Re: unable to send mail from desktop mail client to remote email addresses

2019-10-04 Thread Implausibility
Vultr blocks SMTP unless you specifically request the block to be lifted. -JD.On Oct 3, 2019, at 12:39 PM, Kevin  wrote:On Thu, Oct 3, 2019 at 8:55 AM Reio Remma  wrote:On 03.10.2019 18:34, Kevin wrote:If I can send the domain email, if I can retrieve email via Dovecot, if I can send mail to myself from the server's CLI (and even retrieve it remotely via my mail client), it seems like there's some knob missing that says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles' rules (and edited them for my own domain) , and it am no workie.Is there perhaps something else akin to the forwarding knob that lets PF forward packets between interfaces that either I've forgotten or was skipped in the HOWTO?Thanks,KevinWhat connection do you have?Ironically / fittingly, Vultr, same as in Gilles' guide. Have been there for ~6 years now running OpenBSD for all my servers there.If it's a home connection, then most ISP-s block sending mail directly to port 25 (on the destination server). You want a static IP for a mail server, with rDNS etc. set up.RDNS is setup and matches the hostname.


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
On Thu, Oct 3, 2019 at 11:31 AM Nick Ryan  wrote:

> Have you contacted vultr? Their faq states it could be blocked and its
> worth checking with them.
>
> Do you allow outbound SMTP?
> 
>
> In some instances, outbound traffic to the SMTP port may be blocked for
> new accounts. If you encounter this restriction, contact our support team
> from the customer portal.
>
>
SOLVED!

Winner, winner, chicken dinner!

Just reporting back here that Nick Ryan has nailed the issue: Vultr.

Apparently they're borderline militant anti-spammers who block SMTP by
default and also refuse to unblock it for you for any kind of promotional
emailing including to double- and triple- opt-in verified contacts.

IOW: practically speaking, you can't use a Vultr instance for mailing
anything resembling "marketing" emails, because, let's be honest here,
you're GOING to get spam complaints... all businesses do, no matter how
'clean' your list and how white hat and ethical you are as a business.

Heck, I had an instance years ago where GoDaddy (hate them) threatened to
revoke a domain registration because exactly *ONE* person complained that I
was a spammer over the course of *years*.

Said grouser had originally gotten onto my list back in 2008... I emailed
him a handful of times a year for the next few years with no issues, then
in 2014 (yes, six YEARS he was on my list), he complains to GoDaddy that
I'd "spammed" him. (I didn't.)

Luckily, I keep all the original sign-up info (IP, user_agent, etc), so I
was able to get out of the issue, but that *was*a complaint.

Would Vultr terminate my hosting with them after that? From their TOS it
sure seems like it.

S... as much as I like them technologically, I'm looking for a new ISP
now. (Anyone got recommendations for cloud-based OpenBSD hosts? I'm done
hosting bare metal...)

Thanks for the help everyone (double thanks to Nick Ryan), and let this
serve as future notice to anyone RTFAs, attempts to redact or withhold
information when you're seeking help from the list is just stupid.

Even the *tiniest detail* can be THE key to solving your issue. Disclose
anything or figure it out on your own.

Kevin


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Chris Bennett
On Thu, Oct 03, 2019 at 09:31:08AM +0200, Peter N. M. Hansteen wrote:
> 
> Also,
> 
> [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
> Host example.app not found: 3(NXDOMAIN)
> [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
> Host mx.example.app not found: 3(NXDOMAIN)
> 

I was randomly getting this error myself, I think there was or is some
other, non-related prpblem causing this error.

I'm also having some problems myself, but I'm camping right now.
I'll post something when I'm not typing from a phone.

Chris Bennett





Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
mx$ cat /etc/mail/smtpd.conf


pki mx.magcast.app cert "/etc/letsencrypt/live/mx.magcast.app/cert.pem"
pki mx.magcast.app key  "/etc/letsencrypt/live/mx.magcast.app/privkey.pem"

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \
disconnect "550 no residential connections"

filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS is so 80s"

filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS is so 80s"

filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor
5000"

filter rspamd proc-exec "filter-rspamd"

table aliases file:/etc/mail/aliases

listen on all tls pki mx.magcast.app \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }

listen on all port submission tls-require pki mx.magcast.app auth filter
rspamd

action "local_mail" maildir junk alias 
action "outbound" relay helo mx.magcast.app

match from any for domain "magcast.app" action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"
=


Also, for what it's worth:

mx$ netstat -an | grep LISTEN
tcp  0  0  *.993  *.*LISTEN
tcp  0  0  *.143  *.*LISTEN
tcp  0  0  *.995  *.*LISTEN
tcp  0  0  *.110  *.*LISTEN
tcp  0  0  *.2000 *.*LISTEN
tcp  0  0  *.4190 *.*LISTEN
tcp  0  0  127.0.0.1.11333*.*LISTEN
tcp  0  0  127.0.0.1.11334*.*LISTEN
tcp  0  0  127.0.0.1.11332*.*LISTEN
tcp  0  0  127.0.0.1.6379 *.*LISTEN
tcp  0  0  *.22   *.*LISTEN
tcp  0  0  108.61.229.79.587  *.*LISTEN
tcp  0  0  127.0.0.1.587  *.*LISTEN
tcp  0  0  108.61.229.79.25   *.*LISTEN
tcp  0  0  127.0.0.1.25   *.*LISTEN
tcp6 0  0  *.22   *.*LISTEN
tcp6 0  0  ::1.587*.*LISTEN
tcp6 0  0  fe80::1%lo0.587*.*LISTEN
tcp6 0  0  *.2000 *.*LISTEN
tcp6 0  0  *.4190 *.*LISTEN
tcp6 0  0  ::1.11333  *.*LISTEN
tcp6 0  0  ::1.11334  *.*LISTEN
tcp6 0  0  ::1.11332  *.*LISTEN
tcp6 0  0  ::1.25 *.*LISTEN
tcp6 0  0  fe80::1%lo0.25 *.*LISTEN
tcp6 0  0  *.993  *.*LISTEN
tcp6 0  0  *.143  *.*LISTEN
tcp6 0  0  *.995  *.*LISTEN
tcp6 0  0  *.110  *.*LISTEN



mx$ ps aux | grep smtp
root 50201  0.0  0.2  1832  2416 ??  Ip  9:41AM0:00.01
/usr/sbin/smtpd
_smtpq   78536  0.0  0.4  1956  4628 ??  Ip  9:41AM0:00.03 smtpd:
queue (smtpd)
_smtpd   46568  0.0  0.4  1548  4400 ??  Ip  9:41AM0:00.04 smtpd:
scheduler (smtpd)
_smtpd   95502  0.0  0.4  1556  4344 ??  Ip  9:41AM0:00.02 smtpd:
klondike (smtpd)
_smtpd   15341  0.0  0.4  1760  4576 ??  Sp  9:41AM0:00.02 smtpd:
control (smtpd)
_smtpd   81286  0.0  0.4  1904  4524 ??  Ip  9:41AM0:00.02 smtpd:
lookup (smtpd)
_smtpd   98151  0.0  0.5  1960  4984 ??  Sp  9:41AM0:00.03 smtpd:
pony express (smtpd)
_smtpd   22192  0.0  0.1  1772  1072 ??  I   9:41AM0:00.00
/usr/sbin/smtpd
_smtpd2006  0.0  0.3 106116  3544 ??  I   9:41AM0:00.01
/usr/local/libexec/smtpd/filter-rspamd
_smtpd   98128  0.0  0.1  1772  1072 ??  I   9:41AM0:00.00
/usr/sbin/smtpd
_smtpd3519  0.0  0.3 104620  3076 ??  I   9:41AM0:00.01
/usr/local/libexec/smtpd/filter-senderscore -blockBelow 10 -junkBelow 70
-slowFactor 5000 (filter-sendersco)



mx$ ps aux | grep dovecot
root 21685  0.0  0.2   704  2272 ??  I  11:41PM0:00.05
/usr/local/sbin/dovecot
root 62680  0.0  0.2   724  2476 ??  I  11:41PM0:00.02
dovecot/log
_dovecot 35238  0.0  0.2   616  2344 ??  I  11:41PM0:00.02
dovecot/anvil
root 27271  0.0  0.5  2748  5300 

Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
On Thu, Oct 3, 2019 at 8:55 AM Reio Remma  wrote:

> On 03.10.2019 18:34, Kevin wrote:
>
> If I can send the domain email, if I can retrieve email via Dovecot, if I
> can send mail to myself from the server's CLI (and even retrieve it
> remotely via my mail client), it seems like there's some knob missing that
> says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles'
> rules (and edited them for my own domain) , and it am no workie.
>
> Is there perhaps something else akin to the forwarding knob that lets PF
> forward packets between interfaces that either I've forgotten or was
> skipped in the HOWTO?
>
> Thanks,
> Kevin
>
>
> What connection do you have?
>

Ironically / fittingly, Vultr, same as in Gilles' guide. Have been there
for ~6 years now running OpenBSD for all my servers there.


> If it's a home connection, then most ISP-s block sending mail directly to
> port 25 (on the destination server). You want a static IP for a mail
> server, with rDNS etc. set up.
>

RDNS is setup and matches the hostname.


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Edgar Pettijohn
Could you post your config. 
Thanks
On Oct 3, 2019 10:34 AM, Kevin  wrote:On Thu, Oct 3, 2019 at 12:36 AM Peter N. M. Hansteen  wrote:On Wed, Oct 02, 2019 at 11:33:58PM -0700, Kevin wrote:
> Hi all,
> 
> Having just followed the setup instructions on Gilles HOWTO page here:
> 
> 
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
> 
> 
> ...I'm unable to send mail from my new OpenSMTPD server on OpenBSD 6.6-beta
> (OpenBSD 6.6-beta (GENERIC) #320: Mon Sep 30 21:24:24 MDT 2019); however,
> other deliveries (and mail retrieval) work.
> 
> The pertinent log message looks like this:
> 
> Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp envelope
> evpid=2c41c5fc4a7e6c06 from= to=
> Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp disconnected
> reason=quit
> Oct  2 23:21:38 mx smtpd[25067]: bf1c57b6b057c6ef mta error
> reason=Connection timeout

Connection timeout sounds very much like your machine is not allowed to send 
outgoing mail via SMTP. Check for firewalls and the like.

Also,

[Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
Host example.app not found: 3(NXDOMAIN)
[Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
Host mx.example.app not found: 3(NXDOMAIN)

Among the things you need in order to deliver mail, a valid domain is in 
the top few. I think the basic requirements are indeed listed in the article
(under "Requirements"), please go back and re-read, check that you have
all of those set up properly.I can see why you might think that given that I altered the real domain name to example.app. (I know it's frowned upon; I only did it because this is a new machine with a setup hobbling along. Bad Kevin... bad...)In any event, I'm *sure* the domain DNS part is right as I can _receive_ email just fine, including from the same @gmail address I'm writing this from, ergo, DNS resolution of the real domain (and its MX record) are fine. As for pf being the issue; it's disabled.# pfctl -s infoStatus: Disabled for 0 days 08:23:56             Debug: errLatest, greatest kernel running:$ dmesg | grep Open | tail -1    OpenBSD 6.6 (GENERIC) #326: Wed Oct  2 22:34:33 MDT 2019 One of the things that's puzzling is this part of the log:smtp disconnected reason=quit.If I can send the domain email, if I can retrieve email via Dovecot, if I can send mail to myself from the server's CLI (and even retrieve it remotely via my mail client), it seems like there's some knob missing that says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles' rules (and edited them for my own domain) , and it am no workie.Is there perhaps something else akin to the forwarding knob that lets PF forward packets between interfaces that either I've forgotten or was skipped in the HOWTO?Thanks,Kevin


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Reio Remma

On 03.10.2019 18:34, Kevin wrote:
If I can send the domain email, if I can retrieve email via Dovecot, 
if I can send mail to myself from the server's CLI (and even retrieve 
it remotely via my mail client), it seems like there's some knob 
missing that says, "All auth'd users to relay," yet, I've 
copied-and-pasted Gilles' rules (and edited them for my own domain) , 
and it am no workie.


Is there perhaps something else akin to the forwarding knob that lets 
PF forward packets between interfaces that either I've forgotten or 
was skipped in the HOWTO?


Thanks,
Kevin


What connection do you have? If it's a home connection, then most ISP-s 
block sending mail directly to port 25 (on the destination server). You 
want a static IP for a mail server, with rDNS etc. set up.


Good luck,
Reio


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Kevin
On Thu, Oct 3, 2019 at 12:36 AM Peter N. M. Hansteen 
wrote:

> On Wed, Oct 02, 2019 at 11:33:58PM -0700, Kevin wrote:
> > Hi all,
> >
> > Having just followed the setup instructions on Gilles HOWTO page here:
> >
> >
> >
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
> >
> >
> > ...I'm unable to send mail from my new OpenSMTPD server on OpenBSD
> 6.6-beta
> > (OpenBSD 6.6-beta (GENERIC) #320: Mon Sep 30 21:24:24 MDT 2019); however,
> > other deliveries (and mail retrieval) work.
> >
> > The pertinent log message looks like this:
> >
> > Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp envelope
> > evpid=2c41c5fc4a7e6c06 from= to= >
> > Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp disconnected
> > reason=quit
> > Oct  2 23:21:38 mx smtpd[25067]: bf1c57b6b057c6ef mta error
> > reason=Connection timeout
>
> Connection timeout sounds very much like your machine is not allowed to
> send
> outgoing mail via SMTP. Check for firewalls and the like.
>
> Also,
>
> [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
> Host example.app not found: 3(NXDOMAIN)
> [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
> Host mx.example.app not found: 3(NXDOMAIN)
>
> Among the things you need in order to deliver mail, a valid domain is in
> the top few. I think the basic requirements are indeed listed in the
> article
> (under "Requirements"), please go back and re-read, check that you have
> all of those set up properly.
>
>
I can see why you might think that given that I altered the real domain
name to example.app. (I know it's frowned upon; I only did it because this
is a new machine with a setup hobbling along. Bad Kevin... bad...)

In any event, I'm *sure* the domain DNS part is right as I can _receive_
email just fine, including from the same @gmail address I'm writing this
from, ergo, DNS resolution of the real domain (and its MX record) are fine.

As for pf being the issue; it's disabled.

# pfctl -s info
Status: Disabled for 0 days 08:23:56 Debug: err

Latest, greatest kernel running:

$ dmesg | grep Open | tail -1
OpenBSD 6.6 (GENERIC) #326: Wed Oct  2 22:34:33 MDT 2019

One of the things that's puzzling is this part of the log:


smtp disconnected reason=quit.


If I can send the domain email, if I can retrieve email via Dovecot, if I
can send mail to myself from the server's CLI (and even retrieve it
remotely via my mail client), it seems like there's some knob missing that
says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles'
rules (and edited them for my own domain) , and it am no workie.

Is there perhaps something else akin to the forwarding knob that lets PF
forward packets between interfaces that either I've forgotten or was
skipped in the HOWTO?

Thanks,
Kevin


Re: unable to send mail from desktop mail client to remote email addresses

2019-10-03 Thread Peter N. M. Hansteen
On Wed, Oct 02, 2019 at 11:33:58PM -0700, Kevin wrote:
> Hi all,
> 
> Having just followed the setup instructions on Gilles HOWTO page here:
> 
> 
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
> 
> 
> ...I'm unable to send mail from my new OpenSMTPD server on OpenBSD 6.6-beta
> (OpenBSD 6.6-beta (GENERIC) #320: Mon Sep 30 21:24:24 MDT 2019); however,
> other deliveries (and mail retrieval) work.
> 
> The pertinent log message looks like this:
> 
> Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp envelope
> evpid=2c41c5fc4a7e6c06 from= to=
> Oct  2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp disconnected
> reason=quit
> Oct  2 23:21:38 mx smtpd[25067]: bf1c57b6b057c6ef mta error
> reason=Connection timeout

Connection timeout sounds very much like your machine is not allowed to send 
outgoing mail via SMTP. Check for firewalls and the like.

Also,

[Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
Host example.app not found: 3(NXDOMAIN)
[Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
Host mx.example.app not found: 3(NXDOMAIN)

Among the things you need in order to deliver mail, a valid domain is in 
the top few. I think the basic requirements are indeed listed in the article
(under "Requirements"), please go back and re-read, check that you have
all of those set up properly.

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.