  19296 May 28 16:26 message
> 
> I assume this is not the expected result. :)
> What else can I collect to pinpoint what is going on, before I rm the files?
> 
> Mischa
> 
> 

I also had this same problem. I rm'd the files.
However, what is the right solution?
(I was in a big rush and had to quickly solve the problem.)

Chris Bennett

Re: Hello@All + Cygwin64

[chris]

You may want to omit '--with-libs=/usr/local/lib' and instead target
individual libraries, e.g. '--with-cflags="-I/usr/local/openssl/include"
--with-ldflags="-L/usr/local/openssl/lib"' ; the aforementioned is
causing gcc to attempt to output over a directory. (as per config.log)

New Server, looking for some general advice

[Chris Bennett]

Hi,
I just added a new /27 server. So I haven't started anything except
local for right now. It's using amd64 -current.
I'm using A records for domain and mail.domain. No problem there.

It has one mail. address assigned right now. Different than domain IP.

What I want to achieve:
1. Use Maildir

2. Use dkimproxy. I will add more domains after getting one setup right.

3. Retrieve mail both locally and remotely. I am using neomutt over SSH
right now, but I'm just not getting the conf file exactly right. Perhaps
using IMAP address instead of the local directories would work better?
Right now it recognizes mailboxes only partially correctly.
This question might be better to ask on neomutt mailing list?

I'm guessing that dovecot will be best for remotely and locally. I
previously used it for mbox quite a while ago over POP3.

4. Use both local and virtual users. So I would like to prepare for the
virtual users part at the start if possible. One step at a time is fine.

As far as DKIM, should I add the signature to the domain or mail.domain?
I have already successfully added to mail.domain elsewhere, but is that
right? dkimproxy man pages suggest just domain part

5. Should I use lmtp?
6. Should I start with files first and move over to postgresql or
straight to postgresql?

I have infinite (almost :-}) patience on this server since not a single
important email will be going to it anytime soon.
I haven't setup spamd yet and I'm unsure that I want to. It seems to
cause me more grief than help. I'm using the opensmtpd filters elsewhere
and they are fantastic!

I also don't have a problem reading code for answers as best as I can.
I also have some filter code from others I need to look at (Thanks
Edgar!)

I'm off to read the latest man pages.

Thanks so much for having such excellent software freeing me from the
sendmail nightmare! Tons of work and I love it.

Thanks, 
Chris Bennett

Re: OpenSMTPD::Password perl module now supports openbsd

[Chris Bennett]

Thanks, I'll give them a try and if nothing else, learn more about
writing filters.
Perl is my language of choice.

Much Apppreciated,
Chris Bennett

Re: unable to send mail from desktop mail client to remote email addresses

[Chris Bennett]

On Thu, Oct 03, 2019 at 09:31:08AM +0200, Peter N. M. Hansteen wrote:
> 
> Also,
> 
> [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
> Host example.app not found: 3(NXDOMAIN)
> [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
> Host mx.example.app not found: 3(NXDOMAIN)
> 

I was randomly getting this error myself, I think there was or is some
other, non-related prpblem causing this error.

I'm also having some problems myself, but I'm camping right now.
I'll post something when I'm not typing from a phone.

Chris Bennett

Re: need help

[Chris Bennett]

./spf no-seas-necio.ninja 162.255.139.10: pass
./spf no-seas-necio.ninja 162.255.139.11: soft-fail

Which matches my spf entry. v=spf1 mx ~all.
Is that the correct response?

Chris Bennett

Re: Virtual users with Dovecot/Neomutt/OpenSMTPD

[Chris Bennett]

So, hazarding a guess, OpenSMTPD handles outgoing mail. It then hands
off incoming mail directly to dovecot?
Then I just need to get .neomuttrc correct to pull from dovecot.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Virtual users with Dovecot/Neomutt/OpenSMTPD

[Chris Bennett]

Hi,

I'm pretty confused on what I need to do to make all of this work. I
want to use IMAP.

So far, my attempts to use Maildir with just OpenSMTPD and neomutt
haven't worked correctly (no dovecot yet). This is just using regular
users and their home folders with Maildir. Mail gets delivered and sent
correctly, but the mailboxes aren't working right.

Dovecot says to use virtual users and Maildir like this:

Ways to set up home directory

The directory layouts for home and mail directories could look like
one of these (in the preferred order):

Mail directory under home, for example:
home=/var/vmail/domain/user/ mail=/var/vmail/domain/user/mail/

Completely distinct home and mail directories:
home=/home/virtual/domain/user/ mail=/var/vmail/domain/user/

Home directory under mail, for example:

 Maildir: home=/var/vmail/domain/user/home/ mail=/var/vmail/domain/user/
 mbox: There's really no good and safe way to do it. 
The home directory is the same as the mail directory. 

If for example:
home=/var/vmail/domain/user/
mail=/var/vmail/domain/user/mail/, set:

mail_home = /var/vmail/%d/%n
mail_location = maildir:~/mail


OK. I've got regular users each getting mail from many sources under
aliases, i.e. from root, webmaster, etc. to one user.
I don't really have any experience with IMAP.
So will a single user be using the IMAP requests to get each one of the
sources that right now are in aliases?

I am having trouble seeing how to pull all three of these pieces of
software together.
I am getting all my mail over SSH right now, but I would prefer to be
able to get it with neomutt directly to my laptop.

I've also seen many references to getting certificates from
Let's Encrypt for mail for both Dovecot and OpenSMTPD using the
same one. How do I do that?

I'm just not sure what documentation I should be using to guide the
process along.
I've got a server setup without any critical email, so I'm not in a
rush to get things working.

Any help apreciated,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Using Maildir and IMAP, I am losing my older threads

[Chris Bennett]

I did not receive any of the reply's before this one. Could you send
them again for me if there are any. Thanks. I've fixed the problem now.
Off-list is probably best.


On Tue, May 21, 2019 at 06:53:12AM +0100, Raf Czlonka wrote:
> On Mon, May 20, 2019 at 03:30:18PM BST, Chris Bennett wrote:
> > I was planning on using IMAP with dovecot (not setup yet), but when
> > using Maildir and neomutt, the mail gets moved to cur and I can't access
> > it from neomutt. Thus I have been losing access to my mailing list older
> > parts of threads I really want to see.
> 
> Hi Chris,
> 
> Not sure if I understand the above correctly but you do *not* access
> 'cur' - you access the directory where 'cur' resides in. As long
> as the MUA supports MAildir properly, you should see your emails.
> 

Should getting Dovecot setup fix this problem? Maybe?

> > Am I setting up neomutt incorrectly?
> 
> Impossible to tell without seeing the config file.

That is a temporary problem. I had to upgrade that server and everything
went completely fine (6.3 -> 6.4) until the final reboot, and then it
failed to finish rebooting. That company uses a newer version of Java
than I have under 6.4 at home. I'm hoping that 6.5 fixes that problem.
If not, any advice for that problem? I should have access to Windows in
a library Thursday since we are going camping Wednesday.
I don't know how to use Linux.
All of those config files are on that server.
Otherwise I'll ask support to help me work that out.

> 
> > Do I need to use a script to move the thread entries back to new?
> 
> Unless I'm missing something, you shouldn't need to.
> 
> > I have searched about this, but it seems that few people want to move in
> > this direction, but it can be done with a script.
> > I'm thinking I have messed up something in configuration.
> > Apparently mutt/neomutt can be set to access cur too.
> > 
> > Any help appreciated,
> > Chris Bennett
> 
> My guess is that you are simply not looking in the right place.

I've had a consistent problem with getting almost most of my problems
when searching under DuckDuckGo or Google or marc.info.
Most likely I'm just not thinking of the right searches.

Thanks,
Chris Bennett


> 
> Regards,
> 
> Raf
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How to setup a "clean MTA" in 2019?

[Chris Bennett]

On Wed, Apr 03, 2019 at 11:36:22AM +0200, Gilles Chehade wrote:
> My very own minimal would be:
> - have a dedicated IP address for mail with correct rDNS and fc-rDNS

Right now I am using the same IP as the websites I have for each.
Should I use a different IP just for email? This is not a problem to do.

> - setup the mta to support TLS (if needed, not the case on OpenSMTPD)

Got this

> - setup the mta to use a EHLO name matching DNS for the IP

I continually get that the two do not match using the various email
testers. Yet the domain names do indeed match.
I don't know what to make of this. I have no problems sending or
receiving email at all.
Godaddy is where I have my domains registered, but they specifically say
that they do not support DNS for sites not hosted on their servers.
That has led me down the path of learning to be my own hostmaster.
I have finally found a page that explains the strange setup I need to
request for only a small range of IP addresses. Hurrah!
But I'm not quite ready to venture out into that myself. But learning
this has been fun so far.
Do you think that being hostmaster will solve that problem?


> - setup SPF

Good here

> - setup DKIM

Not yet, given above problems

> 
> That would be my very very very very minimum requirements.
> 

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How can I integrate opensmtpd with opendkim?

[Chris Bennett]

On Wed, Jan 30, 2019 at 05:45:35PM +0300, Sergey Seacher wrote:
> Hello, All!
> 
> How can I integrate opensmtpd with opendkim?
> 

There is also dkimproxy and a Perl module p5-Mail-DKIM.
Which one do you recommend, you hinted that there will be changes from
6.4 to 6.5 for dkimproxy setup when it comes out, if I understood
correctly. 

I've got things working for 6.4 right now, but I will post a couple of
questions about using auth and some other stuff I expect/want to use
shortly.

Thanks, I'm really thrilled to have this massive improvement over
sendmail!! All of your time doing this work has been so helpful, I
really hated sendmail with that huge book I had for it.

Chris Bennett


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

6.3 not coming from proper domains

[Chris Bennett]

Oops, I forgot to su -l first.
Send back to ch...@bennettconstruction.us

To: misc@opensmtpd.org
Subject: 6.3 not coming from proper domains

I am also working on 6.4 syntax to be used shortly, but after doing testing.
Right now, with 6.3amd64-stable,
I am not getting any emails sent from any domains except bennettconstruction.us.

6.3 files soon to be gone, but this is the set of files I have in production.
I can also send my 6.4 files, which may be much better, but I want to fix this
now, vs later.
I appreciate any help. I think I included everything. mail-to address is 
designed to fail
in order to get good log messages.

Thanks,
Chris Bennett

gory ~ # dig -tANY bennettconstruction.us

; <<>> DiG 9.4.2-P2 <<>> -tANY bennettconstruction.us
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42993
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bennettconstruction.us.IN  ANY

;; ANSWER SECTION:
bennettconstruction.us. 833 IN  A   104.217.196.250
bennettconstruction.us. 833 IN  NS  ns65.domaincontrol.com.
bennettconstruction.us. 833 IN  NS  ns66.domaincontrol.com.

;; Query time: 459 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:47:25 2018
;; MSG SIZE  rcvd: 111

gory ~ # dig -tANY capuchado.com  

; <<>> DiG 9.4.2-P2 <<>> -tANY capuchado.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24176
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;capuchado.com. IN  ANY

;; ANSWER SECTION:
capuchado.com.  3600IN  TXT "v=spf1 a mx:capuchado.com 
ip4:104.217.196.251 ~all"
capuchado.com.  3600IN  MX  10 capuchado.com.
capuchado.com.  600 IN  SOA ns65.domaincontrol.com. 
dns.jomax.net. 2018121317 28800 7200 604800 600
capuchado.com.  3600IN  A   104.217.196.251
capuchado.com.  3600IN  NS  ns66.domaincontrol.com.
capuchado.com.  3600IN  NS  ns65.domaincontrol.com.

;; Query time: 847 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:47:58 2018
;; MSG SIZE  rcvd: 227

gory ~ # dig -tANY line-printer-daemon.net

; <<>> DiG 9.4.2-P2 <<>> -tANY line-printer-daemon.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40266
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;line-printer-daemon.net.   IN  ANY

;; ANSWER SECTION:
line-printer-daemon.net. 3600   IN  TXT "v=spf1 a 
mx:line-printer-daemon.net ip4:104.217.196.252 ~all"
line-printer-daemon.net. 3600   IN  MX  10 line-printer-daemon.net.
line-printer-daemon.net. 600IN  SOA ns63.domaincontrol.com. 
dns.jomax.net. 2018122000 28800 7200 604800 600
line-printer-daemon.net. 3600   IN  A   104.217.196.252
line-printer-daemon.net. 3600   IN  NS  ns64.domaincontrol.com.
line-printer-daemon.net. 3600   IN  NS  ns63.domaincontrol.com.

;; Query time: 710 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Wed Dec 26 19:48:54 2018
;; MSG SIZE  rcvd: 247


maillog:

Dec 26 19:27:36 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:27:36 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=5a4d097a06f98d40 from= 
to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s 
result="TempFail" stat="No MX found for domain"
Dec 26 19:32:13 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:32:13 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=6d1d125a0d253a0b from= 
to= rcpt=<-> source="-" relay="openspf.net" delay=6m40s 
result="TempFail" stat="No MX found for domain"

Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=connected address=local host=bennettconstruction.us
Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=message address=local host=bennettconstruction.us msgid=5a4d097a 
from= to= size=509 ndest=1 
proto=ESMTP
Dec 26 19:20:56 bennettconstruction smtpd[37757]: 0da5075771ad38fb smtp 
event=closed address=local host=bennettconstruction.us reason=quit
Dec 26 19:20:56 bennettconstruction smtpd[37757]: smtp-out: Failed to resolve 
MX for [relay:openspf.net]: No MX found for domain
Dec 26 19:20:56 bennettconstruction smtpd[37757]:  mta 
event=delivery evpid=5a4d097a06f98d40 from= 
to= rcpt=<-> source=&q

Re: Vultr has all blacklisted IP's for email

[Chris Bennett]

On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote:
> Poke vultr about it , if its not good, just switch provider ( openbsd 
> amsterdam?))
> 

They say it's my fault and that they have spent a tremendous amount of
time trying to get me off of the blacklist. (exaggeration included on
purpose).

As you can see below, I guess it is all my fault.
I'm just going to put the DNS records back to where they were before.
What's the website for OpenBSD Amsterdam?

Looks like I may just have to move my server from the USA to the not
USA. Why is such a simple thing as a server so hard to get???

Fun Fun Fun entered below:
---
Information about 108.61.242.230

Below is the information we have on record about 108.61.242.230
Standards Compliance

Does IP Address resolve to a reverse hostname... Passed!

Does IP Address comply with reverse hostname naming convention... Passed!
List Status

RATS-Dyna - On the list. Worst Offender Alert.

RATS-NoPtr - Not on the list.

RATS-Spam - Not on the list.

RATS-Auth - Not on the list.
Alert: Your IP is part of a network listed as a Worst Offender

This is a Worst Offender Alert and this means that not only this IP address,
but the whole class 'C' is also on the indicated SpamRats List.
Usually this means the whole range has the same issue of naming conventions or
no reverse DNS AND that many IP's from this Class C have been used in Spam 
Attacks,
Dictionary attacks or other forms of attacks, as detected by Mail Servers in the
Data Collection Grid. You will NOT be able to use the removal form to remove 
your
IP Addresses. If you have recently been assigned the IP Addresses, or have 
changed
what these IP Addresses are used for, you can use the contact form and ask for a
reclassification, but you will have to provide full disclosure, including whois 
for
the ip addresses, your affiliation with the company that owns them, and a 
description
of what the IP's were previously used for, and what they will be used for, in 
order
for a Spam Auditor to consider reclassification. Remember, the majority of the 
IP's
in this space WERE detected as being involved in some form of attack or abusive
behaviour, so you had better have a good reason to ask for removal, and you 
need to
own or control the IP addresses, as evidenced by ARIN whois.

-
2nd IP is blacklisted on 7 lists.

I'm sure they can quickly fix this too!

Chris



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Vultr has all blacklisted IP's for email

[Chris Bennett]

On Wed, Dec 19, 2018 at 09:58:54PM +, Charles Collicutt wrote:
> On Wed, Dec 19, 2018 at 01:41:40PM -0800, Chris Bennett wrote:
> > On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> > > I’ve just checked mine and it’s 100% non-blacklisted, according to 
> > > mxtoolbox.
> > > And, so far, I don’t have any issues sending/receiving mail.
> > 
> > I really must have workable email and baremetal
> 
> Maybe it is a baremetal versus VPS thing? Like others here, I have been
> running a mail server on Vultr VPS for years without problems.
> 

I was wondering the same thing. Baremetal for them is new and maybe they
haven't worked out the bugs and procedures for that yet?

If that's the case, any suggestions on a good way to word the
conversation? I tend to come across as a bit rude by accident.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Vultr has all blacklisted IP's for email

[Chris Bennett]

On Wed, Dec 19, 2018 at 04:46:17PM -0500, Implausibility wrote:
> Vultr specifically blocks mail-specific ports in an attempt to keep their 
> network free of spam.  You can ask them to enable eMail ports on your VMs, 
> 

Yes, I spoke to them about the problem before grabbing an additional IP
address. They said they would try to get the original IP un-blacklisted.
That did not happen, unfortunately.

They now also offer one model of bare metal, which is not a VM. I
specifically need a single dedicated server for what I am doing.
The work I'm doing is all situated inside of the USA, so something
locally oriented is a better choice for me.

My email ports are open, as I can send mail back and forth with my other
server.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Vultr has all blacklisted IP's for email

[Chris Bennett]

On Wed, Dec 19, 2018 at 10:16:22PM +0100, Joel Carnat wrote:
> I’ve just checked mine and it’s 100% non-blacklisted, according to mxtoolbox.
> And, so far, I don’t have any issues sending/receiving mail.
> 

I really must have workable email and baremetal
 
Right now the second IP I requested is 45.76.27.230
This is much worse than the first one I also have which is
108.61.242.230

I am using a server in Chicago. Where is yours located?
Maybe the location is related?

Other than this problem, I am quite happy. If I can solve this, I will
move off of my other server, which is stuck on crappy Java KVM.
I don't have any problem with another location.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Vultr has all blacklisted IP's for email

[Chris Bennett]

I was very happy with what I got for a baremetal server at Vultr.
Unfortunately, even after getting a second IP that was not from the same
range as the first one, all of these IP ranges, not single IP's, are
blacklisted in the worst category.
If you want a web/etc server, great.
If you want anything to do with email, forget them.
Shame. I need another baremetal that doesn't have Java KVM.
Any recommendations?

Thanks. Looks like anything related to Cloud may be a problem???

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: FAQ gone?

[Chris Bennett]

On Wed, Dec 12, 2018 at 10:35:21PM +0100, Gilles Chehade wrote:
> 
> The FAQ has been removed from the website twice for the same reason, and
> if you work on it but it then goes unmaintained and people start mailing
> me that I should fix the FAQ, I'll have to remove it again a third time.
> 
> I'm all for having an FAQ but it must come from people willing to become
> maintainers and not release a version of it and leave.

Yes, I was very disappointed when the previous FAQ didn't have accurate
information. I would much rather see you working on OpenSMTPD itself
rather than a FAQ, which is a lot of work just to make, much less
maintain.

I have found various FAQ's all over the place that just don't have
accurate information and throw in anti-spam programs I just don't want
to use. Of course, not enough information to understand how to skip one
of those unwanted ones. So I have essentially found all of them
basically useless, which is sad but true.

I'm in a bit of a conundrum. I'm trying to pull together a bunch of
things besides just email all at once.

I grabbed a baremetal at Vultr in addition to the one I am actually
using elsewhere. I'm trying to get everything running as I need it to at
Vultr before moving everything onto it officially. Having two baremetals
gives me a great way to bounce things back and forth until everything is
really truly working correctly.

But I have lots of questions about things I have never done before.
I'm very puzzled by how to correctly set up DKIM and DMARC.
Which programs should I be using and why? I looked at opendkim and the
manual pages are so long and convoluted with so many options that it
leaves me throwing up my hands in frustration. I know that once I
understand all of it, it will probably be completely clear, but not yet.
So which program(s) for DKIM to use? Is this something for example that
would be reasonable to add as a port like opensmtpd-dkim?

I'm perfectly happy to use postgresql with OpenSMTPD and Dovecot.
I have yet to find any example SQL tables anywhere for either.
This would work great for me to integrate certain customers with in a
larger database set up.

Maildir, mbox, dovecot's own mailboxes. I seem to find arguments for and
against each choice. Right now I can make a choice, but which one?

I also have found a probable need to use auth to allow only special
users to relay mail.

Right now, I have two servers. IP addresses which can get burned if I
screw up and two domains that can also get burned since I'm not using
them.
I'm 100% willing to run through all kinds of different configurations
and I have lot's of questions that would probably be great ones for a
FAQ. So I volunteer for guinea pig. I'll try it all for the FAQ.

BUT, if there is a FAQ, it's going to need to be set up with tests to
see when previous advice fails. Otherwise, I just don't see anyone even
knowing when and what to fix. "Oh, that didn't work. I'll do this other
way instead." isn't going to get anything maintained.

I'm happy (and needful) to try all the different ways. I can't commit to
writing the FAQ myself.

So, if I see this correctly, someone needs to grab two or three servers
every six months, run though all the options, see what fails and report
back, drop the servers?

I'll help,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Tables syntax in new config

[Chris Bennett]

Thanks!

This was a good thread. And of course I didn't notice man table.
I'm getting really important emails right now, but I want to upgrade to
6.4 from 6.3, so I'm being really cautious about making a mess.

Server company is using IPMI with Java, so that's been a problem since I
can't get OpenBSD's version to work. Which was really hard to get to
even work with someone's old windows version when I first installed.

Chris Bennett

Thanks for the great work!



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTP as mx backup

[Chris Bennett]

+2 on that! Sorry +1 is just not enough!

I have a backup, but that's only IF I know there's a problem.
If I have any net access, if I'm not traveling. If .

Most of my email is unimportant. But when it is, it's $$ or some
emergency.

Chris



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Forced to stay at 6.3 but I want 6.4.0

[Chris Bennett]

I have a problem with OBSD 6.4 release and so far cannot get the display
to work properly.
I would like to use the 6.4.0 on 6.3.
I haven't look over the source at all yet, I will.

Will I have any problems getting this to work on OBSD 6.3?
As much as possible, I would like to bring my server closer to OBSD 6.4
but I want my laptop and server working with the same software.

Thanks,
Chris Bennett

PS, I'll explain in my next email why this matters a bit to me.



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: moving to 6.4, want to be sure that one domain can't be "traced" back?

[Chris Bennett]

I've received some good advice to not pursue this right now.
I'm not myself with this medication. So I'm not going to move forward
with this. I am just not thinking clearly enough to make decisions about
such important things. My apologies.

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

moving to 6.4, want to be sure that one domain can't be "traced" back?

[Chris Bennett]

Hi,
I am about to manually update 6.3 to 6.4 and update new configurations.
I realize that getting the IP address is not concealable. The domain has
private registration.
It is likely that certain people will assume that I am behind the site,
but I would like keep from having any actions taken against the site.

My concern is that the site will bring up a very negative viewpoint and
also some good suggestions about fixing the problems. The site does not
deal with anything illegal or violent or anything like that. It will
just make some controversy. I am still making sure I really want to do
this site into production.

My hip is being replaced December 3rd. I'm taking a lot of Morphine and
Oxycodone right now, so I am probably going to ask some stupid RTFM
questions out of need.

Thank you so much for making OpenSMTPD! I love it. 
If you need any help testing, let me know.
I'd love to help with catching errors or the lack of an error message
when something is wrong.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: very confused on userbase parameter

[Chris Bennett]

On Sat, Sep 01, 2018 at 05:50:27PM +, Gilles Chehade wrote:
> 
> I'll describe how things work in this mail so it serves as reference for
> future questions regarding aliases, virtual and userbase:
> 
> Aliases and virtuals are mutually exclusive features that operate at the
> same level, converting an e-mail address into a local user.
> 
> Userbases operate at a lower level, allowing to lookup system details of
> a local user such as uid, gid and home directory.
> 
> You don't have to have aliases or virtuals, but you MUST have a userbase
> which defaults to the system user database when you don't specify one.
> 
> Aliases and virtuals can be seen as functions that take an e-mail as the
> input and produce usernames that _MUST_ exist in the underlying userbase
> as the output, otherwise the recipient will be rejected.
> 
> The difference between aliases and virtuals is subtle but simple:
> 
> - aliases assume that all users on the system are allowed to get e-mails
>   and that the user-part of recipient e-mail addresses are the usernames
>   on the system. the mechanism allows you to provide an OPTIONAL list of
>   transformations in case some recipients have user-parts that are not a
>   system user, and it assumes that if no alias is found, then user-parts
>   must be looked up as real usernames.
> 
> - virtuals assume that users are NOT allowed to get e-mails, unless they
>   are EXPLICITELY allowed on a list. either a transform is found and the
>   recipient is converted into a username, or the recipient is rejected.
> 
> 
> You can receive e-mail if you're not in the aliases list, if you have an
> account on the system with a username matching the user-part.
> 
> You can't receive e-mail if you're not in the virtuals list, EVEN if you
> have an account matching the user-part.
> 
> 
> Now with that being said, converting a recipient into a username doesn't
> help us much if that username doesn't exist for real. We need a uid, gid
> and a home directory, so no matter if you used aliases, virtuals or none
> of them, the username behind a recipient must be found in the user base.
> 

Thanks, this helps a lot

Just one more question.

You reply sounds like I should choose either aliases or virtual, but not
both. Is this correct?

What about programs such as femail? Do they work fine with just
virtuals?

Thanks
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Problem with OpenSMTPD/Amavisd and mails with multiple recipients.

[Chris Bennett]

On Mon, Apr 02, 2018 at 05:25:29PM +, Vijay Sankar wrote:
> Hi Reio,
> 
> It may be better to continue this discussion on the list. That will allow
> people more knowledgeable than I to help you out.
> 
> Re. configuration, I actually use the defaults. Amavisd and OpenSMTPD always
> use SMTP in my case. Re. versions, it is just OpenBSD 6.1 -stable.


Yes, please put everything up. Now that 6.3 is out I want to know how to
get all of this working for my mail. What is wrong is every bit as
helpful as what is right.

For example, should I continue using mbox or change to maildir.
It seems that IMAP may be a better choice.

I currently use neomutt and want to turn on Dovecot for using remote
email readers, but not sure what steps are best.

Thanks,
Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Help setting up anti-spam using Dovecot and whatever with 6.3

[Chris Bennett]

I'd love some help setting up some spam filtering before I turn on
spamd.
I've seen lots of guides, but I really don't know what configuration
would be best. The guides, of course, don't give enough detail that I
can follow. I'm fine using dovecot with postgresql, but I don't know
how to setup the neccesary tables.

I have a very low volume of email, but I'd like to be good should the
volume change (which it possibly might).

Right now, I've only had the server I'm using up for a short period of
time, so I'm fine with any type of changes.

If there is any archive with useful info, where would that be? marc.info
doesn't have anything recent.

Oh yeah, as asked, Hi!
This is so much nicer than the sendmail monster!

Chris Bennett



-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: FAQ question

[Chris Eidem]

Mea cup, mea maxima culpa…

Thank you for the swat with the clue stick.

> On Oct 30, 2017, at 9:54 AM, Bruno Pagani  wrote:
> Both. A passwd table is a passwd table, an auth table is an auth table. The 
> latter is the standard format for OpenSMTPd, the former is a classical format 
> that OpenSMTPd support through the file driver of the same name.
> 
> 

It was the error that Joris pointed out with the {BLF-CRYPT} in the passwd file.

> You’ve missed one line: “A standard OpenBSD installation as well as a recent 
> installation of OpenSMTPD-extras including: table-passwd […] is assumed”.
> 
> Regards,
> Bruno

I did indeed and that was carelessness on my part.  Again, thanks all for the 
correction.

smime.p7s
Description: S/MIME cryptographic signature

FAQ question

[Chris Eidem]

I’m attempting to create a multi-domain opensmtpd+dovecot set up.  I have a 
question about the FAQ example.  In it you have the following line in the 
config:

listen on egress port 587 tls-require pki mail.example.com auth 

and you have the passwd table in the dovecot as follows:

j...@example.com:$2b$...encrypted...password...::
u...@example.net:$2b$...encrypted...password...::userdb_quota_rule=*:storage=1G

But in tables.5 it is stated that auth tables are in this format:

Credentials tables are mappings of credentials. They can be used in two 
contexts:
listen on tls [...] auth  

In a listener context, the credentials are a mapping of username and encrypted 
passwords:
user1   $2b$10$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe 
user2   $2b$10$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK

I am getting failures attempting to connect to my submission port.  The part of 
my config relevant is:
listen on lo0
listen on egress port 25 tls pki mail.ceidem.com
listen on egress port 465 tls-require pki mail.ceidem.com
listen on egress port 587 tls-require pki mail.ceidem.com auth 

with the passwd file:

cei...@ceidem.com:{BLF-CRYPT}$2a$05$...encrypted...password...::

Which is correct?  What have I missed?

Also, in the FAQ, you have the following config section:

# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals

But is it never mentioned that the passwd file driver is included in 
opensmtpd-extras.  Took me a bit to figure that out.  

Thank you for your time,
Chris

smime.p7s
Description: S/MIME cryptographic signature

Re: OpenSMTPD + Archiveopteryx + Virtual user addresses == Baby Jesus crying

[Chris Watson]

Chris Watson, Open Systems
ch...@open-systems.net
CEO, Owner
316-558-0440

PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8  95D0 4A35 6B4D F529 1D0D
PGP Key ID: F5291D0D

> On May 18, 2016, at 2:14 PM, Joerg Jung <m...@umaxx.net> wrote:
> 
> On Wed, May 18, 2016 at 01:48:11PM -0500, Chris Watson wrote:
>> So I’ve been brought up on Sendmail, then later Postfix. Yesterday I decided 
>> to try moving from Postfix to OpenSMTPD. The main reason was because with 
>> Postfix for a remote user you have to install and configure a bunch of other 
>> things to auth before SMTP posting. So when I read OpenSMTPD supported that 
>> internally I jumped. That and I had heard it was much simpler and easier to 
>> maintain.
>> 
>> So a couple of issues have hit me in the face like a sledge hammer. First 
>> let me describe my setup:
>> 
>> I have a virtual host @ rootbsd.net <http://rootbsd.net/>. It hosts my 
>> business website. All web and email goes there.
>> I use a MBP at home to connect to the RootBSD VPS hosting my mail server, 
>> which is now OpenSMTPD. It also hosts Archiveopteryx to act as my IMAP 
>> server and email storage archive. So mail leaves my MBP connects to 
>> OpenSMTPD and then Archiveopteryx to handle outgoing mail. Incoming mail I 
>> connect right to archiveopteryx via IMAP.
>> So my fist issue is virtual aliases. I have tried everything under the sun 
>> to get them to work with OpenSMTPD and clearly I am not understanding the 
>> docs at all.
>> This is such an easy thing to do yet I can’t seem to grasp it with OpenSMTPD.
>> 
>> Here is my config:
>> 
>> # This is the smtpd server system-wide configuration file.
>> # See smtpd.conf(5) for more information.
>> 
>> # To accept external mail, replace with: listen on all
>> listen on localhost
>> #listen on all
>> 
>> # filters and filter chains setup
>> filter filter-pause pause
>> filter filter-regex regex
>> filter filter-dnsbl-sorbs dnsbl
>> filter filter-dnsbl-spamcop dnsbl "-h bl.spamcop.net"
>> filter filter-dnsbl-spamhaus dnsbl "-h sbl-xbl.spamhaus.org"
>> filter filter-spamassassin spamassassin "-s reject"
>> filter filter-clamav clamav
>> filter all chain filter-pause filter-regex filter-dnsbl-sorbs 
>> filter-dnsbl-spamcop filter-dnsbl-spamhaus filter-spamassassin filter-clamav
>> filter sub chain filter-pause filter-spamassassin filter-clamav
>> 
>> # Enable TLS encryption
>> pki -systems.net certificate "/etc/ssl/certs/mail.-systems.net.pem"
>> pki -systems.net key "/etc/ssl/private/mail.-systems.net.key"
>> 
>> # listen on 204.109.61.174 tls pki -systems.net
>> listen on xn0 tls-require pki -systems.net
>> 
>> # If you edit the file, you have to run "smtpctl update table aliases"
>> table aliases file:/etc/mail/aliases
>> table virtuals file:/etc/mail/virtuals
>> table passwd passwd:/etc/mail/passwd
>> 
>> # Allow Archiveopteryx to get sent mail.
>> accept from any for domain “-systems.net" relay via lmtp://127.0.0.1:2026
>> # accept from any for domain “-systems.net" alias  deliver to 
>> mbox
>> 
>> accept for local alias  deliver to mbox
>> accept for any relay
>> 
>> So thing’s seem to work ok as long as the user I am emailing @ 
>> -systems.net <http://-systems.net/> is a valid local user.
>> For instance ch...@-systems.net <mailto:ch...@-systems.net> works 
>> fine, because it is a real user, but chris.wat...@-systems.net 
>> <mailto:chris.wat...@-systems.net>, a virtual user, does not.
>> Obviously because it’s not a local user, it’s an alias. I have beaten my 
>> head senseless trying to grasp how to add virtual users.
> 
> Your config seems to follow the FAQ example.  But you missed the need to
> setup /etc/mail/virtuals table and the use of this table, e.g a:
> ... virtual  
> You also missed the rcpt-to keyword.
> 

Thank you. So the table is defined, table virtuals file:/etc/mail/virtuals.
Then I can get it half working i think using the following:
accept from any for domain “-systems.net" virtual . It won’t work 
with “relay via lmtp” like the line below it does.
So I can’t figure out how to get it to pass virtual users into Archiveopteryx 
via lmtp, as the valid local users mail does.
And the “rcpt-to” keyword is no where in my documentation for smtpd.conf. 
FreeBSD 10.3, OpenSMTPD 5.7.3.
So I am not sure of it’s syntax or function. But so far I was able to deduce 
the following to use lmtp:
accept from any for domain 

OpenSMTPD + Archiveopteryx + Virtual user addresses == Baby Jesus crying

[Chris Watson]

So I’ve been brought up on Sendmail, then later Postfix. Yesterday I decided to 
try moving from Postfix to OpenSMTPD. The main reason was because with Postfix 
for a remote user you have to install and configure a bunch of other things to 
auth before SMTP posting. So when I read OpenSMTPD supported that internally I 
jumped. That and I had heard it was much simpler and easier to maintain.

So a couple of issues have hit me in the face like a sledge hammer. First let 
me describe my setup:

I have a virtual host @ rootbsd.net <http://rootbsd.net/>. It hosts my business 
website. All web and email goes there.
I use a MBP at home to connect to the RootBSD VPS hosting my mail server, which 
is now OpenSMTPD. It also hosts Archiveopteryx to act as my IMAP server and 
email storage archive. So mail leaves my MBP connects to OpenSMTPD and then 
Archiveopteryx to handle outgoing mail. Incoming mail I connect right to 
archiveopteryx via IMAP.
So my fist issue is virtual aliases. I have tried everything under the sun to 
get them to work with OpenSMTPD and clearly I am not understanding the docs at 
all.
This is such an easy thing to do yet I can’t seem to grasp it with OpenSMTPD.

Here is my config:

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# To accept external mail, replace with: listen on all
listen on localhost
#listen on all

# filters and filter chains setup
filter filter-pause pause
filter filter-regex regex
filter filter-dnsbl-sorbs dnsbl
filter filter-dnsbl-spamcop dnsbl "-h bl.spamcop.net"
filter filter-dnsbl-spamhaus dnsbl "-h sbl-xbl.spamhaus.org"
filter filter-spamassassin spamassassin "-s reject"
filter filter-clamav clamav
filter all chain filter-pause filter-regex filter-dnsbl-sorbs 
filter-dnsbl-spamcop filter-dnsbl-spamhaus filter-spamassassin filter-clamav
filter sub chain filter-pause filter-spamassassin filter-clamav

# Enable TLS encryption
pki -systems.net certificate "/etc/ssl/certs/mail.-systems.net.pem"
pki -systems.net key "/etc/ssl/private/mail.-systems.net.key"

# listen on 204.109.61.174 tls pki -systems.net
listen on xn0 tls-require pki -systems.net

# If you edit the file, you have to run "smtpctl update table aliases"
table aliases file:/etc/mail/aliases
table virtuals file:/etc/mail/virtuals
table passwd passwd:/etc/mail/passwd

# Allow Archiveopteryx to get sent mail.
accept from any for domain “-systems.net" relay via lmtp://127.0.0.1:2026
# accept from any for domain “-systems.net" alias  deliver to mbox

accept for local alias  deliver to mbox
accept for any relay

So thing’s seem to work ok as long as the user I am emailing @ -systems.net 
<http://-systems.net/> is a valid local user.
For instance ch...@-systems.net <mailto:ch...@-systems.net> works fine, 
because it is a real user, but chris.wat...@-systems.net 
<mailto:chris.wat...@-systems.net>, a virtual user, does not.
Obviously because it’s not a local user, it’s an alias. I have beaten my head 
senseless trying to grasp how to add virtual users.
I have tried every example on the net, I have read the docs but it’s just not 
clear to me how one creates a simple virtual address.
And I discovered although I did not see it in the docs, you cannot use aliases 
or virtuals with a relay which is an issue because mail is injecting with 
Archiveopteryx via LMTP.
How does one add a simple email virtual user alias when a relay like above is 
involved?
Do I need a usertable? I can’t seem to use any table at all with a relay.

Thanks for any guidance you offer.

Chris Watson, Open Systems
ch...@open-systems.net
CEO, Owner
316-558-0440

PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8  95D0 4A35 6B4D F529 1D0D
PGP Key ID: F5291D0D



signature.asc
Description: Message signed with OpenPGP using GPGMail