Re: Is LDAP+SSL supported?

2020-07-26 Thread gilles
July 25, 2020 2:26 PM, "Éloi Rivard" wrote: >> In my opinion, table-ldap from extras is doomed as it relies on a lib >> that >> is barely maintained and doing LDAP asynchronously is painful. > > Are you saying the support for table-ldap may stop in a near future? > Nope, the table API has

Re: Is LDAP+SSL supported?

2020-07-20 Thread gilles
g LDAP asynchronously is painful. I doubt the code will go much further than it currently does. If the table-procexec work I documented on my blog gets pushed to OpenBSD, then it will ease the writing of a table-ldap with a modern library. Gilles

Re: Sort to different maildir subdirs based on recipient address?

2020-06-30 Thread gilles
June 30, 2020 12:25 PM, "Unicorn" wrote: >> You have two methods to achieve what you want: >> >> 1- use a smarter mda, such as `fdm`, which allows you to specify >> where mails are supposed to be delivrered based on rules. in this >> case, you would simply have a rule that recipient address

Re: Sort to different maildir subdirs based on recipient address?

2020-06-30 Thread gilles
fdm`, which allows you to specify where mails are supposed to be delivrered based on rules. in this case, you would simply have a rule that recipient address blog@ should land in .Blog 2- alias blog to admin+blog instead of admin, this way when smtpd extracts email extension, it will check if a .blog folder exists and deliver there if exists but this is more limited that a real classification. Gilles

Re: syslog logging changed ?

2020-06-30 Thread gilles
I'm going to investigate this, I don't recall anything change in there but there's been tons of portable specific cleanup so it might just have introduced a regression. Gilles June 26, 2020 8:33 PM, "Reio Remma" wrote: > On 26.06.2020 18:03, Harald Dunkel wrote: &

Re: Newbie config question

2020-06-05 Thread gilles
On my phone but I'll show you tomorrow if no one answers before, this is trivialGillesOn Jun 5, 2020 18:28, David Favor wrote:I've been wrestling with this for days with no progress. Can someone drop me a v6.6.4 config to do something similar to the following.     da...@davidfavor.com   -

Re: "bouncing messages from ..." (was: request (privately) for maillog)

2020-06-03 Thread gilles
I've done some maintenance on all mail servers this night, it's going to be a bit shaky today June 4, 2020 7:01 AM, ml+opensmtpd_m...@esmtp.org wrote: > Happened again for me. Anyone else?

Re: Unable to remove mail from queue

2020-06-03 Thread Gilles Chehade
this is due to a short-coming with how inflight envelopes are handled: when a mail is passed from scheduler to mta, it is marked as "inflight" and can't be removed until it comes back to scheduler. this is usually not a big deal because an envelope is marked inflight only a few seconds

Re: Hello@All

2020-05-29 Thread gilles
May 28, 2020 10:51 AM, drav...@dravionsoftware.com wrote: > Hi, > Hi, > I want to introduce myself to the list ;d > Welcome > By the way, is there anybody out there, tried to make OpenSMTPD work on > Cygwin/Windows? > > I was able to built OpenSMTPD under Windows Subsystem for Windows

Re: new table backends

2020-05-27 Thread gilles
May 27, 2020 2:27 AM, "Edgar Pettijohn" wrote: > > [...] > > Sweet. Looking at > https://github.com/poolpOrg/go-opensmtpd/blob/master/table/table.go > seems like it will be pretty simple to write some nice tables. > yes, I have also written a py-opensmtpd interface to table API ... ... and

new table backends

2020-05-26 Thread gilles
operations of table API. A sample table-example.go is available here to see how a backend looks like: https://gist.github.com/poolpOrg/b3b97a65791a11a49f5e76ea51331ae4 If people are willing to help implement some backends, hit me up Cheers, Gilles

Re: Including remote addresses in smtpd syslog output

2020-05-26 Thread gilles
eason=quit With this split, human log vs reporting api for tools, tomorrow we can decide in the sample above to rename "message" into "msg" knowing that human readers will not be affected and that scripts will not break as long as they use that reporting API. Hope it clarifies a bit, Gilles

OpenSMTPD 6.7.1p1 released

2020-05-21 Thread gilles
Hello, Two bugs were spotted by package maintainers right after the 6.7.0p1 release: a- a packaging issue causing asr.h to be installed on the host system b- a possible crash when the MTA establishes an IPv6 connection I have rolled a minor release with the two bug fixes applied.

WIP: filter-prometheus

2020-05-20 Thread gilles
don't have much experience with prometheus, so if some of you are prometheus users and want to contribute let me know :-) Gilles

Announce: OpenSMTPD 6.7.0p1 released

2020-05-19 Thread gilles
OpenSMTPD 6.7.0p1 has just been released. OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range

Re: Questions about the proc-exec filter API

2020-05-19 Thread gilles
Here is fine yes May 19, 2020 3:46 AM, po...@protonmail.com (mailto:po...@protonmail.com) wrote: OpenSMTPd 6.7.0 Based upon Filters(7) I have written a proof-of-concept filter which is functioning properly I have several questions about the details of the API. Is this the most appropriate

Re: plain text authentication

2020-05-12 Thread gilles
ion methods relying on challenges. OpenSMTPD supports PLAIN AUTH, what it doesn't support is authentication outside of a TLS channel. So yes, you can use OpenSMTPD with plain authentication BUT you can't use authentication if you do not setup TLS first. Gilles

Re: .forward format and usage

2020-04-05 Thread gilles
April 5, 2020 2:47 AM, "grmat" wrote: > Hi there, > Hello, > I'd like to setup GNU Mailman with OpenSMTPD. In #1040[1], poolpOrg told > me command processing is to be done with a .forward file instead of > aliases: > >> I think aliases should not support command processing at all as

Re: "bouncing messages from ..." (was: request (privately) for maillog)

2020-02-25 Thread gilles
February 26, 2020 8:30 AM, gil...@poolp.org wrote: > February 24, 2020 9:08 PM, gil...@poolp.org wrote: > >> February 24, 2020 6:54 PM, ml+opensmtpd_m...@esmtp.org wrote: >> >>> On Mon, Feb 24, 2020, Peter J. Philipp wrote: >> >> I got another "bouncing messages from misc@opensmtpd.org"

Re: "bouncing messages from ..." (was: request (privately) for maillog)

2020-02-25 Thread gilles
m investigating but I suspect it is an issue with mlmmj, > I get the same bounces ... and I'm local. > I can confirm it is an issue with mlmmj, there's no failed SMTP attempt for any of you who reported getting this message. Gilles

Re: "bouncing messages from ..." (was: request (privately) for maillog)

2020-02-24 Thread gilles
such a failed delivery (I asked for more info the previous > time it happened but so far nobody replied) so together with this > report it seems the problem might be on the server side? I'm investigating but I suspect it is an issue with mlmmj, I get the same bounces ... and I'm local. Gilles

OpenSMTPD 6.6.4p1 released: addresses CRITICAL vulnerability

2020-02-24 Thread gilles
Hello misc@, Qualys has found another critical vulnerability in OpenSMTPD. It is very important that you upgrade your setups AS SOON AS POSSIBLE. I can't comment yet as I was not involved in the bug fixing this time, and didn't see the advisory, just the resulting bug fix diff. I'll comment

OpenSMTPD 6.6.3p1 released

2020-02-10 Thread gilles
Hello, I have just released the minor version 6.6.3p1 of OpenSMTPD. Following the advisory from Qualys late January, I have discussed various mitigation on my blog: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ Several were implemented in OpenBSD -current and this new

Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current

2020-02-03 Thread gilles
mail.local needs to be updated too February 3, 2020 6:11 PM, "Scott Vanderbilt" wrote: > On 2/3/2020 8:11 AM, Gilles Chehade wrote: > >> On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: >>> I'm starting to get several log entries for several er

Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current

2020-02-03 Thread Gilles Chehade
On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: > I'm starting to get several log entries for several errors of type: > > 553ORCPT address syntax error > > The error is intermittent since the server is able to process other incoming > mails without error. For instance, I just

OpenSMTPD advisory dissected

2020-01-31 Thread gilles
Hello, I have written a detailed write-up about the recent event: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ Hope it clarifies what happened and what we intend to do to avoid it in the future. Gilles

Re: Interim mitigation for CVE-2020-7247

2020-01-29 Thread gilles
January 29, 2020 12:19 PM, "Andreas Broecking" wrote: > Hi all, > > first of all, thanks Gilles for the heads-up and a fix on short notice. > > For people like me who relay on the portable version and for systems which > relay on built packages > as they l

OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability

2020-01-28 Thread gilles
Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll take time to write about how this bug was made possible,

Re: often (but not always) two envelopes per mail in queue

2020-01-27 Thread gilles
January 27, 2020 8:00 PM, "Tassilo Philipp" wrote: > Ok, I have a better idea now... > >>> a- an envelope is created for each RCPT TO in a transaction... >>> b- ... and additional envelopes may be created by aliases _during_ that >>> RCPT TO >> >> Thanks a ton for those two pointers, I'll

Re: often (but not always) two envelopes per mail in queue

2020-01-27 Thread gilles
January 27, 2020 11:49 AM, "Tassilo Philipp" wrote: > Hello, > > I noticed that for most emails I submit through my instance of OpenSMTP, > there are most of the time > (but interestingly not always) two envelopes in the queue. However, mail > delivery works fine, and > only one copy arrives

Re: filter oddities

2020-01-25 Thread gilles
January 25, 2020 9:21 PM, "Edgar Pettijohn" wrote: > On 01/25/20 14:20, gil...@poolp.org wrote: > >> January 25, 2020 8:50 PM, "Edgar Pettijohn" wrote: >> >>> I haven't seen any mention of this, but for some reason in my limited >>> "testing" of filters I have >>> to use \r\n in my responses

Re: filter oddities

2020-01-25 Thread gilles
January 25, 2020 8:50 PM, "Edgar Pettijohn" wrote: > I haven't seen any mention of this, but for some reason in my limited > "testing" of filters I have > to use \r\n in my responses to smtpd. Is this normal? Doesn't seem to be > documented and what > filters I've looked at don't appear to be

Re: smtpd-filters.7 patch

2020-01-25 Thread gilles
The diff reads ok but I wonder why you removed this sentence: -No decision is ever taken by the report stream. I think it made it a bit more clear that reporting is informative only.

Re: Skip recipient verification and forward everything to a LMTP socket

2020-01-22 Thread gilles
January 22, 2020 9:53 AM, "Éloi Rivard" wrote: >> What about RFC 1891? Is there an option to disable use of additional >> parameters such as ORCPT [1] to ensure compatibility with smtp tools that >> does >> not support this standard? > > Actually I was misunderstanding this. There is no issue

Re: Skip recipient verification and forward everything to a LMTP socket

2020-01-20 Thread gilles
ORCPT is only emitted if peer advertises support for it: if (s->ext & MTA_EXT_DSN) { mta_send(s, "RCPT

Re: Skip recipient verification and forward everything to a LMTP socket

2020-01-18 Thread gilles
January 15, 2020 6:03 PM, "Éloi Rivard" wrote: > Hi, > > I would like to put a OpenSMTPD server in front of a sourcehut lists > installation [1] (that is, a mailing list system for sourcehut). > OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is > my configuration (without

Re: catch all aliases per users/aliases

2020-01-08 Thread gilles
January 8, 2020 4:11 PM, "Mathieu Roy" wrote: > Hi there, > Hi, > I'd be interested to replace my current exim setup (DKIM, SPF, greylisting, > bogofilter, > spamassassin, pyzor, etc) by opensmtpd. > > I am using exim since decades (and am satisfied) now but opensmtpd setup > seems more

Re: Sendmail reporting 421 4.3.0 Temporary Error

2020-01-06 Thread gilles
for the record, solved off-list on IRC: permission on directories within the queue had been altered. January 6, 2020 2:19 AM, "jrmu" wrote: > Greetings, > > I am running OpenBSD 6.6 GENERIC#3 amd64 and getting an > inexplicable 421 4.3.0 Temporary Error when using > sendmail with opensmtpd.

Re: Questions About Filters

2020-01-03 Thread gilles
January 4, 2020 12:25 AM, "Antonino Sidoti" wrote: > Hello, > Hello, > I have some basic questions about filters? > > What do we need to negate the rdns for the following command? > > filter f01 phase connect match !rdns disconnect "550 missing rDNS” > I'm unsure I understand this

Re: fix build on netbsd

2019-12-04 Thread Gilles Chehade
??/* Recent system/libressl implementation; no need for explicit stir */ > with this, your build is fixed ? I've been fixing the .c part of openbsd-compat but haven't worked on the .h part yet, will have look at it -- Gilles Chehade @poolp

CVE-2019-19521 what about OpenSMTPD ?

2019-12-04 Thread Gilles Chehade
're using OpenBSD, it's technically possible but unlikely. You can check by going through your logs and looking for user "-schallenge". The bypass only makes sense for setups that expose auth and provide rules to match auth users. If you have questions, you can follow up to this mail, Cheers,

Re: Exploit CVE-2019-19521?

2019-12-04 Thread Gilles Chehade
e "real world" to exploit > this to relay arbitrary messages (e.g. spam)? > Yes it would have been most definitely possible now if you have yourself relayed spam, I'll tell you that it's very unlikely this was used. -- Gilles Chehade

Re: Virtual domains & Virtual Users...

2019-11-23 Thread gilles
November 23, 2019 5:08 PM, "Implausibility" wrote: > Hi again. > > My mail server has been running fine since last weekend, and I'm trying to > expand its functionality > by including the ability to send and receive mail for my list of domains, and > for eMail addresses > which forward to

portable layer rework

2019-11-19 Thread gilles
won't spot either one of the two issues I solved above as they occur at startup / runtime You can help us make the portable branch really good in a very short time and on the long term by testing and reporting regularly that the portable branch still works for you. Gilles

Re: Primary Domains vs. Virtual Domains - what's the difference?

2019-11-18 Thread gilles
recipient MUST exist in the table >> to be valid. > > Can virtual users be used with sub-addresses, e.g user+...@virtualdomain.org ? > > When I tried that (some time ago) it failed saying that the user did not > exist. > It has worked for years so without more information I can't help with why it failed Gilles

Re: Primary Domains vs. Virtual Domains - what's the difference?

2019-11-18 Thread gilles
November 17, 2019 5:19 PM, "Implausibility" wrote: > I'm reading the man pages for makemap, and there are two types of database > maps described, as per > $subject. > > What are the functional / operational differences between Primary & Virtual > Domains? When when I > choose one over the

Re: opensmtpd setresgid ubuntu crash

2019-11-16 Thread Gilles Chehade
e-effects because the openbsd-compat setresuid() function will do some funny things. The portable branch should work again for all. Writing this from a Debian/arm64 with a working smtpd -- Gilles Chehade @poolpOrg https://www.poolp.org

Re: opensmtpd setresgid ubuntu crash

2019-11-15 Thread Gilles Chehade
Try using the 6.6.1p1 tag, I'm currently reworking the dev branch to completely revamp compat layer, things will be shaky for the next few daysOn Nov 15, 2019 11:22, Martijn van Duren wrote:EHLO, I'm currently trying to port filter-dnsbl to ubuntu, but I'm stuck at not being able to startup

Re: 6.6.1p1 fails to build on Void Linux

2019-11-11 Thread Gilles Chehade
ncies with headers and such. This may be the case here ? I'm on my openbsd laptop right now, as soon as I boot on a Linux one I will try to build on void linux and get back to you, cheers. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https

Re: 6.6.1p1 fails to build on Void Linux

2019-11-11 Thread Gilles Chehade
Very likely libevent is missing... I fixed a configure bug where missing libevent caused a SSL test to fail and thus lead to a confusing error. > On 12 Nov 2019, at 00:28, epektasis wrote: > > I'm trying to build opensmtpd-6.6.1p1 on an updated Void Linux. Already > overcame a couple of

New portable release 6.6.1p1 released yesterday

2019-11-06 Thread gilles
Hello misc@, I have released OpenSMTPD 6.6.1p1 yesterday. The release is very close to 6.6.0p1, it however fixes all known portable issues, ranging from OpenSSL vs LibreSSL build or runtime errors to Glibc vs Musl errors. If you were using an older version of OpenSMTPD because your disto did

Re: builtin filter regex question

2019-10-31 Thread gilles
October 24, 2019 8:35 PM, "Joerg Jung" wrote: > Hi, > > I used some regex filters in the past which I'm trying to convert to the > latest builtin filters. In particular, I stumbled over a HELO filter, > which rejects non-FQDN HELO forcing SMTP protocol, aka: > Sendmail FEATURE(block_bad_helo)

Re: Mailing list expansion problem.

2019-10-31 Thread gilles
This error occurs when aliases expansion encounters an error during its processing, there's not enough info here to understand what happened in the expansion loop: - it is likely a table content issue either in virtuals or in userinfo table or both - using `smtpd -dv -T expand` will help you understand what went wrong during expansion Gilles

Re: Accept mail for all recipients

2019-10-31 Thread gilles
catch all are a virtual thing, they don't work for aliases October 26, 2019 12:51 PM, "Reio Remma" mailto:r...@mrstuudio.ee?to=%22Reio%20Remma%22%20)> wrote: On 26/10/2019 13:35, Sergey Seacher wrote: Hello! How can I make, opensmtpd accept mail for all recipients: that are present in the file

Announce: OpenSMTPD 6.6.0 released

2019-10-26 Thread Gilles Chehade
on IRC for more informations. Reporting Bugs: === Please read http://www.opensmtpd.org/report.html Security bugs should be reported directly to secur...@opensmtpd.org Other bugs may be reported to b...@opensmtpd.org -- Gilles Chehade

Re: Portable buildung issues

2019-10-22 Thread gilles
the heads up. Last time I have been using libressl 2.9.2, I'll > give 3.0.1 a go, it > happens to be in the repos as well, just not marked as stable. > > Ede > > Am 22.10.19 um 16:28 schrieb Gilles Chehade: > >> Sorry, will expand: >> We're in between two Libr

Re: Portable buildung issues

2019-10-22 Thread Gilles Chehade
and portable but we're kind of in a time warp right now in between two versions. On Tue, Oct 22, 2019, 16:23 Gilles Chehade wrote: > LibreSSL is supported and recommended, this really needs to be fixed > before the 6.6.0p1 portable release. > > On Tue, Oct 22, 2019, 14:44 John Smith wrote

Re: Portable buildung issues

2019-10-22 Thread Gilles Chehade
LibreSSL is supported and recommended, this really needs to be fixed before the 6.6.0p1 portable release. On Tue, Oct 22, 2019, 14:44 John Smith wrote: > Hello, > > thanks very much for all your replies. In deed, I rebuild world replacing > openssl with libressl, basically only for opensmtpd.

Re: Portable buildung issues

2019-10-22 Thread gilles
we really really really need more details, I have no idea what system that is :-) October 22, 2019 1:38 PM, "John Smith" wrote: > Hello, > > cloned today, I am having problems building smtpd. After configure: > > /data/git/opensmtp # make > make all-recursive > make[1]: Entering directory

Re: upcoming 6.6.0 release

2019-10-17 Thread Gilles Chehade
On Thu, Oct 17, 2019 at 03:07:45PM +0300, Reio Remma wrote: > On 17/10/2019 15:06, Gilles Chehade wrote: > > On Thu, Oct 17, 2019 at 02:54:26PM +0300, Reio Remma wrote: > > > On 17/10/2019 14:20, gil...@poolp.org wrote: > > > > Hello misc@, > > > > &

Re: upcoming 6.6.0 release

2019-10-17 Thread Gilles Chehade
had unexpected hand surgery and > > doing the tests myself is extremely long. > > > > Please report as a follow up to this mail what you did test, > > > > > > Hello! Do you have any pointers as to what an SRS key should look like? > just make it something hard to guess :-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

upcoming 6.6.0 release

2019-10-17 Thread gilles
is extremely long. Please report as a follow up to this mail what you did test, Thanks, Gilles

Re: filter-rspamd DKIM checks failing intermittently.

2019-10-16 Thread Gilles Chehade
to Rspamd like that made DKIM alignment tests > fail, because body hash came out wrong. > > A pull request has been submitted with a fix. > nice catch :-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: filter-rspamd DKIM checks failing intermittently.

2019-10-13 Thread Gilles Chehade
Very likely yes, can you give it a try ? On Sun, Oct 13, 2019, 15:15 Reio Remma wrote: > On 13.10.2019 16:09, Reio Remma wrote: > > On 13.10.2019 16:05, Gilles Chehade wrote: > > I don't think that is the issue, it is probably the filter-rspamd > reconstruction of the message

Re: filter-rspamd DKIM checks failing intermittently.

2019-10-13 Thread Gilles Chehade
I don't think that is the issue, it is probably the filter-rspamd reconstruction of the message that is incorrect. On Sun, Oct 13, 2019, 15:00 Martijn van Duren wrote: > On 10/13/19 1:59 PM, Reio Remma wrote: > > Hello! > > > > I finally moved to Rspamd (2.0) on my production server and I'm

Re: Repeated 421 try again later erros

2019-10-10 Thread gilles
definitely rspamd given the message October 9, 2019 10:41 PM, "Reio Remma" mailto:r...@mrstuudio.ee?to=%22Reio%20Remma%22%20)> wrote: On 09.10.2019 23:13, Matt Schwartz wrote: Hello List, I am getting a lot of repeated 421 try again later errors from various lists that I am a member of. There is

Re: Repeated 421 try again later erros

2019-10-10 Thread gilles
October 9, 2019 10:13 PM, "Matt Schwartz" wrote: > Hello List, > > I am getting a lot of repeated 421 try again later errors from various lists > that I am a member of. > There is one in particular that is coming from outbound.foodtecsolutions.com. > Here is an excerpt > from my

Re: need help

2019-09-30 Thread gilles
September 30, 2019 4:25 PM, "Denis Fondras" wrote: > On Mon, Sep 30, 2019 at 01:55:28PM +, gil...@poolp.org wrote: > >> Hello, >> >> I'd like to bring native support for SPF in OpenSMTPD in a future release, >> but for this I need a bit of help to make sure my SPF resolver works fine. >>

Re: need help

2019-09-30 Thread gilles
September 30, 2019 4:51 PM, "Joel Carnat" wrote: > Le 30/09/2019 15:55, gil...@poolp.org a écrit : > >> Hello, >> I'd like to bring native support for SPF in OpenSMTPD in a future > release, >> but for this I need a bit of help to make sure my SPF resolver works > fine. >> I have created a

Re: need help

2019-09-30 Thread gilles
I'll investigate that, but spfwalk isn't a real SPF resolver and may yield incorrect results, it just helps a bit. September 30, 2019 4:27 PM, "Nick Ryan" wrote: > Seems to work fine for some hosts but not gmail.com or outlook.com > > mail3$ smtpctl spf walk < 1 (this is gmail.com) >

Re: need help

2019-09-30 Thread gilles
yup September 30, 2019 4:23 PM, "Chris Bennett" wrote: > ./spf no-seas-necio.ninja 162.255.139.10: pass > ./spf no-seas-necio.ninja 162.255.139.11: soft-fail > > Which matches my spf entry. v=spf1 mx ~all. > Is that the correct response? > > Chris Bennett

Re: need help

2019-09-30 Thread gilles
yes, this is debug code which i don't want to spend time making portable ;-) September 30, 2019 4:10 PM, "Reio Remma" wrote: > On 30/09/2019 16:55, gil...@poolp.org wrote: > >> Hello, >> >> I'd like to bring native support for SPF in OpenSMTPD in a future release, >> but for this I need a

need help

2019-09-30 Thread gilles
Hello, I'd like to bring native support for SPF in OpenSMTPD in a future release, but for this I need a bit of help to make sure my SPF resolver works fine. I have created a repository with a standalone executable that performs the SPF lookup and checks if an IP address is allowed to send on

Re: table-passwd

2019-09-18 Thread gilles
September 18, 2019 9:38 AM, gil...@poolp.org wrote: > On my setup, file /etc/mail/accounts is a simple two columns > username/password table: > > # head -1 /etc/mail/accounts.txt > gil...@poolp.org:$2b$09$0ek9ozmo1u0mSsiRo/z2AumROLK.70T9A6bP3mFDqb38L0sC5RvT6 > # obviously I replaced my real

Re: table-passwd

2019-09-18 Thread gilles
September 17, 2019 11:41 PM, "Edgar Pettijohn" wrote: > On Sep 17, 2019 9:05 AM, Gilles Chehade wrote: > >> Hello, >> >> Is there anyone using table-passwd for _any_ other purposes than sharing >> with Dovecot ? >> >> I have built a fully

table-passwd

2019-09-17 Thread Gilles Chehade
and if it was not created because soneone had overlooked the first few lines of the Dovecot documentation stating: "For a password database, it's enough to have only the user and password fields." -- Gilles Chehade @poolpOrg https://www.poolp.org

Re: Failed logins hammer/filter.

2019-09-17 Thread Gilles Chehade
s from compromised hosts so filtering on !rdns, !fcrdns and matching some common dynamic patterns kills the bulk of them. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: Filters and rctp-to rewrite.

2019-09-09 Thread gilles
gt;> Reio >> > It is not. > > What you might be able to do is add an additional header and somehow let > an lmtp server make the decision based on the header. > > I haven't used lmtp myself, no clue if this actually works, but it's > worth investigating :-) >

Re: Filters and rctp-to rewrite.

2019-09-09 Thread gilles
September 9, 2019 3:37 PM, "Reio Remma" wrote: > Hello! > Hello, > Slowly digging into filters. > > Now I'm curious if it's possible to modify the recipient after say spam check > in data-line? I get > the impression that rewriting rcpt-to at that stage is impossible, but my > goal would

Re: OpenSMTPD-Logwatch script.

2019-09-05 Thread gilles
Yes, see the smtpd.conf(5) man page: filter myreporter proc-exec "/tmp/reporting.sh" listen on [...] filter myreporter September 5, 2019 10:30 AM, "Reio Remma" wrote: > On 03/09/2019 21:32, gil...@poolp.org wrote: > >> September 3, 2019 8:29 PM, "Reio Remma" wrote: >> >>> On 27.04.2018

Re: New syntax and virtual aliases to remote addresses.

2019-09-05 Thread gilles
could be interesting to implement a tls builtin filter, so you could: filter check-tls phase mail-from match !tls junk and flag non tls options as spam, without discarding them completely September 5, 2019 8:38 AM, "Reio Remma" wrote: > On 02/09/2019 18:37, Reio Remma wrote: > >> On

Re: Building 6.4.2p1 without ssl?

2019-09-02 Thread gilles
t build again, so the next release (6.6.0) due in a few weeks will build fine for you on any supported system that ships with OpenSSL 1.1.x. There is no way to disable TLS support, this is a mandatory dependency just like libevent. Gilles

Re: New syntax and virtual aliases to remote addresses.

2019-09-02 Thread gilles
September 2, 2019 3:35 PM, "Reio Remma" wrote: > Hello! > > I was able to have virtual aliases pointing to external addresses with the > old syntax, but it > doesn't seem to work like that with new rules: > Not awake enough to process what follows but the new syntax certainly allows this as

Re: OpenSMTP as a library

2019-09-02 Thread gilles
September 2, 2019 3:59 PM, "Manfred Rebentisch" wrote: > Hello, > I am new to OpenSMTP and in this mailinglist. > Hello and welcome, > Is it possible to use OpenSMTP as a library to use mail send > functionality from my C / C++ software? > > I want to replace the old and unsupported esmtp

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-28 Thread Gilles Chehade
L 1.0.2k as the max version and with OpenSSL 1.1.1c > compiled into OpenSMTPD I can run the new OpenSMTPD version on a machine > with CentOS 7's old OpenSSL version. > > I had to add -pthreads and -ldl to pass 'make' with the static OpenSSL > libraries. Without these I ran into errors hinting at threads and dl. > > I'm a little wary of just forcibly replacing the whole OpenSSL 1.0.2k on a > production machine. :) > Understood ! OpenSSL 1.0.x is going to be supported until 2019-12-31 so this will get solved by itself soon ;-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-28 Thread gilles
28 août 2019 00:00 "Reio Remma" a écrit: > On 27.08.2019 21:25, Richard Narron wrote: > >> The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD >> works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 >> It took me a while to get it to work though. >> I first

Re: OpenSMTPD build on OpenSSL 1.1.x

2019-08-28 Thread gilles
Hello, 27 août 2019 20:25 "Richard Narron" a écrit: > The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD > works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 > Yay ! > It took me a while to get it to work though. > > I first downloaded the "current"

Re: tags on the portable branch?

2019-08-26 Thread Gilles Chehade
On Sun, Aug 25, 2019 at 07:16:23AM +0200, Harald Dunkel wrote: > Hi Gilles, > > On 8/24/19 9:14 PM, Gilles Chehade wrote: > > > > This is expected. > > > > Version 6.4.x only builds with LibreSSL or OpenSSL 1.0.x > > > > do you think it wo

Re: stumped on virtual aliases

2019-08-24 Thread Gilles Chehade
expand-only \ > > virtual > > action deliver_virtual_set \ > > maildir \ > > userbase > > > > # MATCHES > > # --- > > match from any \ > > for domain \ > >

Re: Service names in listen on directives

2019-08-24 Thread Gilles Chehade
On Sat, Aug 24, 2019 at 10:16:26PM +0200, Martijn van Duren wrote: > On 8/24/19 10:06 PM, Gilles Chehade wrote: > > On Sat, Aug 24, 2019 at 12:32:05PM -0700, Darren S. wrote: > >> OpenBSD 6.5 amd64 > >> OpenSMTPD 6.5.0 > >> > >> port [port]

Re: Service names in listen on directives

2019-08-24 Thread Gilles Chehade
und it curious that `submission` may be used in place of a port > number but not the other service names. > this is because `smtp' and `smtps` are keywords, so they must be quoted: listen on lo port "smtp" -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: tags on the portable branch?

2019-08-24 Thread Gilles Chehade
> This is expected. Version 6.4.x only builds with LibreSSL or OpenSSL 1.0.x See: https://poolp.org/posts/2019-07-27/july-2019-report-tons-of-smtpd-work-mostly/ -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: table api question

2019-08-24 Thread gilles
24 août 2019 02:59 "Edgar Pettijohn" a écrit: > I am writing a table-lua, however the table_lua_update function doesn't > appear to be called. > Here are relevant pieces of the code. > > The lookup function works. However, it would be more ideal to have the > update() called early > to fill

Re: tags on the portable branch?

2019-08-22 Thread Gilles Chehade
ficial" source > package for Debian and Fedora/RedHat. > you mean like this ? :-) https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/opensmtpd-6.4.2p1 -- Gilles Chehade @poolpOrg https://www.poolp.org patreon: https://www.patreon.com/gilles

Re: smtpd not passing data to rspamd

2019-08-22 Thread Gilles Chehade
On Wed, Aug 21, 2019 at 08:06:58PM +, Thomas Smith wrote: > > ? Original Message ? > On Wednesday, August 21, 2019 8:28 AM, Gilles Chehade > wrote: > > > On Wed, Aug 21, 2019 at 03:22:39PM +, Thomas Smith wrote: > >

FLOSS Weekly 543 OpenSMTPD

2019-08-21 Thread Gilles Chehade
Hello everyone, I was invited to talk a bit about SMTP and OpenSMTPD in FLOSS Weekly. Here is the link in case you're interested: https://twit.tv/shows/floss-weekly/episodes/543 Cheers -- Gilles Chehade @poolpOrg https://www.poolp.org

Re: smtpd not passing data to rspamd

2019-08-21 Thread Gilles Chehade
n filter "rspamd" > > 'smtpd -d -v': > debug: smtp: listen on x.x.x.x port 25 flags 0x2401 pki "" ca "" > > I also don't see any debug messages regarding rspamd. > your config is correct -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles

Re: Question about OpenSMTPD and Debian package and filters/spam filtering

2019-08-21 Thread Gilles Chehade
t; server.pragmasec.nl auth > table vdomains file:/etc/mail/domains > table vusers file:/etc/mail/vusers > expire 7d > limit mta inet4 > accept from any for domain virtual deliver to mda > "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}" > accept from loca

Re: forcing SMTP authentication

2019-08-21 Thread Gilles Chehade
s+auth://t-onl...@mail.t-online.hu auth > That last rule is essentially "accept from any for (pretty much) any" so you have created an open relay. Replace the "from any" with "from local" so the rule reads as: accept from local for ! domain 486.hu relay

Re: filter assistance requested

2019-08-20 Thread Gilles Chehade
as well. > > So there are 2 problems. First my script doesn't appear to acurately > determine that the headers are finished. Second mail > doesn't go through. Any suggestions are appreciated. > This error occurs when you don't have at

  1   2   3   4   5   6   7   8   9   >