Does the OpenSMTPD project have any plans to from OpenSSL to LibReSSL?

2014-07-15 Thread Seth
Just curious if OpenSMTPD has any plans to swap out OpenSSL for LibReSSL once the latter has been deemed stable enough. -- Seth I 3 nicely trimmed email replies -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr

Re: Invalid command: Pipelining not supported

2014-11-08 Thread Seth
implementation in that particular version of the product. -- Seth I 3 nicely trimmed email replies -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

excluding sender IPs in email headers

2014-12-11 Thread Seth
I was inspired by the article below and want to implement this on the OpenSMTPD servers I administer. Is this possible? Stop Including Sender IPs in Email Headers https://blog.ageispolis.net/page/4/ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe,

Re: snapshot build against LibreSSL 2.1.3 error: previous declaration of 'SSL_CTX_use_certificate_chain' was here

2015-02-03 Thread Seth
I think this particular issue might have been fixed by commit https://github.com/OpenSMTPD/OpenSMTPD/commit/8bca141233921dcfee7b1fc734d376adb70ef044. Can't be sure though because the build doesn't even get far enough to compile tortls.c. It fails earlier with this error: -compare

Re: a few more questions

2015-01-19 Thread Seth
On Mon, 19 Jan 2015 15:14:14 -0800, Edgar Pettijohn ed...@pettijohn-web.com wrote: http://www.mail-archive.com/misc%40opensmtpd.org/msg01427.html That gives the following error: # /usr/sbin/smtpd -d /etc/mail/smtpd.conf:16: invalid use of table dynamic:0 as HOSTNAMES parameter Looks like

Re: a few more questions

2015-01-18 Thread Seth
On Sun, 18 Jan 2015 20:20:19 -0800, Seth l...@sysfu.com wrote: https://github.com/OpenSMTPD/OpenSMTPD/issues/376 Related email threads http://www.mail-archive.com/misc%40opensmtpd.org/msg00625.html Declare your listener with a hostnames table and declare a pki entry for every domain

Re: Is my virtual user configuration correct?

2015-01-20 Thread Seth
On Tue, 20 Jan 2015 11:35:00 -0800, Benedikt Nießen mailingli...@niessen.ch wrote: The problem is that I don’t have control over the target Email server. I need to redirect all email aliases to three addresses (not at the same time). ha...@abc.com = ha...@example.com n...@cba.com =

Re: auth/auth-optional

2015-01-18 Thread Seth
On Sun, 18 Jan 2015 08:39:01 -0800, Edgar Pettijohn ed...@pettijohn-web.com wrote: I've been lurking on the list for a while, and I'm finally getting close on my config to replace postfix/dovecot. However, I'm having some issues. I'm pretty sure I want to use auth in a listener context,

Re: Lavabit like encryption with OpenSMTPD

2015-02-10 Thread Seth
On Tue, 10 Feb 2015 04:47:38 -0800, Gilles Chehade gil...@poolp.org wrote: People actually open an account at Gmail/Yahoo/Microsoft because they do not give the slightest shit about these privacy concerns. They want mail that gets sent when pressing a button, and they want it so bad that even

Re: relay via: No MX found for domain

2015-02-11 Thread Seth
On Wed, 11 Feb 2015 13:21:30 -0800, Meutel meu...@meutel.net wrote: I did some tests with a simple smtp.conf which relays everything via gmail, and with a public nameserver instead of my local one. table gmailcred file:/usr/local/etc/mail/gmailcred accept from local for any relay via

Re: SSL: fatal access denied with opensmtpd on freebsd

2015-02-16 Thread Seth
On Sun, 15 Feb 2015 23:37:55 -0800, Hugo Osvaldo Barrera h...@barrera.io wrote: Any hints? My guess is that SSL is failing somewhere, but I don't know how to continue to track this down. Someone on the FreeBSD list suggested making sure that the CAs were installed, and they are - though I'm

Re: Virtual users with valid email addresses for usernames?

2015-02-12 Thread Seth
On Thu, 12 Feb 2015 19:18:45 -0800, Josh Kunz joshk...@me.com wrote: I'm trying to run an OpenSSMTPd + dovecot setup for two separate domains. I'd like to be able to assign passwords based on the user and the domain part of the address, and using actual email addresses as the user names

Re: Mail archive

2015-02-17 Thread Seth
On Tue, 17 Feb 2015 06:45:43 -0800, Alan Gilson agil...@otcgc.com wrote: These are great, thanks folks. May I suggest that they be added to the auto-footer for the group? They're sort of common knowledge amongst most people that have been using mailing lists for a while, but I guess that

Re: SSL: fatal access denied with opensmtpd on freebsd

2015-02-16 Thread Seth
On Mon, 16 Feb 2015 13:11:27 -0800, Hugo Osvaldo Barrera h...@barrera.io wrote: libressl.c:72:1: error: conflicting types for 'SSL_CTX_use_certificate_chain' SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len) ^ /usr/local/include/openssl/ssl.h:1587:5: note: previous declaration

Support for ECDSA CA server certificates

2015-02-17 Thread Seth
I'm in the process of switching out existing RSA Certificate Authority server certificates for ECDSA (Elliptical Curve DSA) ones. Are ECDSA certs supported by OpenSMTPD? Or does that depend completely on the chosen SSL library, i.e. OpenSSL, LibreSSL, BoringSSL, etc? -- You received this

Re: SSL: fatal access denied with opensmtpd on freebsd

2015-02-16 Thread Seth
On Mon, 16 Feb 2015 14:42:12 -0800, Hugo Osvaldo Barrera h...@barrera.io wrote: Oh, this works with mail/opensmtpd, but *not* mail/opensmtpd-devel. Funny. Build worked, but the same initial issue still happens: Feb 16 22:40:00 hydrogen smtpd[43826]: smtp-in: New session 7530b8f4cbc97b60

Re: SSL: fatal access denied with opensmtpd on freebsd

2015-02-16 Thread Seth
On Mon, 16 Feb 2015 14:32:29 -0800, Hugo Osvaldo Barrera h...@barrera.io wrote: I hadn't been using portmaster (rather cd /usr/ports/mail/opensmtpd-devel make), but I got the same error using it too: Sorry, I should have clarified that it works on FreeBSD 9.3 with the OpenSMTPD 5.4.4

Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Seth
I administer an email system which uses a VPS running OpenSMTPD as the public facing bit. The VPS relays email to and from a separate OpenSMTPD mail server which is located on premises. We'll call this the 'local' server. The local server gets powered down every night, however this

Re: Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Seth
On Tue, 27 Jan 2015 17:22:43 -0800, Edgar Pettijohn ed...@pettijohn-web.com wrote: *bounce-warn* /n/{*s*|*m*|*h*|*d*}[, /.../] Specify the delays for which temporary failure reports must be generated when messages are stuck in the queue. For example: bounce-warn 1h, 6h, 2d

Re: Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Seth
On Tue, 27 Jan 2015 20:18:04 -0800, Edgar Pettijohn ed...@pettijohn-web.com wrote: Still need to solve the problem of scheduling that big morning dump. Of email. cron That's not really going to work because the power-up time could vary between 2-4 hours. The mail needs to flow as soon as

Re: Best way to relay mail to a server with intermittent connectivity

2015-01-27 Thread Seth
On Tue, 27 Jan 2015 21:11:52 -0800, Sunil Nimmagadda su...@nimmagadda.net wrote: I was wondering what if your local server is the primary MX and then your public server a backup MX. That way, whenever your local server is online the mails end up directly in it and your backup server

Re: fatal: smtp_setup_events: ssl_setup failure: No such file or directory

2015-02-01 Thread Seth
On Sun, 01 Feb 2015 11:57:01 -0800, Michael bele...@bsdmail.de wrote: Rebuilding and reinstalling did not help. My current version is OpenSMTPD 5.4.2p1. smtpd -dv additionally shows the following: debug: SSL library error: ssl_setup: error:26078067:engine

Re: Lavabit like encryption with OpenSMTPD

2015-02-09 Thread Seth
On Mon, 09 Feb 2015 13:28:03 -0800, brettm bre...@coiloptic.org wrote: On Mon, 9 Feb 2015 12:02:06 + skin...@britvault.co.uk (Craig Skinner) wrote: | | Neither can Goatmail, Snotmail, NSA, govt agencies, etc. | As far as we know, NSA etc cannot read other people's PGP encrypted mail. I

Re: How to debug Bad response: line too short?

2015-03-16 Thread Seth
On Mon, 16 Mar 2015 12:51:16 -0700, Eric Ripa e...@stickybit.se wrote: One of the failing envelopes are below (this one was sent using Apple mail but it doesn't seem to related as other clients are doing the same, seemingly random). Does the error occur frequently enough where you could

Re: How to debug Bad response: line too short?

2015-03-17 Thread Seth
On Tue, 17 Mar 2015 01:17:24 -0700, Eric Ripa e...@stickybit.se wrote: Hard to say because after a retry or two the mail goes through so I will have to monitor it more closely. What traces are suitable for more verbose output of smtp-out? Simply smtp? I would start with 'smtpctl trace smtp'

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-03-09 Thread Seth
Solved. This can be accomplished by setting environment variables with the make command, no configure script needed. Hat tip to Nick Mathewson from the Tor-relays mailing list for cluing me in to this method. $ sudo CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib make $ sudo make

Re: Virtual domains

2015-03-12 Thread Seth
On Thu, 12 Mar 2015 07:14:11 -0700, Gonzalo tengoandr...@gmail.com wrote: Mmm I have the same output.. El mar 11, 2015 11:31 PM, Seth l...@sysfu.com escribió: Offhand I would say this is probably more of Dovecot delivery configuration issue moreso than an OpenSMTPD one. I don't have much

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth
On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote: I did the following on my X-less installation of OpenBSD 5.6 - downloaded the two sets xetc56.tgz and xbase56.tgz - added the sets according to the FAQ http://www.openbsd.org/faq/faq4.html#AddFileSet

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth
On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote: I have not tried to remove the sets after installation however. This command will remove the installation sets $ pax -vzf xetc56.tgz | awk '{ print $9}'| sudo xargs rm -rf Obviously test it out first somewhere where it

Re: Building dkimproxy on headless OpenBSD server with no X install sets

2015-03-12 Thread Seth
On Thu, 12 Mar 2015 11:13:53 -0700, Seth l...@sysfu.com wrote: On Thu, 12 Mar 2015 09:54:52 -0700, Eric Ripa e...@stickybit.se wrote: I have not tried to remove the sets after installation however. This command will remove the installation sets $ pax -vzf xetc56.tgz | awk '{ print $9

Re: Virtual domains

2015-03-11 Thread Seth
You might need to include a '${dest}' bit at the end of this smptd.conf accept statement: accept from any for domain dominios virtual usuariosv deliver to mda /usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} Found a related LDA accept statement example here:

Re: Case sensitivity in automatic folder filtering by tag

2015-03-28 Thread Seth
On Sat, 28 Mar 2015 07:14:20 -0700, Kevin Chadwick m8il1i...@gmail.com wrote: If the filesystem supports case sensitivity then I can understand users expecting the current behaviour but it doesn't seem practical to me and I couldn't see a format specifier to lowercase deliveries to Maildir

Re: opensmtpd 5.4.4 in freebsd 9 jail

2015-02-27 Thread Seth
On Fri, 27 Feb 2015 01:47:16 -0800, Eric Faurot e...@faurot.net wrote: I'll think how asr can be improved in the way you suggest. In the meantime, the regression you see is actually due to the following change in smtpd. Try without it. Note that it will also retreive inet6 addresses, so you

Re: Custom bounce messages for messages sent from NSA PRISM program providers

2015-03-01 Thread Seth
On Sun, 01 Mar 2015 20:36:17 -0800, Jason Barbier jab...@serversave.us wrote: Custom bounce messages are in the issue tracker as I recall. Maybe this is this ticket you're thinking of? Bounces without Bodies #429 [1] I was thinking it would be convenient to simply use SPF records

Re: relay verify produces syntax error

2015-05-04 Thread Seth
On Mon, 04 May 2015 09:44:09 -0700, Daniel Pajonzeck li...@bitfactory.ws wrote: $ cat smtpd.conf table aliases { root=pi, pi=f...@domain.tld } accept for local alias aliases deliver to mbox accept for any relay verify $ smtpd -dv /usr/local/etc/smtpd.conf:3: syntax error If I change the

Re: relay verify produces syntax error

2015-05-05 Thread Seth
On Tue, 05 May 2015 13:11:32 -0700, Daniel Pajonzeck li...@bitfactory.ws wrote: I haven't tested if invalid certificates are rejected, but surprisingly accept for any relay tls verify doesn't result in a syntax error. This contradicts the manpage: relay ... [tls | verify] and Note that the tls

Re: relay verify produces syntax error

2015-05-05 Thread Seth
On Tue, 05 May 2015 13:11:32 -0700, Daniel Pajonzeck li...@bitfactory.ws wrote: It's a man page bug, found this in the list archives http://marc.info/?l=opensmtpd-miscm=142866776526943w=2 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail

Re: [IMPORTANT] latest snapshot - certificate check failed issue

2015-05-11 Thread Seth
On Sun, 10 May 2015 23:56:36 -0700, Gilles Chehade gil...@poolp.org wrote: I have spotted a logic error which explains your issue. Without this, you cannot fallback to the default CA, you have to declare your CA explicitely. Can you apply the following diff ? diff --git a/smtpd/lka.c

THE SAD STATE OF SMTP ENCRYPTION - is OpenSMTPD also vulnerable?

2015-05-11 Thread Seth
Came across this article the other day and was curious if OpenSMTPD can be configured to address the vulnerability without using DNSSEC (ack!) = https://blog.filippo.io/the-sad-state-of-smtp-encryption/ Filippo Valsorda, 31 Mar 2015 THE

Re: [IMPORTANT] latest snapshot - certificate check failed issue

2015-05-09 Thread Seth
On Sat, 09 May 2015 07:37:13 -0700, Gilles Chehade gil...@poolp.org wrote: Hi, We are preparing upcoming major release and there's been some invasive updates since latest snapshot. In particular these 3 parts require HEAVY testing: - smtp and mta TLS setup can never be concurrent

Re: Latest portable snapshot not sending emails.

2015-05-12 Thread Seth
On Tue, 12 May 2015 09:37:10 -0700, Gilles Chehade gil...@poolp.org wrote: Please try the snapshot I just published, it should fix your issue The snapshot does, but a pull from the latest github version does not. How far behind the snapshots does the Github repo lag? -- You received this

Re: [OpenSMTPD] portable snapshot opensmtpd-201505121836p1 available

2015-05-15 Thread Seth
On Fri, 15 May 2015 13:22:40 -0700, Gilles Chehade gil...@poolp.org wrote: This is now fixed in git, will be part of next snapshot to be published this week-end That did the trick, thanks. BTW, if you're running FreeBSD and installing over a packaged version, you probably need to remove

TLS Policy Database and the 'relay tls verify' option....like peas and carrots?

2015-05-15 Thread Seth
There's been some discussion on the list recently about using the 'relay tls verify' to mitigate STARTTLS downgrade attacks. [1] Gilles suggested using something like this in smtpd.conf as a protective measure: table validcrt file:/etc/mail/hosts-with-valid-certs accept for domain validcrt

Re: THE SAD STATE OF SMTP ENCRYPTION - is OpenSMTPD also vulnerable?

2015-05-12 Thread Seth
On Mon, 11 May 2015 17:45:47 -0700, Kevin Chadwick m8il1i...@gmail.com wrote: I wonder what is best more likely and easier to accomplish or gain traction. SMTPS or DNSSEC DNSSEC causes problems but people seem to be wanting it enough to implement it anyway, though many providers still

Re: Vacation

2015-04-15 Thread Seth
On Wed, 15 Apr 2015 08:30:06 -0700, JC PAROLA cont...@sels-ingenierie.com wrote: hi, i configure openstpd on openBSD 5.6 whith vitual users and smt pauth. i want to configure vacation but i dont find any information on man or google opensmtpd have this feature ? There was a thread

Re: Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-09 Thread Seth
On Thu, 09 Apr 2015 02:06:58 -0700, Kevin Chadwick m8il1i...@gmail.com wrote: Hmm, now I am puzzled as that is what should happen. You don't have /usr/bin/openssl and /usr/sbin/openssl installed do you? I guess you ran the same as above but /usr/sbin on 5.6 as it has moved to /usr/bin/ on 5.7

Re: Slight correction on Does anyone else have an issue establishing a starttls to this host.

2015-04-08 Thread Seth
On Wed, 08 Apr 2015 12:16:49 -0700, Kevin Chadwick m8il1i...@gmail.com wrote: http://marc.info/?l=openbsd-miscm=142842356024311w=2 When I looked at the actual traffic it appeared that it gets one step further and the connection actually stops at OpenSMTPD sending a client hello via STARTTLS

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-22 Thread Seth
On Mon, 09 Mar 2015 16:05:28 -0700, Seth l...@sysfu.com wrote: Solved. This can be accomplished by setting environment variables with the make command, no configure script needed. Hat tip to Nick Mathewson from the Tor-relays mailing list for cluing me in to this method. $ sudo CFLAGS=-I

Re: revisiting 'feature: show program version' request for configuration management testing purposes

2015-07-02 Thread Seth
On Wed, 01 Jul 2015 23:18:11 -0700, Seth l...@sysfu.com wrote: The only outstanding issue I can think of is how to distinguish between patch versions, e.g. 5.7.1 vs 5.7.1p1 Disregard that dumb question, realized that p1 stands for portable, been a long day. This is the command I'm using

Recommended method for blasting the queue clean- can smtpctl be used?

2015-07-02 Thread Seth
I discovered I had thousands of message stuck in my queue from running some stress tests earlier which needed removal. Apparently the 'smtpctl remove evpid|msgid' command does not support wild cards. Instead, I changed to /var/spool/smtpd/queue and ran this command with root privs: #

Re: revisiting 'feature: show program version' request for configuration management testing purposes

2015-07-02 Thread Seth
On Wed, 01 Jul 2015 17:33:38 -0700, Seth l...@sysfu.com wrote: Dennis F (ledeuns@github) informs me that the smptd version number can be obtained via the following command 'smtpd -h'. It appears that this switch is currently undocumented in the smtpd man page. The only outstanding issue I

revisiting 'feature: show program version' request for configuration management testing purposes

2015-07-01 Thread Seth
I'd like to revisit github issue #283 [1] feature: show program version In a nutshell I'm trying to create some OpenSMTPD version tests for the Ansible config mgmt system, and grepping the logs for the version has the following problems 1) Version number could be in uncompressed or gzipped

Re: That SSLv3 thing

2015-08-16 Thread Seth
On Wed, 15 Oct 2014 12:33:50 -0700, Gilles Chehade gil...@poolp.org wrote: Hi, As you may know, SSLv3 has been pushed into end of life. While SSL libraries are working this out, I committed a fix to disable it explicitely in our code just in case someone builds it against some

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-29 Thread Seth
On Mon, 29 Jun 2015 12:46:08 -0700, Gilles Chehade gil...@poolp.org wrote: The subject being: Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries The original issue from March concerned LibresSL 2.1.4, which was solved with the CFLAGS LDFLAGS workaround. The

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-29 Thread Seth
On Mon, 29 Jun 2015 09:38:54 -0700, Gilles Chehade gil...@poolp.org wrote: Can you show me the build error ? Ran 'sudo CFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib make' 'from opensmtpd-5.7.1-rc1/smtpd' dir and there were no errors. Log of make output attached.

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-29 Thread Seth
On Mon, 29 Jun 2015 12:55:21 -0700, Gilles Chehade gil...@poolp.org wrote: what is is that you experience in this setup ? it builds but fails at startup ? It build and runs fine, however the binaries is not linked to the latest libssl in /usr/local/lib. Only the libcrypto lib is correctly

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-29 Thread Seth
On Mon, 29 Jun 2015 12:55:21 -0700, Gilles Chehade gil...@poolp.org wrote: what is is that you experience in this setup ? I should add that I would like OpenSMTPD to detect and build against the latest installed LibreSSL libraries automatically without requiring any manual CFLAGS/LDFLAGS

Re: OpenSMTPD build process does not recognize newer LibreSSL 2.1.4 libraries

2015-06-29 Thread Seth
On Mon, 29 Jun 2015 09:38:54 -0700, Gilles Chehade gil...@poolp.org wrote: You installed LibreSSL 2.2.0 on top of OpenBSD 5.7 ? Correct Previous versions worked ? If you mean OpenSMTPD would compile with updated LibreSSL libraries when using the CFLAGS and LDFLAGS were needed as described

Revisiting Issue #359 - Allow OpenSSL options to be specified

2015-07-27 Thread Seth
Copying my comment on this ticket[1] to the list for discussion --- I would like to re-open discussion on this issue for a different use case: In light of more vulnerabilities discovered in the TLSv1.0 protocol since Dec 2013, I no longer feel it provides acceptable security and would like

Re: Revisiting Issue #359 - Allow OpenSSL options to be specified

2015-07-27 Thread Seth
On Mon, 27 Jul 2015 12:53:19 -0700, Török Edwin ed...@etorok.net wrote: Would this be for incoming or outgoing connections? It's the incoming that I'm primarily concerned with, but that's a good point to raise. Should the setting effect both directions or be applied independently? For

Re: SSL/TLS

2015-07-27 Thread Seth
On Mon, 27 Jul 2015 19:40:39 -0700, SSL tuy...@aoiyuma.mydns.jp wrote: i am afraid of being attacked . so i want to limit PCs in japan only (if japanese PC is hacked , this setting in not safe ) . It would probably be more appropriate and effective to use a firewall such as OpenBSD's pf to

Re: [Extras] Problems with sqlite tables

2015-07-26 Thread Seth
On Sun, 26 Jul 2015 08:03:45 -0700, Edgar Pettijohn ed...@pettijohn-web.com wrote: # smtpd -d If so add some v's: # smtpd -d Do the extra stmpd 'v' flags produce more verbose output on all platforms? I just tried this on Arch linux and can't tell that smptd -d yields any more

Re: Receiving broken e-mails?

2015-07-25 Thread Seth
On Sat, 25 Jul 2015 01:27:00 -0700, Herbert J. Skuhra herb...@oslo.ath.cx wrote: anyone else who is running OpenSMTPD on FreeBSD receive broken e-mails? In tcpdump/wireshark the message looks ok, but in the trace log the lines are broken. Receiving the same message with Postfix works! I

Re: smtpd fails on automatic startup

2015-10-14 Thread Seth
On Wed, 14 Oct 2015 05:45:05 -0700, Allyn Bottorff wrote: Unless you use a service that actually provides it, a target will do absolutely nothing on its own. So how is using the proper things "not an ideal solution"? Systemd's own networkd should provide that

Re: smtpd fails on automatic startup

2015-10-10 Thread Seth
On Sat, 10 Oct 2015 07:44:51 -0700, Allyn Bottorff wrote: Because 'network.target' doesn't actually wait for any of the interfaces to be up - what you want is 'network-online.target'[0]. Regards, Raf [0] https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/

Re: smtpd fails on automatic startup

2015-10-09 Thread Seth
On Fri, 09 Oct 2015 13:19:32 -0700, Allyn Bottorff wrote: Greetings, I've been running an OpenSMTPD server for a while now on an ArchLinux server and I've noticed some strange behavior. When I reboot the server, smptd crashes on startup. If I restart the service

adding rDNS check feature to OpenSMTPD

2015-07-08 Thread Seth
I'm searching for additional ways to combat spam and looking into using reverse DNS lookups as a tool for doing so. What do others think of using rDNS lookups as an anti-spam tactic? If rDNS lookups are worthwhile, where would the most appropriate place to implement them be; spamd or the

Re: Emails not forwarding to external addresses

2015-07-09 Thread Seth
On Thu, 09 Jul 2015 11:58:38 -0700, Herbert J. Skuhra herb...@oslo.ath.cx wrote: CONFIG pki domain.tld certificate /etc/smtpd/tls/smtpd.crt pki domain.tld key/etc/smtpd/tls/smtpd.key table vdoms /etc/smtpd/vdoms table vusers /etc/smtpd/vusers

Re: Log file on Linux?

2015-09-26 Thread Seth
On Sat, 26 Sep 2015 15:04:38 -0700, Holger Jahn <li...@loomsday.co.nz> wrote: Thanks for your reply, Seth. For the sake of argument, simply assume for a moment that no system logger is present and/or can be installed. Is there a way to set up logging specifically for OpenSMTP

Re: Log file on Linux?

2015-09-26 Thread Seth
On Thu, 24 Sep 2015 17:38:40 -0700, Holger Jahn wrote: After installing the latest portable version 5.7.1p1 on Arch Linux, I was wondering how to set a log file for SMTPD. I am running a virtual server with no syslog running, i.e. I would like to specify my own log

Re: The death of TLSv1.0

2016-01-09 Thread Seth
On Sat, 09 Jan 2016 03:57:24 -0800, Clint Pachl wrote: Tom Smyth wrote on 01/08/16 16:40: Besides do we want to have a mail system that is so secure that a large portion of legacy systems cant negotiate security and therefore cant send mail to our servers... I think

Re: Recommended method for blasting the queue clean- can smtpctl be used?

2016-02-23 Thread Seth
Can someone please commit Sunil's patch below to the main code base when they get a chance? Removing all the spammer's bogus email destinations from my queue one at a time is painful. On Thu, 02 Jul 2015 01:44:10 -0700, Sunil Nimmagadda wrote: As far I can see,

apparent 31 character username limit for smtp auth

2016-03-12 Thread Seth
I'm running into an issue on an OpenSMTPD mail server where the mail client cannot successfully authenticate via SMTP auth on port 587 when the username is longer than 31 characters. Happens with both Mailbird and Thunderbird email clients. These are the errors that show up in the logs when

Is the /etc/aliases file an anachronism on modern systems running OpenSMTPD?

2016-03-23 Thread Seth
I've been running several OpenSMPTD servers on OpenBSD for a while now without using the /etc/aliases file. I'm having issues however with annoying email being generated from the r...@mx.domain.tld and mailer-dae...@mx.domain.tld addresses which get stuck in the delivery queue because I

Re: Problem with elliptic key

2016-04-22 Thread Seth
On Sun, 17 Apr 2016 09:59:07 -0700, Gilles Chehade wrote: With an elliptic key opensmtpd won't start. I have attached the config, the debug output and my used EC cert+key attached (both are only self signed test certs). I would kindly ask, if someone has some time to

Re: please test upcoming release

2016-05-12 Thread Seth
On Thu, 12 May 2016 09:01:10 -0700, Gilles Chehade wrote: Do test asap, the longer we lock on 5.9.2, the longer we are not doing new OpenSMTPD work. Forgot to ask: Will this release candidate 'play nice' with opensmtpd-extras-201602042118? -- You received this mail