Associate a custom CA certificate with hostname

2017-08-14 Thread Thomas Bohl
Hello, in order to prevent man in the middle attacks between my servers, I want to use my own CA. But I have trouble verifying that the destination is really using it. # uname -a OpenBSD c7.example.com 6.1 GENERIC#21 amd64 # smtpd -h version: OpenSMTPD 6.0.0 # cat /etc/mail/smtpd.conf table

Re: domain name as accept from source

2017-09-14 Thread Thomas Bohl
> Is there a way I can use a domain name for accept from source as I'd > rather not have to login and edit the config when my ip changes ? You could write a script that resolves your hostname, puts the IP into a netaddr table and calls "smtpctl update table sources". Run by cron. Is there a

Re: domain name as accept from source

2017-09-14 Thread Thomas Bohl
> opensmtpd is only relaying, and will only accept outbound from one ip, > and will only accept inbound for my domain I don't really need to > authenticate ? In fact I'm not even sure what I'd be authenticating ? You would authenticate that you are allowed to send emails. :-) No matter your IP

Re: pony express: smtpd: bind: Cannot assign requested address

2017-09-24 Thread Thomas Bohl
> listen on lo0  port 10028 tag DKIM Does lo0 exist? You used just lo for the other ports. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Flushing SMTPD's queue

2017-09-02 Thread Thomas Bohl
> > How does one achieve the equivalent of > > sendmail -q > > i.e. rescan the queue and try and send traffic. # smtpctl schedule all -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Ignore subdomain in lmtp/rcpt-to

2017-11-01 Thread Thomas Bohl
Hi, >> # echo example.com > /etc/mail/mailname > > I've tried it but it does not solve the problem: > > $ mail -v user > <<< 220 host.example.com ESMTP OpenSMTPD > >>> EHLO localhost > <<< 250-host.example.com Hello localhost [local], pleased to meet you > <<< 250-8BITMIME > <<<

Re: opensmtpd cannot read passwd-file

2017-11-05 Thread Thomas Bohl
Hello, > passwd[7508]: warn: table-proc: bogus data > passwd[7508]: fatal: table-proc: exiting > warn: table-proc: pipe closed > fatal: table-proc: exiting > > My passwd-file only has one entry for now which is > > t...@domain.tld:$6$A0…: I'm not familiar with

Re: Ignore subdomain in lmtp/rcpt-to

2017-11-02 Thread Thomas Bohl
>> Can you post your full configuration? Because it should work >> immediately. See: > > table aliases file:/etc/mail/aliases > table domains file:/etc/mail/domains > table passwd passwd:/etc/mail/passwd > table virtuals file:/etc/mail/virtuals > subaddressing-delimiter "-" > > accept for

Re: Ignore subdomain in lmtp/rcpt-to

2017-11-02 Thread Thomas Bohl
> sorry, my fault. Filename is "mailname" not "mailme". I added > example.com to "/etc/mail/mailname" and it works, with and without > subaddressing. Extra aliases not needed :-) I was going to commend on the typo, but I didn't want to appear nitpicky and assumed it was just in the mail. -- You

Re: Ignore subdomain in lmtp/rcpt-to

2017-11-01 Thread Thomas Bohl
> If I send a message from local the FQDN is added so the mail is send > to u...@host.example.com. Is it possible to ignore the "host." part or > rewrite the address to u...@example.com? # echo example.com > /etc/mail/mailname -- You received this mail because you are subscribed to

Re: from virtual domain, deliver 1 address to local mbox

2017-10-21 Thread Thomas Bohl
> My essential question: > Is there a good way to have go to a local user mbox? Since you are using Dovecot you could use Sieve to redirect virtual postmas...@example.org to local larry. https://wiki2.dovecot.org/Pigeonhole/Sieve -- You received this mail because you

Re: Forward copy.

2017-12-24 Thread Thomas Bohl
> I'm looking into moving from Qmail/vpopmail to OpenSMTPD/Dovecot and I > cannot for the life of me figure out if/how it's possible to forward a > copy for a user. Would recommend to use Sieve: https://wiki.dovecot.org/Pigeonhole/Sieve protocol lda { mail_plugins = sieve } protocol lmtp

Re: Dovecot - Do I need this?

2018-08-25 Thread Thomas Bohl
Hi, > My question is, Can I use OpenSMTPD with Spamd (OpenBSD - Spamd, Greylisting, > Graytrapping) and not have anything to do with Dovecot or any other MDA. Yes, dovecot is optional. You can read the emails locally. -- You received this mail because you are subscribed to misc@opensmtpd.org

Re: Dovecot - Do I need this?

2018-08-25 Thread Thomas Bohl
> I am not sure what you mean by “read emails locally”. Can I use Roundcube to > read my emails or mutt? Do I need Dovecot for this? The emails are gonna be read on the machine that runs OpenSMTP. Whatever program you're planing on using has to be able to access the Maildir/mbox directly on the

Re: relay rule for sending email "n...@company.com" ?

2018-07-18 Thread Thomas Bohl
Hi, > I want to add rule, which will use Google SMTP server to relay only > these emails, in which I use from as n...@company.com (@company.com) accept sender "n...@company.com" for any relay via \ tls+auth://foo...@googlesmtpserver.com:587 \ auth verify > Like > mail -r

Re: Trouble configuring OpenSMTPD - every incoming message rejected as 550 Invalid recipient.

2018-04-21 Thread Thomas Bohl
> I wasn't able to find a mailing list archive to review at the URL: > https://www.opensmtpd.org/list.html If there is an archive, please direct me > to it, so I can benefit from other's misfortune. :) For example https://www.mail-archive.com/misc@opensmtpd.org/ > No matter who I address

Re: How to deal with spam and opensmtpd

2018-04-21 Thread Thomas Bohl
> But I was wondering what do you guys use to filter content of emails at > the smtp server level. *knocking on wood* Apart from the unused line reject from any sender I didn't deploy any anti spam measures so far. And I have yet to receive my first spam mail. I'm the only user on my mail server

Re: New config syntax

2018-10-26 Thread Thomas Bohl
Hello, > In my aliases table I have entries like: > > admin:fred, f...@crowsons.net Is crowsons.net the hostname of the server? > > but with my new smtpd.conf [1] I'm getting the following error: > > 524 5.2.4 Mailing list expansion problem What is the full line in /var/log/maillog? --

Re: Mail loops when relaying and using smtp auth

2018-11-28 Thread Thomas Bohl
By default, there is ‘accept from local for any relay’, and I’ve kept that in place. Is this what you were referring to? That is what's casing the loop. "relay" looks for the MX record (Which is what you want for everting but your own domain). "relay via" skips that. As I understand it,

Re: Opensmtpd failover

2018-11-23 Thread Thomas Bohl
Hello, Now smtp2 writes the message on the disk in order to store it. What do you people do in order to have a common storage for both smtp which can be correct regardless whether a smtp goes up or down. I'm afraid my answer has little to do with OpenSMTPD. The common storage for my emails

Re: Opensmtpd failover

2018-11-24 Thread Thomas Bohl
Hi, smtp2 doesn't deliver the mail to an IMAP mail storage daemon. Instead, it spools it and waits But why? Just deliver it and be done. Can't see many drawbacks in that. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to:

Re: Mail loops when relaying and using smtp auth

2018-11-28 Thread Thomas Bohl
Hi, It is possible to configure OpenSMTPd to detect this scenario and to know that it should relay that email to domain.com rather than trying to deliver it to its MX server, which happens to be the server itself? Here’s a very abridged version of my config, showing the relay and

Re: Mail to root not working anymore with 6.4

2019-01-11 Thread Thomas Bohl
Hello, action lmtp-local lmtp "/var/dovecot/lmtp" rcpt-to #action lmtp-local lmtp "/var/dovecot/lmtp" rcpt-to alias Looks like you commented the wrong line out. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to:

Re: Mail to root not working anymore with 6.4

2019-01-11 Thread Thomas Bohl
I reread you first Mail and I'm not sure any more if I understand what you try to achieve. Is the mailbox of farid on nuc.example.com? If yes, I see no need for a further alias from farid to fa...@example.com (I assume there is a farid user on dovecot's site.) Secondly, why are our from=<>s

Re: Mail to root not working anymore with 6.4

2019-01-12 Thread Thomas Bohl
userdb {   args = uid=vmail gid=vmail home=/var/vmail/%d/%n   driver = static } nuc# I had forgotten that I had my dovecot setup like that. I set it up that way so that I can have e-mail users that are not system users. That is kind of important information. That makes the question whether

Re: How to setup a "clean MTA" in 2019?

2019-04-03 Thread Thomas Bohl
Hello, - setup the mta to use a EHLO name matching DNS for the IP I continually get that the two do not match using the various email testers. Yet the domain names do indeed match. Care to share the logs of one of those testers? When your server says "EHLO mx1.example.com" then the reverse

Re: Unable to relay email

2019-04-04 Thread Thomas Bohl
Yes, I know it's hard to believe, maybe I forget to reload smtpd.conf after I made the edit, but I don't think so. What's the alternative? Did you make an update? Yes, secrets exists and has valid login info. I tested the info with Thunderbird on a client and was able to send an email

Re: Unable to relay email

2019-04-04 Thread Thomas Bohl
Hello, action “relay” relay user username host smtp+tls://b...@smtp.example.com auth It worked fine until late March. Hard to believe, since it is a syntax error. smtpd -n was ok after user [username] was removed but the relay no longer functioned. The main cause seems to be a lack of

Re: Unable to relay email

2019-04-05 Thread Thomas Bohl
Am 05.04.2019 um 05:58 schrieb Juan Trippe: What's the alternative? Did you make an update? I don't know, it was about a month ago. I was trying to get the relay working so I was making changes to the smtpd.conf file. AFAIK I was restarting smtpd after each edit and stopped when it worked.

Re: Unable to relay email

2019-04-05 Thread Thomas Bohl
== /etc/mail/smtpd.conf diffs (-OLD  +NEW) == --- /var/backups/etc_mail_smtpd.conf.current    Fri Feb 22 01:30:23 2019 +++ /etc/mail/smtpd.conf    Fri Mar 15 20:49:37 2019 @@ -17,3 +17,5 @@   # match from any for domain "example.org" action "local"   match for local action "local"  

Re: Unable to relay email

2019-04-05 Thread Thomas Bohl
For the server I am trying to connect, I was told to use 587 if 25 didn't work, so I've been trying both. You should use 587. Here is the smtpd.conf now: Looks good. I bet money that the username:password pair in is just wrong :-) Don't forget to run # smtpctl update table secrets after

Re: Unable to relay email

2019-04-05 Thread Thomas Bohl
Looks good. I bet money that the username:password pair in is just wrong :-) How much would you like to wager? :) 10€ for the project :-) I copied and pasted the info into a weblogin and it worked (unfortunately?) Hm, maybe you need a "application password". Try # smtpd -dv -Ttransfer

Re: Unable to relay email

2019-04-06 Thread Thomas Bohl
This is my host and the source of the connection info I use: https://support.bell.ca/internet/email/how-to-use-bell-mail?step=5 (That is what you find when you search for smtphm. The .co.jp-part doesn't really anonymise it. You should have used the original from the get go.) I get local

Re: Unable to relay email

2019-04-06 Thread Thomas Bohl
The format of my secrets file is: my_relay sender:PASSWORD Any strange glyph to be concerned about? At one point I was trying to connect to the server with openssl and when I used " perl -MMIME::Base64 -e 'print encode_base64("SomeBase64Code");' " for my password it was truncating because of

Re: 550 invalid recipient issue

2019-03-16 Thread Thomas Bohl
Both files are looking good/same as before and local delivery with sendmail does not work: ga...@server.com... Connecting to [127.0.0.1] via relay... 220 mail.server.com ESMTP OpenSMTPD EHLO mail.server.com 250-mail.server.com Hello mail.server.com [127.0.0.1], pleased to meet you

Re: 550 invalid recipient issue

2019-03-18 Thread Thomas Bohl
Which leads to the question: Does user1 exist? But I do not understand why osmtpd is looking at the /etc/passwd file when I have always used my table files (defined in smtp.conf) with a working environment, My understanding is, according to the configuration you presented, that it has to

Re: 550 invalid recipient issue

2019-03-18 Thread Thomas Bohl
The configuration loaded is correct as I see the daemon is loading the correct certificates and stuff if launched with smtpd -dv -T smtp. I am very shocked as I am not able to figure out what happened. I never changed any config file since December and I have installed this environment at

Re: 550 invalid recipient issue

2019-03-18 Thread Thomas Bohl
I discovered the below after running a smtpd -dv -Tlookup: lookup: check "17.58.63.178" as NETADDR in table static: -> 0 lookup: check "17.58.63.178" as NETADDR in table static: -> found lookup: check “domain.com" as DOMAIN in table static: -> found lookup: lookup “user1" as USERINFO in table

Re: 550 invalid recipient issue

2019-03-19 Thread Thomas Bohl
Can you maybe post your virtuals? Here my /usr/local/etc/mail/virtuals: ab...@domain.comus...@domain.com postmas...@domain.com us...@domain.com webmas...@domain.comus...@domain.com The line for us...@domain.com is missing. The debug output shows

Re: 550 invalid recipient issue

2019-03-15 Thread Thomas Bohl
Hello, #Allow local delivery accept from any for local alias deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to #Allow virtual domains accept from any for domain virtual deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to Are the files /usr/local/etc/mail/domains and

Re: how could a safety mechanism be configured?

2019-05-01 Thread Thomas Bohl
Hello, So what happened to me was that I activated a crontab accidentally that fetchmails POP3 mail. It connects to localhost and delivers to me (pjp@localhost). In my case the lmtp delivery caused a no such mailbox error, and opensmtpd then sent a bounce to the originators of the mail as

Re: Intercepting mails with opensmtpd

2019-05-07 Thread Thomas Bohl
Hello, accept from source sender "" deliver to maildir "/home/mail/mydomain1/myuser/Maildir" accept from source sender "www-d...@mydomain2.com" deliver to maildir "/home/mail/mydomain1/myuser/Maildir" Do you have an idea ? Make sure it's above the relay rule. -- You received this

Re: what's your LMTP use-case

2019-07-05 Thread Thomas Bohl
Hello, I know plenty of people use the lmtp action to deliver mail through LMTP and I'm genuinely curious: what is your use-case ? I use dovecot's lmtp to utilise Sieve[1] scripts and mailbox replication[2]. [1] https://wiki2.dovecot.org/Pigeonhole [2] https://wiki2.dovecot.org/Replication

Re: Static Table Entry - smtpd.conf

2019-04-21 Thread Thomas Bohl
Hi, Is it valid if I add a static table entry in "smtpd.conf" like so; table blacklist { "@*.anonymous-email.*" } Yes Spamd is not stopping it so I though I can reject emails using a static table as noted above. Will my wildcard work? Yes, given an appropriate match action like match

Re: relay from authenticated users only

2019-07-02 Thread Thomas Bohl
Hello, I'd like to change somehow the config to let authenticated users only use my OpenSMPTD as a relay. Authentication should be based on the machine's local user and password table (/etc/passwd). I tried "listen on ... auth ..." but it complained about the lack of TLS/smtps. That is

Re: table-passwd

2019-09-17 Thread Thomas Bohl
Hello, Is there anyone using table-passwd for _any_ other purposes than sharing with Dovecot ? Unless I'm misunderstanding the question, I use it all the time. If an appliance or server needs to be able to send or relay e-mail it gets an entry in the table-passwd, with an individual

Re: smarthost + aliases

2019-09-13 Thread Thomas Bohl
Hello, listen on localhost table aliases db:/etc/aliases.db table secrets db:/etc/smtpd.secrets.db (Just use file. There is no gain in using Berkeley DB.) expire 4h accept from local for any relay via \ smtps+auth://gm...@smtp.gmail.com:465 \ as tschwei...@gmail.com \ auth verify

Re: smarthost + aliases

2019-09-13 Thread Thomas Bohl
accept from local for any relay via \   smtps+auth://gm...@smtp.gmail.com:465 \   as tschwei...@gmail.com \   auth verify Sorry, that is obviously wrong. I misunderstood.

Re: Virtual users with Dovecot/Neomutt/OpenSMTPD

2019-07-17 Thread Thomas Bohl
Hi, what does your smtpd.conf look like? What versions are you using? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org