Re: Old clients fail to establish SSL Connection to 6.9
On Fri, May 07, 2021 at 01:42:52AM +0200, Markus Julen wrote: > Hi all! > > Having just moved a small "outgoing only" mailserver to 6.9, I started to > receive error messages: > > > 80008bb60b9428ed smtp connected address=X.X.X.X host=z.z.z > > 80008bb60b9428ed smtp disconnected reason="io-error: handshake failed: > > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number" > > No filters, nothing, just plain smtpd. 6.8 worked flawlessly. > > Has anyone managed to tweak the "cipher" option to the "listen" directive? > Any other options to try? > > Telling everyone to upgrade their mail client is probably no option as of > now... Hello. Have a look at the tls_config_set_protocols(3) manpage for the protocols and ciphers options. You can try with something like: listen on ... tls protocols "legacy" ciphers "compat" Eric.
Old clients fail to establish SSL Connection to 6.9
Hi all! Having just moved a small "outgoing only" mailserver to 6.9, I started to receive error messages: > 80008bb60b9428ed smtp connected address=X.X.X.X host=z.z.z > 80008bb60b9428ed smtp disconnected reason="io-error: handshake failed: > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number" No filters, nothing, just plain smtpd. 6.8 worked flawlessly. Has anyone managed to tweak the "cipher" option to the "listen" directive? Any other options to try? Telling everyone to upgrade their mail client is probably no option as of now... regards, --markus smime.p7s Description: S/MIME cryptographic signature
local mail behaviour not comprehensible
Hello misc, after the configuration of smtpd for external mail, I can't understand the behaviour of my local mail anymore. When I send a mail from root to root like this: # mail root Subject: test 123 . EOF The message is not shown in roots mailbox. Instead it's in my other admin account (say, liqor). Strange is that the from field also equals liqor. Message 1: >From li...@mail.example.com Thu May 6 13:53:12 2021 Delivered-To: r...@mail.example.com From: System admin To: r...@example.com Subject: test 123 & After I messed with the aliases file, I decided it's best to revert it back to standard. Theres also a dovecot and rspamd involved, but both don't touch local. This is /etc/mail.rc: set append dot save asksub ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via This is /etc/mail/smtpd.conf: table aliases file:/etc/mail/aliases table secrets passwd:/etc/mail/secrets table virtuals file:/etc/mail/virtuals pki "mail.example.com" cert "..." pki "mail.example.com" key "..." filter "rspamd" proc-exec ".../filter-rspamd" listen on socket listen on lo0 listen on vio0 tls-require pki "..." port 587 auth filter "rspamd" listen on vio0 tls-require pki "..." filter "rspamd" action "relay" relay action "local_mail" mbox alias action "domain_mail" maildir "/var/vmail/..." virtual match from local for local action "local_mail" match from any for domain "example.com" action "domain_mail" match from local for any action "relay" match auth from any for any action "relay" Here is an expand trace: $ doas smtpctl trace expand $ doas smtpd -d 273790b183546d3b smtp connected address=local host=mail.example.com expand: 0xf51d799f018: expand_insert() called for address:r...@mail.example.org[parent=0x0, rule=0x0] expand: 0xf51d799f018: inserted node 0xf51f6223000 expand: lka_expand: address: r...@mail.example.org [depth=0] expand: 0xf51d799f018: expand_insert() called for username:root[parent=0xf51f6223000, rule=0xf51f621b680, dispatcher=0xf51f6205710] expand: 0xf51d799f018: inserted node 0xf51f6227000 expand: lka_expand: username: root [depth=1, sameuser=0] expand: 0xf51d799f018: expand_insert() called for username:liqor[parent=0xf51f6227000, rule=0xf51f621b680, dispatcher=0xf51f6205710] expand: 0xf51d799f018: inserted node 0xf51f6226000 expand: lka_expand: username: liqor [depth=2, sameuser=0] expand: no .forward for user liqor, just deliver expand: 0xf51d799f018: clearing expand tree 273790b183546d3b smtp message msgid=6744f12f size=381 nrcpt=1 proto=ESMTP debug: scheduler: evp:6744f12fd8c9c19a scheduled (mda) 273790b183546d3b smtp envelope evpid=6744f12fd8c9c19a from= to= 273790b183546d3b smtp disconnected reason=quit 273790b336f1db80 mda delivery evpid=6744f12fd8c9c19a from= to= rcpt= user=liqor delay=0s result=Ok stat=Delivered I'd gladly take any pointers.
Re: smtpd failure
Thank you for your reply. I guess the senderscore filter was not upgraded due to my defective pkg_add -u command after the sysupgrade instead of using pkg_add -Uu... Thank you again! Hakan On 21/05/06 07:50AM, Martijn van Duren wrote: > The culrpit can be found... > > On Wed, 2021-05-05 at 23:19 -0500, Hakan E. Duran wrote: > > Dear all, > > > > After upgrading to OpenBSD 6.9 my smtpd server fails to run normally and > > exits with failure. I pasted the output of `#smtpd -dv` below. As you > > can see I redacted the server name, IP addresses, etc. from the output. > > Any pointers will be greatly appreciated. > > > > Thanks, > > > > Hakan > > > > > > > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > info: OpenSMTPD 6.9.0 starting > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > setup_peer: queue -> control[12578] fd=4 > > setup_peer: queue -> dispatcher[95018] fd=5 > > setup_peer: queue -> lookup[358] fd=6 > > setup_peer: queue -> scheduler[63225] fd=7 > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > setup_peer: crypto -> control[12578] fd=4 > > setup_peer: crypto -> dispatcher[95018] fd=5 > > setup_done: ca[61403] done > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > setup_peer: lookup -> control[12578] fd=4 > > setup_peer: lookup -> dispatcher[95018] fd=5 > > setup_peer: lookup -> queue[89046] fd=6 > > debug: init ssl-tree > > info: loading pki information for mail.myserver.com > > debug: init ca-tree > > debug: init ssl-tree > > info: loading pki keys for mail.myserver.com > > debug: using "fs" queue backend > > debug: using "ramqueue" scheduler backend > > debug: using "ram" stat backend > > setup_peer: dispatcher -> control[12578] fd=4 > > setup_peer: dispatcher -> crypto[61403] fd=5 > > setup_peer: dispatcher -> lookup[358] fd=6 > > setup_proc: crypto done > > setup_peer: dispatcher -> queue[89046] fd=7 > > debug: using "fs" queue backend > > debug: init ssl-tree > > debug: using "ramqueue" scheduler backend > > info: loading pki information for mail.myserver.com > > debug: using "ram" stat backend > > debug: init ca-tree > > setup_peer: control -> crypto[61403] fd=4 > > debug: init ssl-tree > > setup_peer: control -> lookup[358] fd=5 > > info: loading pki keys for mail.myserver.com > > setup_peer: control -> dispatcher[95018] fd=6 > > debug: using "fs" queue backend > > setup_peer: control -> queue[89046] fd=7 > > debug: using "ramqueue" scheduler backend > > setup_peer: control -> scheduler[63225] fd=8 > > debug: using "ram" stat backend > > setup_done: control[12578] done > > setup_proc: lookup done > > setup_done: lka[358] done > > setup_proc: dispatcher done > > debug: rsa_engine_init: using RSA privsep engine > > debug: ecdsa_engine_init: using ECDSA privsep engine > > mta_postfork: local_mail > > mta_postfork: outbound > > setup_done: dispatcher[95018] done > > setup_proc: queue done > > debug: dispatcher: rsae_init > > setup_done: queue[89046] done > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > setup_peer: scheduler -> control[12578] fd=4 > > setup_peer: scheduler -> queue[89046] fd=5 > > setup_done: scheduler[63225] done > > smtpd: setup done > > setup_proc: control done > > setup_proc: scheduler done > > debug: bounce warning after 4h > > debug: parent_send_config_ruleset: reloading > > debug: parent_send_config: configuring dispatcher process > > debug: parent_send_config: configuring ca process > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: init private ssl-tree > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatcher: rsae_init > > debug: dispatc
Re: [*EXT*] smtpd failure
Thank you for your reply. On 21/05/06 09:39AM, Ionel GARDAIS wrote: > ... > $ pkg_add -Uu What I did was pkg_add -u. Running this command solved the issue. Thanks a lot! Hakan signature.asc Description: PGP signature
Re: [*EXT*] smtpd failure
Hi, Did you update the packages after the sysupgrade ? $ pkg_add -Uu Regards, -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301