Re: New config syntax

2018-10-26 Thread Gilles Chehade 
Sorry sent too fast, wanted to add that debugging configuration without logs is difficultLe 27 oct. 2018 06:48, Gilles Chehade  a écrit :This can mean you have a loop of some sort in aliases expansion, or maybe in  .forward b‹«yÇ¢½çm†+)[yÆ®±ì¨¹ªÞ²æìr¸›yÛhš+¢—§²kivŠàN‹§²æìr¸›zǧu©šŠ[hš+úéì¹»®&Þ¢—§²kivŠà

Re: OpenSMTPD 6.4 - "Invalid recipient" with external mail client (thunderbird)

2018-10-26 Thread Gilles Chehade 
Actually it makes sense having both from local and auth rules

Re: New config syntax

2018-10-26 Thread Gilles Chehade 
This can mean you have a loop of some sort in aliases expansion, or maybe in  .forward 

Re: OpenSMTPD 6.4 - "Invalid recipient" with external mail client (thunderbird)

2018-10-26 Thread Matt Schwartz 
Change your  match for any action relay_dkim to match auth from any
for any action relay_dkim.

On Fri, Oct 26, 2018 at 7:10 PM Jesper Wallin wrote:
>
> Hi,
>
> You need to specify “from any” to your relay_dkim match rule. If not 
> specified, it defaults to “from local”, which now is different from “auth”.
>
>
> Regards,
> Jesper Wallin
>
> > On 27 Oct 2018, at 01:06,   wrote:
> >
> > Hello,
> >
> > I recently upgraded my server to OpenBSD 6.4. But I have a problem with the
> > new
> > configuartion of OpenSMTPD:
> >
> > When I send a mail with Thunderbird from an external IP, my server always
> > returns
> > the error message "invalid recipient".
> >
> > When I connect to the server through SSH and send a mail via the local
> > client mutt,
> > everything works.
> >
> > This is my configuration:
> > ---
> > queue compression
> > queue encryption ad8004f927bd2b00a672c30704e3de11
> >
> > pki mx1.example.com.pki cert "/etc/ssl/mx1.example.com.crt"
> > pki mx1.example.com.pki key "/etc/ssl/private/mx1.example.com.key"
> >
> > table aliases file:/etc/mail/aliases
> > table vdomains file:/etc/mail/vdomains
> > table vusers file:/etc/mail/vusers
> >
> > listen on lo0
> > listen on lo0 port 10028 tag DKIM
> > listen on egress tls pki mx1.example.com.pki auth-optional
> > listen on egress smtps pki mx1.example.com.pki auth
> > listen on egress port submission tls-require pki mx1.example.com.pki auth
> >
> > action "local" mbox alias 
> > action "relay" relay
> > action "domain" lmtp "/var/dovecot/lmtp" virtual 
> > action relay_dkim relay host smtp://127.0.0.1:10027
> >
> > match from local for local action "local"
> > match tag DKIM for any action "relay"
> > match from any for domain  action "domain"
> > match for any action relay_dkim
> > ---
> >
> > Is there something wrong in my current configuration?
> >
> > Thanks in advance!
> >
> > Cheers
> > Johannes
> >
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: OpenSMTPD 6.4 - "Invalid recipient" with external mail client (thunderbird)

2018-10-26 Thread Jesper Wallin 
Hi,

You need to specify “from any” to your relay_dkim match rule. If not specified, 
it defaults to “from local”, which now is different from “auth”.


Regards,
Jesper Wallin

> On 27 Oct 2018, at 01:06,   wrote:
> 
> Hello,
> 
> I recently upgraded my server to OpenBSD 6.4. But I have a problem with the
> new
> configuartion of OpenSMTPD:
> 
> When I send a mail with Thunderbird from an external IP, my server always
> returns
> the error message "invalid recipient".
> 
> When I connect to the server through SSH and send a mail via the local
> client mutt,
> everything works.
> 
> This is my configuration:
> ---
> queue compression
> queue encryption ad8004f927bd2b00a672c30704e3de11
> 
> pki mx1.example.com.pki cert "/etc/ssl/mx1.example.com.crt"
> pki mx1.example.com.pki key "/etc/ssl/private/mx1.example.com.key"
> 
> table aliases file:/etc/mail/aliases
> table vdomains file:/etc/mail/vdomains
> table vusers file:/etc/mail/vusers
> 
> listen on lo0
> listen on lo0 port 10028 tag DKIM
> listen on egress tls pki mx1.example.com.pki auth-optional
> listen on egress smtps pki mx1.example.com.pki auth
> listen on egress port submission tls-require pki mx1.example.com.pki auth
> 
> action "local" mbox alias 
> action "relay" relay
> action "domain" lmtp "/var/dovecot/lmtp" virtual 
> action relay_dkim relay host smtp://127.0.0.1:10027
> 
> match from local for local action "local"
> match tag DKIM for any action "relay"
> match from any for domain  action "domain"
> match for any action relay_dkim
> ---
> 
> Is there something wrong in my current configuration?
> 
> Thanks in advance!
> 
> Cheers
> Johannes
> 
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> 


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

OpenSMTPD 6.4 - "Invalid recipient" with external mail client (thunderbird)

2018-10-26 Thread krjdev 
Hello,

I recently upgraded my server to OpenBSD 6.4. But I have a problem with the
new
configuartion of OpenSMTPD:

When I send a mail with Thunderbird from an external IP, my server always
returns
the error message "invalid recipient".

When I connect to the server through SSH and send a mail via the local
client mutt,
everything works.

This is my configuration:
---
queue compression
queue encryption ad8004f927bd2b00a672c30704e3de11

pki mx1.example.com.pki cert "/etc/ssl/mx1.example.com.crt"
pki mx1.example.com.pki key "/etc/ssl/private/mx1.example.com.key"

table aliases file:/etc/mail/aliases
table vdomains file:/etc/mail/vdomains
table vusers file:/etc/mail/vusers

listen on lo0
listen on lo0 port 10028 tag DKIM
listen on egress tls pki mx1.example.com.pki auth-optional
listen on egress smtps pki mx1.example.com.pki auth
listen on egress port submission tls-require pki mx1.example.com.pki auth

action "local" mbox alias 
action "relay" relay
action "domain" lmtp "/var/dovecot/lmtp" virtual 
action relay_dkim relay host smtp://127.0.0.1:10027

match from local for local action "local"
match tag DKIM for any action "relay"
match from any for domain  action "domain"
match for any action relay_dkim
---

Is there something wrong in my current configuration?

Thanks in advance!

Cheers
Johannes


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: New config syntax

2018-10-26 Thread Thomas Bohl 
Hello,

> In my aliases table I have entries like:
> 
> admin:fred, f...@crowsons.net

Is crowsons.net the hostname of the server?

> 
> but with my new smtpd.conf [1] I'm getting the following error:
> 
> 524 5.2.4 Mailing list expansion problem

What is the full line in /var/log/maillog?

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Announce: OpenSMTPD 6.4.0 released

2018-10-26 Thread Gilles Chehade 
Hello,

This is our latest major release which holds some notable changes:

1- this is the first release that depends on LibreSSL

We spent the years trying to accomodate both LibreSSL and OpenSSL but it
does not work for us and it prevents us from moving towards libtls which
would help us simplify the code and avoid traps caused by the complexity
of the libssl API.

There used to be issues with having both LibreSSL and OpenSSL installed,
which is why we wanted to support both, but now they are no longer valid
and I did build and run a LibreSSL OpenSMTPD on FreeBSD, Ubuntu, Debian,
CentOS, ArchLinux and Fedora.

At this point, we believe there's no reason not to have OpenSMTPD depend
on LibreSSL and if some distros absolutely want to keep having it depend
on OpenSSL, fair enough but they get the extra work with patches.


2- this release has a complete refactor of the configuration

Most configuration files are trivial to convert and new features are now
available thanks to the new config, make sure to prepare your upgrade so
you don't get surprised when you install, restart and get syntax errors.

The mailing list is a perfect place to discuss configuration files and a
lot of users can help and benefit from discussions.


3- sadly this release was not well tested on other systems

We need key users who want to help us ensure that OpenSMTPD is always in
a good shape outside of the OpenBSD world, right now we don't have these
and the testing on !OpenBSD systems is quite random.


Final words for this mail,

The six months cycle starting now will be focused on two areas:

1- portability cleanup: the portable compat layer is confusing and needs
   to be completely reworked which will require months of efforts. A lot
   has been done already and some branches exist to continue but we will
   need some active people to detect regressions at runtime, while we're
   already equiped to detect regressions at build time.

2- filters: code is already available for the most part, i've started to
   split it into smaller diffs that I'll commit separately over the next
   few weeks so they can be tested in development.

I'll explain the plan for filters in an upcoming mail but now is time to
drink and celebrate the end of the week :-)


Gilles


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Announce: OpenSMTPD 6.4.0 released

2018-10-26 Thread Gilles Chehade 
OpenSMTPD 6.4.0 has just been released.

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD and Linux.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing
the snapshots, reporting bugs, contributing code and packaging for other
systems.

This is a major release with many breaking changes.

Changes in this release (since 6.0.3):
==

- the configuration file syntax has been completely reworked, breaking
  compatibility with previous configuration files.
- mda wrappers allow defining a command to pre-process mail before the
  mda write them to mailboxes.
- OpenSMTPD now depends on LibreSSL as an SSL library and efforts will
  no longer be done to accomodate both OpenSSL and LibreSSL.
- an SMTP client is now shipped with OpenSMTPD.
- documentation has been reworked for the most part.
- a lot of minor bug fixes and cleanups have been introduced.


Checksums:
==

  SHA256 (opensmtpd-6.4.0.tar.gz) =
  a14c7486557c0f6202efb800f509b418e56e9976a931473ebfaae2f0c5a24fbd

  SHA256 (opensmtpd-6.4.0p1.tar.gz) =
  0857c14b5b4150daa4312cb0a85f41209792c83080beafc84ed0ddaaa985bde3


Verify:
===

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.

   $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as
described below:

1- download both release tarball and matching signature file to same directory:

   for OpenBSD version:
   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.0.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.0.tar.gz

   for portable version:
   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.0p1.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.0p1.tar.gz


2- use `signify` to verify that signature file is properly signed and that the
   checksum matches the release tarball you downloaded:

   for OpenBSD version:
   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.0.sum.sig
   Signature Verified
   opensmtpd-6.4.0.tar.gz: OK

   for portable version:
   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.0p1.sum.sig
   Signature Verified
   opensmtpd-6.4.0p1.tar.gz: OK


If you don't get an OK message, then something is not right and you should not
install without first understanding why it failed.


Support:


You are encouraged to register to our general purpose mailing-list:
http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at:
#OpenSMTPD @ irc.freenode.net


Reporting Bugs:
===

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to secur...@opensmtpd.org
Other bugs may be reported to b...@opensmtpd.org

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: New config syntax

2018-10-26 Thread Edgar Pettijohn 

On Oct 26, 2018 4:46 AM, Fred Crowson  wrote:
>
> Hi,
>
> In my aliases table I have entries like:
>
> admin:    fred, f...@crowsons.net
>
> but with my new smtpd.conf [1] I'm getting the following error:
>
> 524 5.2.4 Mailing list expansion problem
>
> this worked with my old config [2].
>
> What am I doing wrong?
>
> Thanks
>
> Fred

I don't know, but my relay credentials table isnt working anymore either and I 
can't seem to find the solution either.
>
> [1] New Config:
> # pki setup
> pki mx.crowsons.com cert "/etc/ssl/mx.crowsons.com.crt"
> pki mx.crowsons.com key "/etc/ssl/private/mx.crowsons.com.key"
>
> table sources { 46.235.226.153 }
> table helonames { 46.235.226.153 = mx.crowsons.com }
> table aliases file:/etc/mail/aliases
> table passwd passwd:/etc/mail/passwd
> table secrets file:/etc/mail/cc.sec
> table domains file:/etc/mail/domains
>
> #listen on vio0
> listen on egress port 25 tls pki mx.crowsons.com
> listen on egress port 587 tls-require pki mx.crowsons.com auth 
>
> #actions
> action "local" mbox alias 
> action "relay" relay
> action "c.net" relay host tls+auth://usern...@smtp.mail.com auth 
>
> # allow local messages
> match for local action "local"
> match from any for domain  action "local"
> match for domain crowsons.net action "c.net"
>
> [2] Old Config:
> # pki setup
> pki mx.crowsons.com certificate "/etc/ssl/mx.crowsons.com.crt"
> pki mx.crowsons.com key "/etc/ssl/private/mx.crowsons.com.key"
>
> table aliases file:/etc/mail/aliases
> table passwd passwd:/etc/mail/passwd
>
> #listen on vio0
> listen on egress port 25 tls pki mx.crowsons.com
> listen on egress port 587 tls-require pki mx.crowsons.com auth 
>
> accept from any for domain "crowsons.com" alias  deliver to mbox
> accept for local alias  deliver to mbox
> # allow local messages
> accept from local for any relay
>
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

New config syntax

2018-10-26 Thread Fred Crowson 
Hi,

In my aliases table I have entries like:

admin:fred, f...@crowsons.net

but with my new smtpd.conf [1] I'm getting the following error:

524 5.2.4 Mailing list expansion problem

this worked with my old config [2].

What am I doing wrong?

Thanks

Fred

[1] New Config:
# pki setup
pki mx.crowsons.com cert "/etc/ssl/mx.crowsons.com.crt"
pki mx.crowsons.com key "/etc/ssl/private/mx.crowsons.com.key"

table sources { 46.235.226.153 }
table helonames { 46.235.226.153 = mx.crowsons.com }
table aliases file:/etc/mail/aliases
table passwd passwd:/etc/mail/passwd
table secrets file:/etc/mail/cc.sec
table domains file:/etc/mail/domains

#listen on vio0
listen on egress port 25 tls pki mx.crowsons.com
listen on egress port 587 tls-require pki mx.crowsons.com auth 

#actions
action "local" mbox alias 
action "relay" relay
action "c.net" relay host tls+auth://usern...@smtp.mail.com auth 

# allow local messages
match for local action "local"
match from any for domain  action "local"
match for domain crowsons.net action "c.net"

[2] Old Config:
# pki setup
pki mx.crowsons.com certificate "/etc/ssl/mx.crowsons.com.crt"
pki mx.crowsons.com key "/etc/ssl/private/mx.crowsons.com.key"

table aliases file:/etc/mail/aliases
table passwd passwd:/etc/mail/passwd

#listen on vio0
listen on egress port 25 tls pki mx.crowsons.com
listen on egress port 587 tls-require pki mx.crowsons.com auth 

accept from any for domain "crowsons.com" alias  deliver to mbox
accept for local alias  deliver to mbox
# allow local messages
accept from local for any relay

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org