Just curious if OpenSMTPD has any plans to swap out OpenSSL for LibReSSL
once the latter has been deemed stable enough.
--
Seth
I 3 nicely trimmed email replies
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr
implementation in that particular version of the product.
--
Seth
I 3 nicely trimmed email replies
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
I was inspired by the article below and want to implement this on the
OpenSMTPD servers I administer. Is this possible?
Stop Including Sender IPs in Email Headers
https://blog.ageispolis.net/page/4/
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe,
I think this particular issue might have been fixed by commit
https://github.com/OpenSMTPD/OpenSMTPD/commit/8bca141233921dcfee7b1fc734d376adb70ef044.
Can't be sure though because the build doesn't even get far enough to
compile tortls.c. It fails earlier with this error:
-compare
On Mon, 19 Jan 2015 15:14:14 -0800, Edgar Pettijohn
ed...@pettijohn-web.com wrote:
http://www.mail-archive.com/misc%40opensmtpd.org/msg01427.html
That gives the following error:
# /usr/sbin/smtpd -d
/etc/mail/smtpd.conf:16: invalid use of table dynamic:0 as HOSTNAMES
parameter
Looks like
On Sun, 18 Jan 2015 20:20:19 -0800, Seth l...@sysfu.com wrote:
https://github.com/OpenSMTPD/OpenSMTPD/issues/376
Related email threads
http://www.mail-archive.com/misc%40opensmtpd.org/msg00625.html
Declare your listener with a hostnames table and declare a pki entry for
every domain
On Tue, 20 Jan 2015 11:35:00 -0800, Benedikt Nießen
mailingli...@niessen.ch wrote:
The problem is that I don’t have control over the target Email server. I
need to redirect all email aliases to three addresses (not at the same
time).
ha...@abc.com = ha...@example.com
n...@cba.com =
On Sun, 18 Jan 2015 08:39:01 -0800, Edgar Pettijohn
ed...@pettijohn-web.com wrote:
I've been lurking on the list for a while, and I'm finally getting close
on my config to replace postfix/dovecot. However, I'm having some
issues. I'm pretty sure I want to use auth in a listener context,
On Tue, 10 Feb 2015 04:47:38 -0800, Gilles Chehade gil...@poolp.org
wrote:
People actually open an account at Gmail/Yahoo/Microsoft because they do
not give the slightest shit about these privacy concerns. They want mail
that gets sent when pressing a button, and they want it so bad that even
On Wed, 11 Feb 2015 13:21:30 -0800, Meutel meu...@meutel.net wrote:
I did some tests with a simple smtp.conf which relays everything via
gmail, and with a public nameserver instead of my local one.
table gmailcred file:/usr/local/etc/mail/gmailcred
accept from local for any relay via
On Sun, 15 Feb 2015 23:37:55 -0800, Hugo Osvaldo Barrera h...@barrera.io
wrote:
Any hints? My guess is that SSL is failing somewhere, but I don't know how
to
continue to track this down. Someone on the FreeBSD list suggested making
sure
that the CAs were installed, and they are - though I'm
On Thu, 12 Feb 2015 19:18:45 -0800, Josh Kunz joshk...@me.com wrote:
I'm trying to run an OpenSSMTPd + dovecot setup for two separate
domains. I'd like to be able to assign passwords based on the user and
the domain part of the address, and using actual email addresses as the
user names
On Tue, 17 Feb 2015 06:45:43 -0800, Alan Gilson agil...@otcgc.com wrote:
These are great, thanks folks. May I suggest that they be added to the
auto-footer for the group?
They're sort of common knowledge amongst most people that have been using
mailing lists for a while, but I guess that
On Mon, 16 Feb 2015 13:11:27 -0800, Hugo Osvaldo Barrera h...@barrera.io
wrote:
libressl.c:72:1: error: conflicting types for
'SSL_CTX_use_certificate_chain'
SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len)
^
/usr/local/include/openssl/ssl.h:1587:5: note: previous declaration
I'm in the process of switching out existing RSA Certificate Authority
server certificates for ECDSA (Elliptical Curve DSA) ones.
Are ECDSA certs supported by OpenSMTPD? Or does that depend completely on
the chosen SSL library, i.e. OpenSSL, LibreSSL, BoringSSL, etc?
--
You received this
On Mon, 16 Feb 2015 14:42:12 -0800, Hugo Osvaldo Barrera h...@barrera.io
wrote:
Oh, this works with mail/opensmtpd, but *not* mail/opensmtpd-devel.
Funny.
Build worked, but the same initial issue still happens:
Feb 16 22:40:00 hydrogen smtpd[43826]: smtp-in: New session
7530b8f4cbc97b60
On Mon, 16 Feb 2015 14:32:29 -0800, Hugo Osvaldo Barrera h...@barrera.io
wrote:
I hadn't been using portmaster (rather cd
/usr/ports/mail/opensmtpd-devel
make), but I got the same error using it too:
Sorry, I should have clarified that it works on FreeBSD 9.3 with the
OpenSMTPD 5.4.4
I administer an email system which uses a VPS running OpenSMTPD as the
public facing bit.
The VPS relays email to and from a separate OpenSMTPD mail server which is
located on premises. We'll call this the 'local' server.
The local server gets powered down every night, however this
On Tue, 27 Jan 2015 17:22:43 -0800, Edgar Pettijohn
ed...@pettijohn-web.com wrote:
*bounce-warn* /n/{*s*|*m*|*h*|*d*}[, /.../]
Specify the delays for which temporary failure reports must be
generated when messages are stuck in the queue. For example:
bounce-warn 1h, 6h, 2d
On Tue, 27 Jan 2015 20:18:04 -0800, Edgar Pettijohn
ed...@pettijohn-web.com wrote:
Still need to solve the problem of scheduling that big morning dump.
Of email.
cron
That's not really going to work because the power-up time could vary
between 2-4 hours. The mail needs to flow as soon as
On Tue, 27 Jan 2015 21:11:52 -0800, Sunil Nimmagadda
su...@nimmagadda.net wrote:
I was wondering what if your local server is the primary MX and
then your public server a backup MX. That way, whenever your local
server is online the mails end up directly in it and your backup
server
On Sun, 01 Feb 2015 11:57:01 -0800, Michael bele...@bsdmail.de wrote:
Rebuilding and reinstalling did not help. My current version is
OpenSMTPD 5.4.2p1.
smtpd -dv additionally shows the following:
debug: SSL library error: ssl_setup: error:26078067:engine
On Mon, 09 Feb 2015 13:28:03 -0800, brettm bre...@coiloptic.org wrote:
On Mon, 9 Feb 2015 12:02:06 +
skin...@britvault.co.uk (Craig Skinner) wrote:
|
| Neither can Goatmail, Snotmail, NSA, govt agencies, etc.
|
As far as we know, NSA etc cannot read other people's PGP encrypted
mail. I
On Mon, 16 Mar 2015 12:51:16 -0700, Eric Ripa e...@stickybit.se wrote:
One of the failing envelopes are below (this one was sent using Apple
mail but it doesn't seem to related as other clients are doing the same,
seemingly random).
Does the error occur frequently enough where you could
On Tue, 17 Mar 2015 01:17:24 -0700, Eric Ripa e...@stickybit.se wrote:
Hard to say because after a retry or two the mail goes through so I will
have to monitor it more closely. What traces are suitable for more
verbose output of smtp-out? Simply smtp?
I would start with 'smtpctl trace smtp'
Solved. This can be accomplished by setting environment variables with the
make command, no configure script needed.
Hat tip to Nick Mathewson from the Tor-relays mailing list for cluing me
in to this method.
$ sudo CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib make
$ sudo make
On Thu, 12 Mar 2015 07:14:11 -0700, Gonzalo tengoandr...@gmail.com wrote:
Mmm I have the same output..
El mar 11, 2015 11:31 PM, Seth l...@sysfu.com escribió:
Offhand I would say this is probably more of Dovecot delivery
configuration issue moreso than an OpenSMTPD one. I don't have much
On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote:
I did the following on my X-less installation of OpenBSD 5.6
- downloaded the two sets xetc56.tgz and xbase56.tgz
- added the sets according to the FAQ
http://www.openbsd.org/faq/faq4.html#AddFileSet
On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote:
I have not tried to remove the sets after installation however.
This command will remove the installation sets
$ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf
Obviously test it out first somewhere where it
On Thu, 12 Mar 2015 11:13:53 -0700, Seth l...@sysfu.com wrote:
On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote:
I have not tried to remove the sets after installation however.
This command will remove the installation sets
$ pax -vzf xetc56.tgz | awk '{ print $9
You might need to include a '${dest}' bit at the end of this smptd.conf
accept statement:
accept from any for domain dominios virtual usuariosv deliver to mda
/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}
Found a related LDA accept statement example here:
On Sat, 28 Mar 2015 07:14:20 -0700, Kevin Chadwick m8il1i...@gmail.com
wrote:
If the filesystem supports case sensitivity then I can understand users
expecting the current behaviour but it doesn't seem practical to me and
I couldn't see a format specifier to lowercase deliveries to Maildir
On Fri, 27 Feb 2015 01:47:16 -0800, Eric Faurot e...@faurot.net wrote:
I'll think how asr can be improved in the way you suggest. In the
meantime, the regression you see is actually due to the following
change in smtpd. Try without it. Note that it will also retreive
inet6 addresses, so you
On Sun, 01 Mar 2015 20:36:17 -0800, Jason Barbier jab...@serversave.us
wrote:
Custom bounce messages are in the issue tracker as I recall.
Maybe this is this ticket you're thinking of? Bounces without Bodies #429
[1]
I was thinking it would be convenient to simply use SPF records
On Mon, 04 May 2015 09:44:09 -0700, Daniel Pajonzeck li...@bitfactory.ws
wrote:
$ cat smtpd.conf
table aliases { root=pi, pi=f...@domain.tld }
accept for local alias aliases deliver to mbox
accept for any relay verify
$ smtpd -dv
/usr/local/etc/smtpd.conf:3: syntax error
If I change the
On Tue, 05 May 2015 13:11:32 -0700, Daniel Pajonzeck li...@bitfactory.ws
wrote:
I haven't tested if invalid certificates are rejected, but surprisingly
accept for any relay tls verify doesn't result in a syntax error.
This contradicts the manpage:
relay ... [tls | verify]
and
Note that the tls
On Tue, 05 May 2015 13:11:32 -0700, Daniel Pajonzeck li...@bitfactory.ws
wrote:
It's a man page bug, found this in the list archives
http://marc.info/?l=opensmtpd-miscm=142866776526943w=2
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail
On Sun, 10 May 2015 23:56:36 -0700, Gilles Chehade gil...@poolp.org
wrote:
I have spotted a logic error which explains your issue.
Without this, you cannot fallback to the default CA, you have to declare
your CA explicitely.
Can you apply the following diff ?
diff --git a/smtpd/lka.c
Came across this article the other day and was curious if OpenSMTPD can be
configured to address the vulnerability without using DNSSEC (ack!)
=
https://blog.filippo.io/the-sad-state-of-smtp-encryption/
Filippo Valsorda, 31 Mar 2015
THE
On Sat, 09 May 2015 07:37:13 -0700, Gilles Chehade gil...@poolp.org
wrote:
Hi,
We are preparing upcoming major release and there's been some invasive
updates since latest snapshot.
In particular these 3 parts require HEAVY testing:
- smtp and mta TLS setup can never be concurrent
On Tue, 12 May 2015 09:37:10 -0700, Gilles Chehade gil...@poolp.org
wrote:
Please try the snapshot I just published, it should fix your issue
The snapshot does, but a pull from the latest github version does not.
How far behind the snapshots does the Github repo lag?
--
You received this
On Fri, 15 May 2015 13:22:40 -0700, Gilles Chehade gil...@poolp.org
wrote:
This is now fixed in git, will be part of next snapshot to be published
this week-end
That did the trick, thanks.
BTW, if you're running FreeBSD and installing over a packaged version, you
probably need to remove
There's been some discussion on the list recently about using the 'relay
tls verify' to mitigate STARTTLS downgrade attacks. [1]
Gilles suggested using something like this in smtpd.conf as a protective
measure:
table validcrt file:/etc/mail/hosts-with-valid-certs
accept for domain validcrt
On Mon, 11 May 2015 17:45:47 -0700, Kevin Chadwick m8il1i...@gmail.com
wrote:
I wonder what is best more likely and easier to accomplish or gain
traction.
SMTPS or DNSSEC
DNSSEC causes problems but people seem to be wanting it enough to
implement it anyway, though many providers still
On Wed, 15 Apr 2015 08:30:06 -0700, JC PAROLA
cont...@sels-ingenierie.com wrote:
hi,
i configure openstpd on openBSD 5.6 whith vitual users and smt pauth.
i want to configure vacation but i dont find any information on man or
google
opensmtpd have this feature ?
There was a thread
On Thu, 09 Apr 2015 02:06:58 -0700, Kevin Chadwick m8il1i...@gmail.com
wrote:
Hmm, now I am puzzled as that is what should happen. You don't
have /usr/bin/openssl and /usr/sbin/openssl installed do you? I guess
you ran the same as above but /usr/sbin on 5.6 as it has moved
to /usr/bin/ on 5.7
On Wed, 08 Apr 2015 12:16:49 -0700, Kevin Chadwick m8il1i...@gmail.com
wrote:
http://marc.info/?l=openbsd-miscm=142842356024311w=2
When I looked at the actual traffic it appeared that it gets one step
further and the connection actually stops at OpenSMTPD sending a client
hello via STARTTLS
On Mon, 09 Mar 2015 16:05:28 -0700, Seth l...@sysfu.com wrote:
Solved. This can be accomplished by setting environment variables with
the make command, no configure script needed.
Hat tip to Nick Mathewson from the Tor-relays mailing list for cluing me
in to this method.
$ sudo CFLAGS=-I
On Wed, 01 Jul 2015 23:18:11 -0700, Seth l...@sysfu.com wrote:
The only outstanding issue I can think of is how to distinguish between
patch versions, e.g. 5.7.1 vs 5.7.1p1
Disregard that dumb question, realized that p1 stands for portable, been a
long day.
This is the command I'm using
I discovered I had thousands of message stuck in my queue from running
some stress tests earlier which needed removal. Apparently the 'smtpctl
remove evpid|msgid' command does not support wild cards.
Instead, I changed to /var/spool/smtpd/queue and ran this command with
root privs:
#
On Wed, 01 Jul 2015 17:33:38 -0700, Seth l...@sysfu.com wrote:
Dennis F (ledeuns@github) informs me that the smptd version number can be
obtained via the following command 'smtpd -h'. It appears that this switch
is currently undocumented in the smtpd man page.
The only outstanding issue I
I'd like to revisit github issue #283 [1] feature: show program version
In a nutshell I'm trying to create some OpenSMTPD version tests for the
Ansible config mgmt system, and grepping the logs for the version has the
following problems
1) Version number could be in uncompressed or gzipped
On Wed, 15 Oct 2014 12:33:50 -0700, Gilles Chehade gil...@poolp.org
wrote:
Hi,
As you may know, SSLv3 has been pushed into end of life.
While SSL libraries are working this out, I committed a fix to disable
it explicitely in our code just in case someone builds it against some
On Mon, 29 Jun 2015 12:46:08 -0700, Gilles Chehade gil...@poolp.org
wrote:
The subject being:
Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4
libraries
The original issue from March concerned LibresSL 2.1.4, which was solved
with the CFLAGS LDFLAGS workaround. The
On Mon, 29 Jun 2015 09:38:54 -0700, Gilles Chehade gil...@poolp.org
wrote:
Can you show me the build error ?
Ran 'sudo CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib make' 'from
opensmtpd-5.7.1-rc1/smtpd' dir and there were no errors.
Log of make output attached.
On Mon, 29 Jun 2015 12:55:21 -0700, Gilles Chehade gil...@poolp.org
wrote:
what is is that you experience in this setup ?
it builds but fails at startup ?
It build and runs fine, however the binaries is not linked to the latest
libssl in /usr/local/lib. Only the libcrypto lib is correctly
On Mon, 29 Jun 2015 12:55:21 -0700, Gilles Chehade gil...@poolp.org
wrote:
what is is that you experience in this setup ?
I should add that I would like OpenSMTPD to detect and build against the
latest installed LibreSSL libraries automatically without requiring any
manual CFLAGS/LDFLAGS
On Mon, 29 Jun 2015 09:38:54 -0700, Gilles Chehade gil...@poolp.org
wrote:
You installed LibreSSL 2.2.0 on top of OpenBSD 5.7 ?
Correct
Previous versions worked ?
If you mean OpenSMTPD would compile with updated LibreSSL libraries when
using the CFLAGS and LDFLAGS were needed as described
Copying my comment on this ticket[1] to the list for discussion
---
I would like to re-open discussion on this issue for a different use case:
In light of more vulnerabilities discovered in the TLSv1.0 protocol since
Dec 2013, I no longer feel it provides acceptable security and would like
On Mon, 27 Jul 2015 12:53:19 -0700, Török Edwin ed...@etorok.net wrote:
Would this be for incoming or outgoing connections?
It's the incoming that I'm primarily concerned with, but that's a good
point to raise. Should the setting effect both directions or be applied
independently?
For
On Mon, 27 Jul 2015 19:40:39 -0700, SSL tuy...@aoiyuma.mydns.jp wrote:
i am afraid of being attacked .
so i want to limit PCs in japan only (if japanese PC is hacked , this
setting in not safe ) .
It would probably be more appropriate and effective to use a firewall such
as OpenBSD's pf to
On Sun, 26 Jul 2015 08:03:45 -0700, Edgar Pettijohn
ed...@pettijohn-web.com wrote:
# smtpd -d
If so add some v's:
# smtpd -d
Do the extra stmpd 'v' flags produce more verbose output on all platforms?
I just tried this on Arch linux and can't tell that smptd -d yields
any more
On Sat, 25 Jul 2015 01:27:00 -0700, Herbert J. Skuhra
herb...@oslo.ath.cx wrote:
anyone else who is running OpenSMTPD on FreeBSD receive broken
e-mails? In tcpdump/wireshark the message looks ok, but in the trace log
the lines are broken. Receiving the same message with Postfix works!
I
On Wed, 14 Oct 2015 05:45:05 -0700, Allyn Bottorff
wrote:
Unless you use a service that actually provides it, a target will do
absolutely nothing on its own. So how is using the proper things "not
an ideal solution"?
Systemd's own networkd should provide that
On Sat, 10 Oct 2015 07:44:51 -0700, Allyn Bottorff
wrote:
Because 'network.target' doesn't actually wait for any of the interfaces
to be up - what you want is 'network-online.target'[0].
Regards,
Raf
[0] https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/
On Fri, 09 Oct 2015 13:19:32 -0700, Allyn Bottorff
wrote:
Greetings,
I've been running an OpenSMTPD server for a while now on an ArchLinux
server and I've noticed some strange behavior. When I reboot the server,
smptd crashes on startup. If I restart the service
I'm searching for additional ways to combat spam and looking into using
reverse DNS lookups as a tool for doing so.
What do others think of using rDNS lookups as an anti-spam tactic?
If rDNS lookups are worthwhile, where would the most appropriate place to
implement them be; spamd or the
On Thu, 09 Jul 2015 11:58:38 -0700, Herbert J. Skuhra
herb...@oslo.ath.cx wrote:
CONFIG
pki domain.tld certificate /etc/smtpd/tls/smtpd.crt
pki domain.tld key/etc/smtpd/tls/smtpd.key
table vdoms /etc/smtpd/vdoms
table vusers /etc/smtpd/vusers
On Sat, 26 Sep 2015 15:04:38 -0700, Holger Jahn <li...@loomsday.co.nz>
wrote:
Thanks for your reply, Seth.
For the sake of argument, simply assume for a moment that no system
logger is present and/or can be installed.
Is there a way to set up logging specifically for OpenSMTP
On Thu, 24 Sep 2015 17:38:40 -0700, Holger Jahn
wrote:
After installing the latest portable version 5.7.1p1 on Arch Linux, I
was wondering how to set a log file for SMTPD. I am running a virtual
server with no syslog running, i.e. I would like to specify my own log
On Sat, 09 Jan 2016 03:57:24 -0800, Clint Pachl wrote:
Tom Smyth wrote on 01/08/16 16:40:
Besides do we want to have a mail system that is so secure that a large
portion of legacy systems cant negotiate security and therefore cant
send mail to our servers...
I think
Can someone please commit Sunil's patch below to the main code base when
they get a chance?
Removing all the spammer's bogus email destinations from my queue one at a
time is painful.
On Thu, 02 Jul 2015 01:44:10 -0700, Sunil Nimmagadda
wrote:
As far I can see,
I'm running into an issue on an OpenSMTPD mail server where the mail
client cannot successfully authenticate via SMTP auth on port 587 when the
username is longer than 31 characters.
Happens with both Mailbird and Thunderbird email clients.
These are the errors that show up in the logs when
I've been running several OpenSMPTD servers on OpenBSD for a while now
without using the /etc/aliases file.
I'm having issues however with annoying email being generated from the
r...@mx.domain.tld and mailer-dae...@mx.domain.tld addresses which get
stuck in the delivery queue because I
On Sun, 17 Apr 2016 09:59:07 -0700, Gilles Chehade
wrote:
With an elliptic key opensmtpd won't start. I have attached the config,
the debug output and my used EC cert+key attached (both are only self
signed test certs).
I would kindly ask, if someone has some time to
On Thu, 12 May 2016 09:01:10 -0700, Gilles Chehade
wrote:
Do test asap, the longer we lock on 5.9.2, the longer we are not doing
new OpenSMTPD work.
Forgot to ask: Will this release candidate 'play nice' with
opensmtpd-extras-201602042118?
--
You received this mail
76 matches
Mail list logo