Re: How do I only allow relay for authenticated users?

2017-09-24 Thread Kevin
Hi, On 09/24/2017 12:12 PM, Bruno Pagani wrote: Hi, Le 24/09/2017 à 20:48, Kevin a écrit : My question is: how do I only allow relay for authenticated users? #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net auth Just `accept from local` instead of `from any

pony express: smtpd: bind: Cannot assign requested address

2017-09-24 Thread Kevin
agent exiting smtpd[21206]: debug: queue -> pony express: pipe closed smtpd[21207]: debug: scheduler -> control: pipe closed smtpd[21207]: debug: scheduler agent exiting smtpd[21202]: debug: ca -> control: pipe closed smtpd[21202]: debug: ca agent exiting smtpd[21206]: debug: queue age

How do I only allow relay for authenticated users?

2017-09-24 Thread Kevin
en I can't receive email for my domains as an MX server. -- Kevin -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

warn: unable to load CA file /etc/ssl/cert.pem: No such file or directory

2017-09-24 Thread Kevin
a new mail. I can workaround it with a symlink: # ln -s /etc/pki/tls/cert.pem /etc/ssl/cert.pem smtp-out: Server certificate verification succeeded on session [...] But I thought it was worth reporting to check if I'm doing something wrong or there's a bug. -- Kevin -- You received this mail beca

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
information when you're seeking help from the list is just stupid. Even the *tiniest detail* can be THE key to solving your issue. Disclose anything or figure it out on your own. Kevin

unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
. My config files are ostensibly the same as those on the HOWTO page. Obviously happy to post them if needed. Thanks, Kevin

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
On Thu, Oct 3, 2019 at 8:55 AM Reio Remma wrote: > On 03.10.2019 18:34, Kevin wrote: > > If I can send the domain email, if I can retrieve email via Dovecot, if I > can send mail to myself from the server's CLI (and even retrieve it > remotely via my mail client), it seems like th

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
On Thu, Oct 3, 2019 at 12:36 AM Peter N. M. Hansteen wrote: > On Wed, Oct 02, 2019 at 11:33:58PM -0700, Kevin wrote: > > Hi all, > > > > Having just followed the setup instructions on Gilles HOWTO page here: > > > > > > > https://poolp.org/posts/2019-09-

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
ep redis _redis 86838 0.0 0.3 14468 2860 ?? S 11:41PM0:19.81 redis-server: /usr/local/sbin/redis-server 127.0.0.1:6379 (redis-server) On Thu, Oct 3, 2019 at 9:11 AM Edgar Pettijohn wrote: > Could you post your config. > > Thanks > On Oct 3, 2019 10:34 AM, Kevin wrote: >

Xombrero and the presentation link

2014-08-07 Thread Kevin Chadwick
Hi, Firstly I haven't used smtpd outside of it's default config yet but intend to as a backup relay today and later move my main server, so thanks for creating OpenSMTPD when trying to view the presentation with xombrero I enabled javascript but the controls do not appear and using the url bar

Re: [Bulk] Xombrero and the presentation link

2014-08-07 Thread Kevin Chadwick
previously on this list Kevin Chadwick contributed: when trying to view the presentation with xombrero I enabled javascript but the controls do not appear and using the url bar is a bit cumbersome. Print works well though; printing the whole presentation as a pdf

slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
If the only nameserver entry in /etc/resolv.conf is say 127.0.0.1 or localhost such as when using unbound couldn't opensmtpds resolver read that line and chroot without issues like dhcp changes? -- ___ 'Write programs that do

Re: slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
On Thu, 7 Aug 2014 18:34:19 +0200 Alexander Schrijver wrote: without issues like dhcp changes? I think the problem is that you can't read the file again after being chrooted. So you won't know if it's updated. Yeah I'm not sure whether it is worth the effort but I was thinking if a user

Re: slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
On Thu, 7 Aug 2014 19:39:28 +0200 Alexander Schrijver wrote: Yeah I'm not sure whether it is worth the effort but I was thinking if a user has set a localhost as the nameserver then can we be very close to certain that they are not going to change the resolv.conf? Having two DNS

Re: slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
On Thu, 7 Aug 2014 20:41:39 +0200 Gilles Chehade wrote: Nope there's currently no way to turn chrooting for the lookup process. It's not really a resolver thing, we could have the resolver code in a chroot with some refactoring, but we need a process that does not run chrooted for other

Can smtps replace starttls and is there any point

2014-08-08 Thread Kevin Chadwick
I am not talking about submission which I guess is what the smtps option is for and I know GPG is the best method and I also know that spamd causes plain text transmissions. With STARTTLS I believe there is a clear text race where an attacker can create a response stating STARTTLS is unsupported

Re: Can smtps replace starttls and is there any point

2014-08-08 Thread Kevin Chadwick
previously on this list Kevin Chadwick contributed: With STARTTLS I believe there is a clear text race where an attacker can create a response stating STARTTLS is unsupported resulting in cleartext transmission which I believe would not be the case for smtps. If as I guess there isn't any

Re: Can smtps replace starttls and is there any point

2014-08-08 Thread Kevin Chadwick
previously on this list Gilles Chehade contributed: that connection can be man-in-the-middle'd, which leads to the attacker being able to make it appear so that the mailserver doesn't support STARTTLS. I've seen this in practice at my old school for one. Yes, I know that :-)

recipients and greyscanner

2014-08-11 Thread Kevin Chadwick
I may have come across some information about rewriting envelopes but I am struggling to find it right now. With OpenSMTPD you can use bob+compa...@bobs.com, which is great. My existing server however already uses bob-compa...@bobs.com and on that system I can specify the character after which

Re: [Bulk] recipients and greyscanner

2014-08-13 Thread Kevin Chadwick
previously on this list Kevin Chadwick contributed: I may have come across some information about rewriting envelopes but I am struggling to find it right now. With OpenSMTPD you can use bob+compa...@bobs.com, which is great. My existing server however already uses bob-compa...@bobs.com

potential makemap man page improvements

2015-03-14 Thread Kevin Chadwick
Assuming it's correct I wonder if something along the lines of the following would improve the makemap man page virtual domains section. I tried a few different things to get majordomo and the power of virtual domains working, including a second deliver to mda before noticing the 'extension'

Re: Case sensitivity in automatic folder filtering by tag

2015-03-30 Thread Kevin Chadwick
On Sat, 28 Mar 2015 08:55:24 -0700 Seth wrote: If the filesystem supports case sensitivity then I can understand users expecting the current behaviour but it doesn't seem practical to me and I couldn't see a format specifier to lowercase deliveries to Maildir expanding to just TAG.

Re: Case sensitivity in automatic folder filtering by tag

2015-03-30 Thread Kevin Chadwick
On Sat, 28 Mar 2015 08:55:24 -0700 Seth wrote: If the filesystem supports case sensitivity then I can understand users expecting the current behaviour but it doesn't seem practical to me and I couldn't see a format specifier to lowercase deliveries to Maildir expanding to just TAG.

Re: Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-08 Thread Kevin Chadwick
On Wed, 08 Apr 2015 13:27:48 -0700 Seth wrote: Do you have a test email address we can try sending something to which uses that server? Sent privately Also, whether this hangs /usr/bin/openssl s_client -connect mx5.demon.co.uk:25 -starttls smtp -CAfile /etc/ssl/cert.pem Starttls.info

Re: Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-09 Thread Kevin Chadwick
On Wed, 08 Apr 2015 19:55:52 -0700 Seth wrote: Also, whether this hangs /usr/bin/openssl s_client -connect mx5.demon.co.uk:25 -starttls smtp -CAfile /etc/ssl/cert.pem I ran the command above on an OpenBSD 5.6-release host and it stopped responding at the 250 8BITMIME line at the

Should I add tls enforcement to issue 502

2015-04-09 Thread Kevin Chadwick
For a minute I thought the following was possible that my old server couldn't do. I know gpg is the solution but getting people to use it can sometimes be easy and sometimes impossible and so there are times when you are on the border of what you are comfortable sending in plain text. accept

Re: Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-09 Thread Kevin Chadwick
On Thu, 09 Apr 2015 09:54:17 -0700 Seth wrote: On my 5.6 box it stops at CONNECTED and the traffic shows client hello like for OpenSMTPD (well actually a certificate receipt can be seen in the encrypted traffic but not much more). Only thing I can think of is that you're running a

Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-08 Thread Kevin Chadwick
http://marc.info/?l=openbsd-miscm=142842356024311w=2 When I looked at the actual traffic it appeared that it gets one step further and the connection actually stops at OpenSMTPD sending a client hello via STARTTLS with no further response from the other side. If someone can say it happens to

Re: latest OpenSSL causes OpenSMTPD to segv

2016-02-02 Thread Kevin Chadwick
> This impact all users who upgrade to OpenSSL 1.0.2f and will cause smtpd > to crash as soon as the RSA engine is used (ie: whenever there's crypto) > > A quick workaround is to not upgrade to 1.0.2f yet and maybe ask OpenSSL > why a "patchlevel" release contains more than patches. > >

Debugging MySQL backend

2016-02-29 Thread Kevin Lemonnier
postfix), but I can't figure out what is wrong. Thanks ! Regards, Kevin Lemonnier -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Debugging MySQL backend

2016-03-01 Thread Kevin Lemonnier
to 1 nodes lookup: check "local" as NETADDR in table static: -> found lookup: check "domain.tld" as DOMAIN in table proc:vdomains -> found lookup: lookup "t...@domain.tld" as ALIAS in table proc:vusers -> "t...@domain.tld" debug: aliases_virtual_get: 't.

Re: please share your configuration files with us

2017-08-12 Thread Kevin Chadwick
I sent my elansys one direct, should I have posted it to the list?

Re: Password encryption

2017-08-07 Thread Kevin Chadwick
On Sun, 6 Aug 2017 14:32:16 +0200 > The next question would be ...why does it work for other ppl? I use system accounts and some scripts but if you need a database then I can't help. It's not actually that difficult once you work it out to sync system pwd.db files actually and you get the