Hi, Just to check something, how are you identifying to the server? Your current setup implies it is using a system user and password, is that the case?
Other than that, you’re configuration looks very similar to mine. The other difference I can see is that I know use the more compact `from auth` instead of `from any auth`, and I seem to remember my former syntax to be `auth from any` and not `from any auth`, so maybe you could try one of my two versions? Regards, Archange Le 20/09/2020 à 02:39, Hakan E. Duran a écrit : > I played around a little bit more and was able to get this error message with > the command `doas smtpd -d -T rules -v`, which may be a little more > informative: > > > > > 798b98fc3686a31c smtp connected address=111.11.1.111 > host=111-11-1-111.client.something.com > debug: looking up pki "mail.name.com" > debug: session_start_ssl: switching to SSL > debug: pony: rsae_priv_enc > 798b98fc3686a31c smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > smtp: 0x184169a23000: smtp_cert_verify_cb: no-client-cert > no rule matched > 798b98fc3686a31c smtp failed-command command="RCPT TO:<[email protected]>" > result="550 Invalid recipient: <[email protected]>" > 798b98fc3686a31c smtp disconnected reason=disconnect > > Please notice the more informative line stating: *smtp_cert_verify_cb: > no-client-cert* > > The certificate of concern here cannot be the server's certificate, because > they are in the right place where smtpd.conf points to. It cannot possibly be > gmail's certificate either, but that is the client, isn't it? It feels like I > am hitting a bug here. > > Hakan > > > > On Sat, 19 Sep 2020 12:35:41 -0500 > "Hakan E. Duran" <[email protected]> wrote: > >> Thank you so much Bryan for your reply. I tried doing it and received a >> response indicating no rule matched. What am I missing? Here is the complete >> output of `doas smtpd -d -T rules`: >> >> >> >> >> 99d03ce4cb968916 smtp connected address=111.11.1.111 >> host=111-11-1-111.client.something.com >> 99d03ce4cb968916 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 >> no rule matched >> 99d03ce4cb968916 smtp failed-command command="RCPT TO:<[email protected]>" >> result="550 Invalid recipient: <[email protected]>" >> 99d03ce4cb968916 smtp disconnected reason=disconnect >> >> Thanks again for brainstorming with me. >> >> Hakan >> >> >> On Sat, 19 Sep 2020 12:13:06 +0000 >> [email protected] wrote: >> >>> Hello, >>> >>> Maybe I'm crazy but do you want to trace the rules instead of the lookup? >>> >>> V/r, >>> Bryan >>> September 18, 2020 11:30 PM, "Eyüp Hakan Duran" <[email protected] >>> (mailto:[email protected]?to=%22Ey%C3%BCp%20Hakan%20Duran%22%20<[email protected]>)> >>> wrote: >>> Dear all, >>> >>> I am aware that this is most probably a silly oversight on my part but I >>> would really appreciate gentle guidance to the right direction to overcome >>> this impasse. I truly appreciate your time. >>> >>> I rented a VPS, installed OpenBSD 6.7 and set up a mail server as described >>> here >>> (https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/). >>> I double and triple checked all the settings, including MX records, >>> reverse DNS, etc. and confirmed everything is resolving. Here is my >>> redacted smtpd.conf: >>> >>> -------- >>> pki mail.name.com (http://mail.name.com) cert >>> "/etc/ssl/mail.name.com.fullchain.pem" >>> pki mail.name.com (http://mail.name.com) key >>> "/etc/ssl/private/mail.name.com.key" >>> >>> filter check_dyndns phase connect match rdns regex { '.*.dyn..*', >>> '.*.dsl..*' } junk >>> >>> filter check_rdns phase connect match !rdns junk >>> >>> filter check_fcrdns phase connect match !fcrdns junk >>> >>> filter senderscore >>> proc-exec "filter-senderscore -junkBelow 70 -slowFactor 5000" >>> >>> filter rspamd proc-exec "filter-rspamd" >>> table aliases file:/etc/mail/aliases >>> >>> listen on all tls pki mail.kumru.club >>> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } >>> >>> listen on all port submission tls-require pki mail.name.com >>> (http://mail.name.com) auth filter rspamd >>> >>> action "local_mail" maildir junk alias <aliases> >>> action "outbound" relay helo mail.name.com (http://mail.name.com) >>> >>> match from any for domain "name.com (http://name.com)" action "local_mail" >>> match for local action "local_mail" >>> >>> match from any auth for any action "outbound" >>> match for any action "outbound" >>> >>> ----------------------- >>> >>> There is no problem in sending email from within the VPS. Unfortunately >>> every time I try to send an email from my local computer and try to use the >>> smtpd server in VPS as a relay, I get a "550 Invalid recipient: >>> <[email protected] (mailto:[email protected])>"error. >>> >>> Here is the output of `doas smtpd -d -T lookup` (redacted): >>> >>> ------------------------ >>> info: OpenSMTPD 6.7.0 starting >>> 24875097a9b2d457 smtp connected address=111.11.1.111 >>> host=111-11-1-111.client.something.com >>> (http://111-11-1-111.client.something.com) >>> lookup: match "111-11-1-111.client.something.com >>> (http://111-11-1-111.client.something.com)" as REGEX in table >>> static:<dynamic:0> -> false >>> 24875097a9b2d457 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 >>> lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true >>> lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table >>> static:<dynamic:1> -> false >>> lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> false >>> lookup: match "111.11.1.111" as NETADDR in table static:<anyhost> -> true >>> lookup: match "gmail.com (http://gmail.com)" as DOMAIN in table >>> static:<anydestination> -> true >>> lookup: match "111.11.1.111" as NETADDR in table static:<localhost> -> false >>> 24875097a9b2d457 smtp failed-command command="RCPT TO:<[email protected] >>> (mailto:[email protected])>" result="550 Invalid recipient: >>> <[email protected] (mailto:[email protected])>" >>> 24875097a9b2d457 smtp disconnected reason=disconnect >>> ------------------------ >>> >>> It appears to my untrained and careless eyes that the sender/recipient >>> combination fits to the "outbound" ruleset and therefore should be relayed >>> to gmail's smtp; however, it is clearly not the case. I will truly >>> appreciate any pointers to solve this issue. >>> >>> Regards, >>> >>> Hakan Duran >> >> -- >> Hakan E. Duran <[email protected]> >
