mx$ cat /etc/mail/smtpd.conf
pki mx.magcast.app cert "/etc/letsencrypt/live/mx.magcast.app/cert.pem"
pki mx.magcast.app key "/etc/letsencrypt/live/mx.magcast.app/privkey.pem"
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS is so 80s"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS is so 80s"
filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor
5000"
filter rspamd proc-exec "filter-rspamd"
table aliases file:/etc/mail/aliases
listen on all tls pki mx.magcast.app \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
listen on all port submission tls-require pki mx.magcast.app auth filter
rspamd
action "local_mail" maildir junk alias <aliases>
action "outbound" relay helo mx.magcast.app
match from any for domain "magcast.app" action "local_mail"
match for local action "local_mail"
match from any auth for any action "outbound"
match for any action "outbound"
=============================================================
Also, for what it's worth:
mx$ netstat -an | grep LISTEN
tcp 0 0 *.993 *.* LISTEN
tcp 0 0 *.143 *.* LISTEN
tcp 0 0 *.995 *.* LISTEN
tcp 0 0 *.110 *.* LISTEN
tcp 0 0 *.2000 *.* LISTEN
tcp 0 0 *.4190 *.* LISTEN
tcp 0 0 127.0.0.1.11333 *.* LISTEN
tcp 0 0 127.0.0.1.11334 *.* LISTEN
tcp 0 0 127.0.0.1.11332 *.* LISTEN
tcp 0 0 127.0.0.1.6379 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
tcp 0 0 108.61.229.79.587 *.* LISTEN
tcp 0 0 127.0.0.1.587 *.* LISTEN
tcp 0 0 108.61.229.79.25 *.* LISTEN
tcp 0 0 127.0.0.1.25 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp6 0 0 ::1.587 *.* LISTEN
tcp6 0 0 fe80::1%lo0.587 *.* LISTEN
tcp6 0 0 *.2000 *.* LISTEN
tcp6 0 0 *.4190 *.* LISTEN
tcp6 0 0 ::1.11333 *.* LISTEN
tcp6 0 0 ::1.11334 *.* LISTEN
tcp6 0 0 ::1.11332 *.* LISTEN
tcp6 0 0 ::1.25 *.* LISTEN
tcp6 0 0 fe80::1%lo0.25 *.* LISTEN
tcp6 0 0 *.993 *.* LISTEN
tcp6 0 0 *.143 *.* LISTEN
tcp6 0 0 *.995 *.* LISTEN
tcp6 0 0 *.110 *.* LISTEN
============================================================
mx$ ps aux | grep smtp
root 50201 0.0 0.2 1832 2416 ?? Ip 9:41AM 0:00.01
/usr/sbin/smtpd
_smtpq 78536 0.0 0.4 1956 4628 ?? Ip 9:41AM 0:00.03 smtpd:
queue (smtpd)
_smtpd 46568 0.0 0.4 1548 4400 ?? Ip 9:41AM 0:00.04 smtpd:
scheduler (smtpd)
_smtpd 95502 0.0 0.4 1556 4344 ?? Ip 9:41AM 0:00.02 smtpd:
klondike (smtpd)
_smtpd 15341 0.0 0.4 1760 4576 ?? Sp 9:41AM 0:00.02 smtpd:
control (smtpd)
_smtpd 81286 0.0 0.4 1904 4524 ?? Ip 9:41AM 0:00.02 smtpd:
lookup (smtpd)
_smtpd 98151 0.0 0.5 1960 4984 ?? Sp 9:41AM 0:00.03 smtpd:
pony express (smtpd)
_smtpd 22192 0.0 0.1 1772 1072 ?? I 9:41AM 0:00.00
/usr/sbin/smtpd
_smtpd 2006 0.0 0.3 106116 3544 ?? I 9:41AM 0:00.01
/usr/local/libexec/smtpd/filter-rspamd
_smtpd 98128 0.0 0.1 1772 1072 ?? I 9:41AM 0:00.00
/usr/sbin/smtpd
_smtpd 3519 0.0 0.3 104620 3076 ?? I 9:41AM 0:00.01
/usr/local/libexec/smtpd/filter-senderscore -blockBelow 10 -junkBelow 70
-slowFactor 5000 (filter-sendersco)
============================================================
mx$ ps aux | grep dovecot
root 21685 0.0 0.2 704 2272 ?? I 11:41PM 0:00.05
/usr/local/sbin/dovecot
root 62680 0.0 0.2 724 2476 ?? I 11:41PM 0:00.02
dovecot/log
_dovecot 35238 0.0 0.2 616 2344 ?? I 11:41PM 0:00.02
dovecot/anvil
root 27271 0.0 0.5 2748 5300 ?? I 11:41PM 0:00.09
dovecot/config
_dovecot 24598 0.0 0.2 676 2480 ?? I 11:41PM 0:00.02
dovecot/stats
============================================================
mx$ ps aux | grep spam
root 35077 0.0 0.4 41748 3756 ?? I 11:41PM 0:00.09 rspamd:
main process (rspamd)
_rspamd 17847 0.0 0.7 41908 7380 ?? S 11:41PM 0:01.48 rspamd:
rspamd_proxy process (localhost:11332) (rspamd)
_rspamd 35396 0.0 1.3 42840 13092 ?? S 11:41PM 0:08.62 rspamd:
controller process (localhost:11334) (rspamd)
_rspamd 9697 0.0 1.0 42676 9896 ?? S 11:41PM 0:01.55 rspamd:
normal process (localhost:11333) (rspamd)
_smtpd 2006 0.0 0.3 106116 3544 ?? I 9:41AM 0:00.01
/usr/local/libexec/smtpd/filter-rspamd
============================================================
mx$ ps aux | grep redis
_redis 86838 0.0 0.3 14468 2860 ?? S 11:41PM 0:19.81
redis-server: /usr/local/sbin/redis-server 127.0.0.1:6379 (redis-server)
On Thu, Oct 3, 2019 at 9:11 AM Edgar Pettijohn <[email protected]>
wrote:
> Could you post your config.
>
> Thanks
> On Oct 3, 2019 10:34 AM, Kevin <[email protected]> wrote:
>
>
>
> On Thu, Oct 3, 2019 at 12:36 AM Peter N. M. Hansteen <[email protected]>
> wrote:
>
> On Wed, Oct 02, 2019 at 11:33:58PM -0700, Kevin wrote:
> > Hi all,
> >
> > Having just followed the setup instructions on Gilles HOWTO page here:
> >
> >
> >
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
> >
> >
> > ...I'm unable to send mail from my new OpenSMTPD server on OpenBSD
> 6.6-beta
> > (OpenBSD 6.6-beta (GENERIC) #320: Mon Sep 30 21:24:24 MDT 2019); however,
> > other deliveries (and mail retrieval) work.
> >
> > The pertinent log message looks like this:
> >
> > Oct 2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp envelope
> > evpid=2c41c5fc4a7e6c06 from=<[email protected]> to=<[email protected]
> >
> > Oct 2 23:21:33 mx smtpd[25067]: bf1c57bab7fcd344 smtp disconnected
> > reason=quit
> > Oct 2 23:21:38 mx smtpd[25067]: bf1c57b6b057c6ef mta error
> > reason=Connection timeout
>
> Connection timeout sounds very much like your machine is not allowed to
> send
> outgoing mail via SMTP. Check for firewalls and the like.
>
> Also,
>
> [Thu Oct 03 09:24:37] peter@skapet:~$ host example.app
> Host example.app not found: 3(NXDOMAIN)
> [Thu Oct 03 09:24:43] peter@skapet:~$ host mx.example.app
> Host mx.example.app not found: 3(NXDOMAIN)
>
> Among the things you need in order to deliver mail, a valid domain is in
> the top few. I think the basic requirements are indeed listed in the
> article
> (under "Requirements"), please go back and re-read, check that you have
> all of those set up properly.
>
>
> I can see why you might think that given that I altered the real domain
> name to example.app. (I know it's frowned upon; I only did it because this
> is a new machine with a setup hobbling along. Bad Kevin... bad...)
>
> In any event, I'm *sure* the domain DNS part is right as I can _receive_
> email just fine, including from the same @gmail address I'm writing this
> from, ergo, DNS resolution of the real domain (and its MX record) are fine.
>
> As for pf being the issue; it's disabled.
>
> # pfctl -s info
> Status: Disabled for 0 days 08:23:56 Debug: err
>
> Latest, greatest kernel running:
>
> $ dmesg | grep Open | tail -1
> OpenBSD 6.6 (GENERIC) #326: Wed Oct 2 22:34:33 MDT 2019
>
> One of the things that's puzzling is this part of the log:
>
> <snip>
> smtp disconnected reason=quit.
> </snip>
>
> If I can send the domain email, if I can retrieve email via Dovecot, if I
> can send mail to myself from the server's CLI (and even retrieve it
> remotely via my mail client), it seems like there's some knob missing that
> says, "All auth'd users to relay," yet, I've copied-and-pasted Gilles'
> rules (and edited them for my own domain) , and it am no workie.
>
> Is there perhaps something else akin to the forwarding knob that lets PF
> forward packets between interfaces that either I've forgotten or was
> skipped in the HOWTO?
>
> Thanks,
> Kevin
>
>
