I played around a little bit more and was able to get this error message with the command `doas smtpd -d -T rules -v`, which may be a little more informative:
798b98fc3686a31c smtp connected address=111.11.1.111 host=111-11-1-111.client.something.com debug: looking up pki "mail.name.com" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_enc 798b98fc3686a31c smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 smtp: 0x184169a23000: smtp_cert_verify_cb: no-client-cert no rule matched 798b98fc3686a31c smtp failed-command command="RCPT TO:<[email protected]>" result="550 Invalid recipient: <[email protected]>" 798b98fc3686a31c smtp disconnected reason=disconnect Please notice the more informative line stating: *smtp_cert_verify_cb: no-client-cert* The certificate of concern here cannot be the server's certificate, because they are in the right place where smtpd.conf points to. It cannot possibly be gmail's certificate either, but that is the client, isn't it? It feels like I am hitting a bug here. Hakan On Sat, 19 Sep 2020 12:35:41 -0500 "Hakan E. Duran" <[email protected]> wrote: > Thank you so much Bryan for your reply. I tried doing it and received a > response indicating no rule matched. What am I missing? Here is the complete > output of `doas smtpd -d -T rules`: > > > > > 99d03ce4cb968916 smtp connected address=111.11.1.111 > host=111-11-1-111.client.something.com > 99d03ce4cb968916 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > no rule matched > 99d03ce4cb968916 smtp failed-command command="RCPT TO:<[email protected]>" > result="550 Invalid recipient: <[email protected]>" > 99d03ce4cb968916 smtp disconnected reason=disconnect > > Thanks again for brainstorming with me. > > Hakan > > > On Sat, 19 Sep 2020 12:13:06 +0000 > [email protected] wrote: > > > Hello, > > > > Maybe I'm crazy but do you want to trace the rules instead of the lookup? > > > > V/r, > > Bryan > > September 18, 2020 11:30 PM, "Eyüp Hakan Duran" <[email protected] > > (mailto:[email protected]?to=%22Ey%C3%BCp%20Hakan%20Duran%22%20<[email protected]>)> > > wrote: > > Dear all, > > > > I am aware that this is most probably a silly oversight on my part but I > > would really appreciate gentle guidance to the right direction to overcome > > this impasse. I truly appreciate your time. > > > > I rented a VPS, installed OpenBSD 6.7 and set up a mail server as described > > here > > (https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/). > > I double and triple checked all the settings, including MX records, > > reverse DNS, etc. and confirmed everything is resolving. Here is my > > redacted smtpd.conf: > > > > -------- > > pki mail.name.com (http://mail.name.com) cert > > "/etc/ssl/mail.name.com.fullchain.pem" > > pki mail.name.com (http://mail.name.com) key > > "/etc/ssl/private/mail.name.com.key" > > > > filter check_dyndns phase connect match rdns regex { '.*.dyn..*', > > '.*.dsl..*' } junk > > > > filter check_rdns phase connect match !rdns junk > > > > filter check_fcrdns phase connect match !fcrdns junk > > > > filter senderscore > > proc-exec "filter-senderscore -junkBelow 70 -slowFactor 5000" > > > > filter rspamd proc-exec "filter-rspamd" > > table aliases file:/etc/mail/aliases > > > > listen on all tls pki mail.kumru.club > > filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } > > > > listen on all port submission tls-require pki mail.name.com > > (http://mail.name.com) auth filter rspamd > > > > action "local_mail" maildir junk alias <aliases> > > action "outbound" relay helo mail.name.com (http://mail.name.com) > > > > match from any for domain "name.com (http://name.com)" action "local_mail" > > match for local action "local_mail" > > > > match from any auth for any action "outbound" > > match for any action "outbound" > > > > ----------------------- > > > > There is no problem in sending email from within the VPS. Unfortunately > > every time I try to send an email from my local computer and try to use the > > smtpd server in VPS as a relay, I get a "550 Invalid recipient: > > <[email protected] (mailto:[email protected])>"error. > > > > Here is the output of `doas smtpd -d -T lookup` (redacted): > > > > ------------------------ > > info: OpenSMTPD 6.7.0 starting > > 24875097a9b2d457 smtp connected address=111.11.1.111 > > host=111-11-1-111.client.something.com > > (http://111-11-1-111.client.something.com) > > lookup: match "111-11-1-111.client.something.com > > (http://111-11-1-111.client.something.com)" as REGEX in table > > static:<dynamic:0> -> false > > 24875097a9b2d457 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > > lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true > > lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table > > static:<dynamic:1> -> false > > lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> false > > lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true > > lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table > > static:<anydestination> -> true > > lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> false > > 24875097a9b2d457 smtp failed-command command="RCPT TO:<[email protected] > > (mailto:[email protected])>" result="550 Invalid recipient: > > <[email protected] (mailto:[email protected])>" > > 24875097a9b2d457 smtp disconnected reason=disconnect > > ------------------------ > > > > It appears to my untrained and careless eyes that the sender/recipient > > combination fits to the "outbound" ruleset and therefore should be relayed > > to gmail's smtp; however, it is clearly not the case. I will truly > > appreciate any pointers to solve this issue. > > > > Regards, > > > > Hakan Duran > > > -- > Hakan E. Duran <[email protected]> -- Hakan E. Duran <[email protected]>
