Re: Virtual user and domain setup
Hi Leo, Would you mind sharing your full configuration file? Without this, I am stuck on how to help you. I have done a lot with virtual users and domains so I think I can help. You could also see Gilles Chehade's article, https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/. It's very well written. Best, Matt On Sun, Apr 5, 2020 at 8:25 AM Leo Unglaub wrote: > Hey, > first of all i want to thank you all for your work on OpenSMTPD over all > those years. It has powered my one domain very well over all those > years. But now i have a problem with setting up virtual domains and users. > > My goal is the following. I have the following domains: > > > foo.com > > bar.com > > With those domains i have the following email addresses: > > > us...@foo.com > > us...@foo.com > > us...@bar.com > > us...@bar.com > > But all those users dont exist on my machine as real users. I just want > to recieve emails for those accounts and process them via lmtp to > dovecot. So my action basically looks like that: > > > action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" > > But when i trace the lookup from the smtpd i get the following: > > > b4e62ea90ed6c91d smtp connected address=local host=foo.com > > lookup: match "local" as NETADDR in table static: -> true > > lookup: match "foo.com" as DOMAIN in table static: -> > true > > rule #1 matched: match from any for any action local_lmtp_deliver > > lookup: lookup "user1" as USERINFO in table getpwnam: -> none > > b4e62ea90ed6c91d smtp failed-command command="RCPT TO: " > result="550 Invalid recipient: " > > b4e62ea90ed6c91d smtp disconnected reason=disconnect > > debug: control -> client: pipe closed > > debug: clearing p=client, fd=11, pid=0 > > For some reason the user1 part is still getting resolved as a real user > on the system. I read on the man page and found the "user username" > option for the action. I did the following: > > > action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" rcpt-to user > "dovecot-worker" > dovecot-worker is the account used by dovecot to handle all the email > storage in /var/vmail. But i get the same error. > > So i guess i am doing it all wrong. Could someone please be so kind and > give me a hint in the right direction how the virtual user stuff is > working in OpenSMTPD. Because i think i am lost here. I am doing > something completely wrong. > > I am on the latest OpenBSD release (including all syspatch). > > Thanks so much! > Greetings > Leo > >
gmail and opportunistic encryption failing
Hello list, Today I just noticed something in my maillog that I figured I should report. The log output is sanitized. Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp connected address= host=mail.example.com Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp authentication user=u...@example.com result=ok Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp message msgid=69f7f6f7 size=1935 nrcpt=1 proto=ESMTP Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp envelope evpid=69f7f6f7bd1f34a9 from= to= Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp disconnected reason=quit Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting address=smtp://173.194.206.27:25 host=qj-in-f27.1e100.net Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected Jan 31 13:31:23 meow smtpd[12615]: smtp-out: Error on session fe92e7693154957a: opportunistic TLS failed, downgrading to plain Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting address=smtp+notls://173.194.206.27:25 host=qj-in-f27.1e100.net Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected Jan 31 13:31:24 meow smtpd[12615]: fe92e7693154957a mta delivery evpid=69f7f6f7bd1f34a9 from= to= rcpt=<-> source="" relay="173.194.206.27 (qj-in-f27.1e100.net)" delay=1s result="Ok" stat="250 2.0.0 OK 1580495484 x5si6993135qki.322 - gsmtp" Jan 31 13:31:34 meow smtpd[12615]: fe92e7693154957a mta disconnected reason=quit messages=1 I am inclined to believe that this is gmail's screw-up because test emails sent to Outlook, GMX, Yahoo, and AOL deliver over TLS 1.2 perfectly. I am wondering if this is happening to others. If it isn't, I will try changing my server's IP address. I am running OpenSMTPD 6.6.2 on OpenBSD-current. Thanks, Matt
Disable greylisting on rspamd
Just a quick FYI on disabling rspamd's greylisting module. This is something you will want to go if you run OpenBSD's spamd because it is still the king of first line of defense against spam. # /etc/rspamd/local.d/greylist.conf enabled = false; Then restart rspamd.
Repeated 421 try again later erros
Hello List,
I am getting a lot of repeated 421 try again later errors from various
lists that I am a member of. There is one in particular that is coming from
outbound.foodtecsolutions.com. Here is an excerpt from my /var/log/maillog.
I am running OpenBSD 6.6-current #344.
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp connected
address=52.201.148.113 host=outbound.foodtecsolutions.com
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp failed-command
command="DATA" result="421 try again later"
Oct 9 16:07:53 meow smtpd[19379]: a52386b4311e607e smtp disconnected
reason=quit
Below is my smtpd.conf file:
pki "mail" cert "/etc/ssl/mail.crt"
pki "mail" key "/etc/ssl/private/mail.key"
table aliases file:/etc/mail/aliases
table credentials passwd:/etc/mail/credentials
table extras file:/etc/mail/extras
table relays file:/etc/mail/relays
table rejects file:/etc/mail/rejects
table virtuals file:/etc/mail/virtuals
filter check_rejects phase connect match rdns regex \
disconnect "554 Forbidden"
filter check_rdns phase connect match !rdns \
disconnect "554 No Reverse DNS Configured"
filter rspamd proc-exec "filter-rspamd"
listen on lo filter rspamd
listen on egress tls pki "mail" hostname "mail.goblackcat.com" \
filter {check_rejects, check_rdns, rspamd}
listen on egress port submission tls-require pki "mail" hostname "
mail.goblackcat.com" \
auth filter {check_rejects, check_rdns, rspamd}
action "local_mail" mbox alias
action "virtual_mail" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk
\
virtual
action "outbound" relay
match for local action "local_mail"
match !from src mail-from "@goblackcat.com" reject
match from any for domain "goblackcat.com" action "virtual_mail"
match auth from any for any action "outbound"
match for any action "outbound"
I am out of ideas with which to troubleshoot. I am already running smtpd
with -v switch for more verbosity.
Thanks,
Matt
Re: different lmtp destinations from table for mail delivery depending on email address
Delivery to other locations would be best handled inside of dovecot. Dovecot allows override of delivery to different destinations in the user database. On Wed, Dec 26, 2018, 4:26 PM mabi Hello, > > I would like to setup one OpenSMTPD server as MX server for incoming mails > and have OpenSMTPD deliver the mail to different Dovecot mailbox servers > using LTMP depending on the e-mail address of the recipient. > > Would this kind of setup be possible to do using the table-postgresql > extra addon? I would then have a table in my database where the recipient > email address is mapped to a respective mailbox server name (email1 -> > server1, email2 -> server2, etc.). > > Right now I use the following action: > > action "dovecot" lmtp "server1:24" rcpt-to virtual > > which basically only allows me to deliver to one single mailbox server. > > If I guess I could still use Dovecot's LMTP proxying feature for that > purpose but I think it would be much smarter to do that in OpenSMTPD > directly. > > Anyone know if this is possible or have an alternative idea how to do that? > > Best regards, > Mabi > > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Vultr has all blacklisted IP's for email
I'll say this, man. I really don't like Vultr. I just have a 150.00 credit to burn with them. Once that's done, I'll be making other arrangements. My guess is you really did nothing wrong and Vultr's sys admins are just lame. On Wed, Dec 19, 2018 at 8:34 PM Chris Bennett wrote: > > On Thu, Dec 20, 2018 at 01:55:32AM +0200, Flipchan wrote: > > Poke vultr about it , if its not good, just switch provider ( openbsd > > amsterdam?)) > > > > They say it's my fault and that they have spent a tremendous amount of > time trying to get me off of the blacklist. (exaggeration included on > purpose). > > As you can see below, I guess it is all my fault. > I'm just going to put the DNS records back to where they were before. > What's the website for OpenBSD Amsterdam? > > Looks like I may just have to move my server from the USA to the not > USA. Why is such a simple thing as a server so hard to get??? > > Fun Fun Fun entered below: > --- > Information about 108.61.242.230 > > Below is the information we have on record about 108.61.242.230 > Standards Compliance > > Does IP Address resolve to a reverse hostname... Passed! > > Does IP Address comply with reverse hostname naming convention... Passed! > List Status > > RATS-Dyna - On the list. Worst Offender Alert. > > RATS-NoPtr - Not on the list. > > RATS-Spam - Not on the list. > > RATS-Auth - Not on the list. > Alert: Your IP is part of a network listed as a Worst Offender > > This is a Worst Offender Alert and this means that not only this IP address, > but the whole class 'C' is also on the indicated SpamRats List. > Usually this means the whole range has the same issue of naming conventions or > no reverse DNS AND that many IP's from this Class C have been used in Spam > Attacks, > Dictionary attacks or other forms of attacks, as detected by Mail Servers in > the > Data Collection Grid. You will NOT be able to use the removal form to remove > your > IP Addresses. If you have recently been assigned the IP Addresses, or have > changed > what these IP Addresses are used for, you can use the contact form and ask > for a > reclassification, but you will have to provide full disclosure, including > whois for > the ip addresses, your affiliation with the company that owns them, and a > description > of what the IP's were previously used for, and what they will be used for, in > order > for a Spam Auditor to consider reclassification. Remember, the majority of > the IP's > in this space WERE detected as being involved in some form of attack or > abusive > behaviour, so you had better have a good reason to ask for removal, and you > need to > own or control the IP addresses, as evidenced by ARIN whois. > > - > 2nd IP is blacklisted on 7 lists. > > I'm sure they can quickly fix this too! > > Chris > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Vultr has all blacklisted IP's for email
I don't have any issue either. One thing you could do is use a mail relay service like Mailjet. I do this because they offer dkim and spf for free. On Wed, Dec 19, 2018, 4:16 PM Joel Carnat I’ve just checked mine and it’s 100% non-blacklisted, according to > mxtoolbox. > And, so far, I don’t have any issues sending/receiving mail. > > > Le 19 déc. 2018 à 22:09, Chris Bennett a > écrit : > > > > I was very happy with what I got for a baremetal server at Vultr. > > Unfortunately, even after getting a second IP that was not from the same > > range as the first one, all of these IP ranges, not single IP's, are > > blacklisted in the worst category. > > If you want a web/etc server, great. > > If you want anything to do with email, forget them. > > Shame. I need another baremetal that doesn't have Java KVM. > > Any recommendations? > > > > Thanks. Looks like anything related to Cloud may be a problem??? > > > > Chris Bennett > > > > > > > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > >
Re: Issues with Thunderbird and STARTTLS (Pipelining not supported)
Glad you're up and running again. Thunderbird is kind of funny like that. On Mon, Dec 17, 2018, 8:26 AM mabi ‐‐‐ Original Message ‐‐‐ > On Monday, December 17, 2018 1:49 PM, Matt Schwartz < > matt.schwart...@gmail.com> wrote: > > Right off the bat, I think the mask-src might be causing a problem. I know > that Thunderbird does some weird stuff and it doesn't play well with > OpenSMTPD's correct implementation of smtps but you're using starttls. So > instead of mask-src, try using the hostname parameter and set it to the > hostname that you want to use. > > > Spot on, that was it. I simply removed mask-src and STARTTLS works nicely > with Thunderbird too. > > Thanks Matt and Edgar for answering! > >
Re: Issues with Thunderbird and STARTTLS (Pipelining not supported)
Right off the bat, I think the mask-src might be causing a problem. I know that Thunderbird does some weird stuff and it doesn't play well with OpenSMTPD's correct implementation of smtps but you're using starttls. So instead of mask-src, try using the hostname parameter and set it to the hostname that you want to use. On Mon, Dec 17, 2018, 7:31 AM mabi Right, I forgot that sorry. Here it is: > > pki mail.mydomain.org cert "/etc/ssl/mail.mydomain.org.crt" > pki mail.mydomain.org key "/etc/ssl/private/mail.mydomain.org.key" > > table aliases file:/etc/mail/aliases > table domains postgres:/etc/mail/postgresql.conf > table virtuals postgres:/etc/mail/postgresql.conf > table credentials postgres:/etc/mail/postgresql.conf > > listen on egress port 25 hostname mail.mydomain.org tls pki > mail.mydomain.org > listen on egress port 587 hostname mail.mydomain.org tls-require pki > mail.mydomain.org auth mask-src > > action "local" mbox alias > action "relay" relay > action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual > > match for local action "local" > match from any for domain action "lmtp_dovecot" > match auth from any for any action "relay" > > > > ‐‐‐ Original Message ‐‐‐ > On Monday, December 17, 2018 1:21 PM, Matt Schwartz < > matt.schwart...@gmail.com> wrote: > > Please share your smtpd.conf file. OpenSMTPD 6.4.1 works just fine with > Thunderbird. > > On Mon, Dec 17, 2018, 7:16 AM mabi >> Hi, >> >> I just configured OpenSMTPD on OpenBSD 6.4 with authentication to send >> mails as a MSA (port 587). I did some tests with swaks and TLS enabled and >> it works fine but with Thunderbird it miserably fails to use STARTTLS. On >> the server side I get: >> >> 500 5.5.1 Invalid command: Pipelining not supported >> >> Is Thunderbird somehow so broken that it doesn't even respect that >> OpenSMTPD does not support SMTP pipelining? >> >> I am using Thunderbird 60.3.0... >> >> Any workarounds? >> >> Also I was wondering if OpenSMTPD supports other authentication types >> additionally to PLAIN and LOGIN? >> >> Regards, >> Mabi >> >> >> >> >> >> >> >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >> >> >
Re: Issues with Thunderbird and STARTTLS (Pipelining not supported)
Please share your smtpd.conf file. OpenSMTPD 6.4.1 works just fine with Thunderbird. On Mon, Dec 17, 2018, 7:16 AM mabi Hi, > > I just configured OpenSMTPD on OpenBSD 6.4 with authentication to send > mails as a MSA (port 587). I did some tests with swaks and TLS enabled and > it works fine but with Thunderbird it miserably fails to use STARTTLS. On > the server side I get: > > 500 5.5.1 Invalid command: Pipelining not supported > > Is Thunderbird somehow so broken that it doesn't even respect that > OpenSMTPD does not support SMTP pipelining? > > I am using Thunderbird 60.3.0... > > Any workarounds? > > Also I was wondering if OpenSMTPD supports other authentication types > additionally to PLAIN and LOGIN? > > Regards, > Mabi > > > > > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Announce: OpenSMTPD 6.4.1 released
Hi Gilles, Stupid question but did these minor fixes come via a syspatch or do I need to download and compile the tarball? Thanks! On Sun, Dec 16, 2018, 11:05 AM Gilles Chehade Subject: Announce: OpenSMTPD 6.4.1 released > > OpenSMTPD 6.4.1 has just been released. > > OpenSMTPD is a FREE implementation of the SMTP protocol with some common > extensions. It allows ordinary machines to exchange e-mails with systems > speaking the SMTP protocol. It implements a fairly large part of RFC5321 > and can already cover a large range of use-cases. > > It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD and Linux. > > The archives are now available from the main site at www.OpenSMTPD.org > > We would like to thank the OpenSMTPD community for their help in testing > the snapshots, reporting bugs, contributing code and packaging for other > systems. > > This is a minor release with critical and portability fixes. > > Changes in this release (since 6.4.0): > == > > - MDA exit status was improperly handled causing some temporary failures > to be treated as permanent failures. > - fix hardcoded libexec paths preventing proper packaging [1] > - fix install of smtpctl to allow build/install as non-root > > > [1] Author: Michael Figiel > > > Checksums: > == > > SHA256 (opensmtpd-6.4.1.tar.gz) = > 755580753b36a4072bffac4993d1db82129352a087830e125e257c3ce8c5921f > > SHA256 (opensmtpd-6.4.1p1.tar.gz) = > 1b5dabe822a0e0b2cfde067f673885a81211ae8f630ec88e4d70c81cad49a406 > > > Verify: > === > > Starting with version 5.7.1, releases are signed with signify(1). > > You can obtain the public key from our website, check with our community > that it has not been altered on its way to your machine. > >$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub > > Once you are confident the key is correct, you can verify the release as > described below: > > 1- download both release tarball and matching signature file to same > directory: > >for OpenBSD version: >$ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.sum.sig >$ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1.tar.gz > >for portable version: >$ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.sum.sig >$ wget https://www.opensmtpd.org/archives/opensmtpd-6.4.1p1.tar.gz > > > 2- use `signify` to verify that signature file is properly signed and that > the >checksum matches the release tarball you downloaded: > >for OpenBSD version: >$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1.sum.sig >Signature Verified >opensmtpd-6.4.1.tar.gz: OK > >for portable version: >$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-6.4.1p1.sum.sig >Signature Verified >opensmtpd-6.4.1p1.tar.gz: OK > > > If you don't get an OK message, then something is not right and you should > not > install without first understanding why it failed. > > > Support: > > > You are encouraged to register to our general purpose mailing-list: > http://www.opensmtpd.org/list.html > > The "Official" IRC channel for the project is at: > #OpenSMTPD @ irc.freenode.net > > > Reporting Bugs: > === > > Please read http://www.opensmtpd.org/report.html > Security bugs should be reported directly to secur...@opensmtpd.org > Other bugs may be reported to b...@opensmtpd.org > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: FAQ gone?
Gilles, I've got some time on my hands for the next few weeks. I could work on it if you'd like. Matt On Wed, Dec 12, 2018, 3:44 PM Gilles Chehade On Wed, Dec 12, 2018 at 06:39:59PM +, mabi wrote: > > Hi, > > > > I was wondering where did the FAQ section on the opensmtpd.org website > disappear? > > > > It had useful setup examples with LMTP and Dovecot if I remember > correctly... > > > > The FAQ was inaccurate and no one step and committed to maintain it. > > This resulted in people mailing me in private all the time to ask why an > example from the FAQ was not working for them. > > Not opposed to having a FAQ but I can't be the one maintaining it and it > needs to be _actively_ maintained up-to-date, not just created once then > forgotten, otherwise this means additional work for me. > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Mail loops when relaying and using smtp auth
Also, OpenSMTPD 6.4 has the added advantage of more reliable message queueing. If you restart the smtp daemon, the queue resumes reliably. There is no good reason to stick with the older version of OpenSMTPD. On Wed, Nov 28, 2018, 8:41 PM Thomas Bohl > By default, there is ‘accept from local for any relay’, and I’ve kept > that in place. Is this what you were referring to? > > That is what's casing the loop. "relay" looks for the MX record (Which > is what you want for everting but your own domain). "relay via" skips that. > > > > As I understand it, ‘accept from any’ would be inclusive of ‘local’—is > this not the case? > > No, I believe you are right. > > > > As a test to understand what you’d recommended, I added > > > > accept from local for domain relay via > > > > and tested—that presented the same mail loop problem. > > 1. Is what you call "upstream"? Aka your mailbox system? > 2. Are the accept lines in the right order? From specific to common. > 3. Can you post the error log? > (4. Full smtpd.conf would be nice.) > > > > I’m somewhat new to OpenSMTPd > > Then you should skip 6.3 and move to OpenBSD 6.4, because of the new > configuration style. You are learning a deprecated config style at the > moment. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Interesting error
So, I've come across an interesting error with OpenSMTPD 6.4.0. I tried sending an email to a virtual user whom I know does not exist on my system. The user is i...@example.org. Instead of an error indicating that the user does not exist, I get the following NDR error: 524 5.2.4 Mailing list expansion problem. My virtual users are stored in a file called virtuals. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: upgrade to 6.4
How many users do you have on your server, Edgar? I've found the best solution to be simple text files. On Sun, Nov 4, 2018 at 3:37 PM Edgar Pettijohn III wrote: > > > On 11/4/18 2:32 PM, Bryan Harris wrote: > > I made the exact same mistake of not using “from any” on my relay rule. > > Scratching my head reading the rule trace was a good learning experience. > > > > I still don’t understand how to correctly setup virtuals like you’re doing. > > Instead I’m using aliases. Can you share your virtual match rule? > > > > V/r, > > Bryan > > > I'm using mysql tables. It makes everything so simple. > > > Edgar > > > Sent from my iPhone > > > >> On Nov 4, 2018, at 10:01 AM, Edgar Pettijohn III > >> wrote: > >> > >> I hadn't upgraded to 6.4 yet, because I was scared of the new config > >> changes. However, it was relatively painless. Here are the two mistakes I > >> made and the corrected versions in case it helps others. > >> > >> wrong: > >> > >> action act01 virtual maildir "/path/to/maildir" > >> > >> right: > >> > >> action act01 maildir "/path/to/maildir" virtual > >> > >> wrong: > >> > >> match for any action act02 # relay rule > >> > >> right: > >> > >> match auth from any for any action act02 # needed the auth keyword and > >> apparently from any > >> > >> > >> thanks, > >> > >> > >> Edgar > >> > >> > >> -- > >> You received this mail because you are subscribed to misc@opensmtpd.org > >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >> > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Question about backup mx
Ok, thanks for the clarification. I guess one way to avoid the wait is to just manually schedule all. On Wed, Oct 31, 2018, 8:48 AM Gilles Chehade On Mon, Oct 22, 2018 at 01:36:07PM -0400, Matt Schwartz wrote: > > If I have two mail exchange servers and the primary one goes down, do > > I then have to manually issue an smtpctl schedule all to resume > > delivery from the backup to the primary? > > > > no, you just have to way for the backup one to realize the primary is up > which may take some time depending how long the primary was down. > > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg >
Re: 6.4 broke procmail .forward
fdm looks a whole helluva lot easier to get going too.
On Sun, Oct 28, 2018 at 1:52 PM Gilles Chehade wrote:
>
> On Sat, Oct 27, 2018 at 10:11:05PM -0700, William Ahern wrote:
> > On Sat, Oct 27, 2018 at 09:36:15PM -0700, William Ahern wrote:
> > > On Sat, Oct 27, 2018 at 08:59:37PM -0700, William Ahern wrote:
> > > > Immediately after upgrading my procmail setup broke. Near as I can tell
> > > > smtpd now executes .forward pipes with the permissions of _smtpd (same
> > > > as
> > > > aliases), whereas previously it executed .forward pipes with the
> > > > permissions
> > > > of the user (similar to delivery to /var/mail mbox).
> > > >
> > > > Was this intentional or accidental?
> > >
> > > Sorry, I was wrong. What's actually happening is that smtpd is no longer
> > > adding the From_ line, so when procmail appended the message to my mailbox
> > > it was effectively concatenated with the previous message.
> > >
> > > Can the old behavior be restored? Or at least can an environment variable
> > > (e.g. SENDER) be added providing the envelope sender which I can easily
> > > prepend myself?
> > >
> >
> > To respond my own question (again), smtpd will expand %{mbox.from} in the
> > .forward line. So the fix is to pass it to procmail via the -f option,
> >
> > |/usr/local/bin/procmail -f %{mbox.from}
> >
> > like how /usr/libexec/mail.mboxfile is written to the mda_exec string
> > buffer in lka_session.c:lka_submit.
> >
>
> Nice that you found out by yourself and this is in the list so people
> can be referred to this thread ;-)
>
>
> Now that I have your attention everyone:
>
> Please don't use procmail.
>
> I don't have a habit of advising against a particular software, but this
> is one of the cases where I had a look at the code, and wish people knew
> the horror.
>
> There is nothing good to say about procmail, nothing.
>
> I don't want to spread FUD but we're talking about a piece of code which
> processes untrusted input with unreadable code and advises you to run it
> setuid root because it doesn't know any better.
>
> There are safer, nicer and more modern alternatives such as fdm for one,
> but quite frankly: even the shittiest 30 lines of sh self-written custom
> mda makes a better choice than procmail.
>
> Please do yourselves a favor, ditch procmail in favor of fdm.
>
> If you want to argue why procmail is a nice choice be prepared for me to
> start sharing samples of code and keep reminding you that the authors do
> advise you to install it setuid root.
>
>
> --
> Gilles Chehade
>
> https://www.poolp.org @poolpOrg
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: OpenSMTPD 6.4 - "Invalid recipient" with external mail client (thunderbird)
Change your match for any action relay_dkim to match auth from any for any action relay_dkim. On Fri, Oct 26, 2018 at 7:10 PM Jesper Wallin wrote: > > Hi, > > You need to specify “from any” to your relay_dkim match rule. If not > specified, it defaults to “from local”, which now is different from “auth”. > > > Regards, > Jesper Wallin > > > On 27 Oct 2018, at 01:06, wrote: > > > > Hello, > > > > I recently upgraded my server to OpenBSD 6.4. But I have a problem with the > > new > > configuartion of OpenSMTPD: > > > > When I send a mail with Thunderbird from an external IP, my server always > > returns > > the error message "invalid recipient". > > > > When I connect to the server through SSH and send a mail via the local > > client mutt, > > everything works. > > > > This is my configuration: > > --- > > queue compression > > queue encryption ad8004f927bd2b00a672c30704e3de11 > > > > pki mx1.example.com.pki cert "/etc/ssl/mx1.example.com.crt" > > pki mx1.example.com.pki key "/etc/ssl/private/mx1.example.com.key" > > > > table aliases file:/etc/mail/aliases > > table vdomains file:/etc/mail/vdomains > > table vusers file:/etc/mail/vusers > > > > listen on lo0 > > listen on lo0 port 10028 tag DKIM > > listen on egress tls pki mx1.example.com.pki auth-optional > > listen on egress smtps pki mx1.example.com.pki auth > > listen on egress port submission tls-require pki mx1.example.com.pki auth > > > > action "local" mbox alias > > action "relay" relay > > action "domain" lmtp "/var/dovecot/lmtp" virtual > > action relay_dkim relay host smtp://127.0.0.1:10027 > > > > match from local for local action "local" > > match tag DKIM for any action "relay" > > match from any for domain action "domain" > > match for any action relay_dkim > > --- > > > > Is there something wrong in my current configuration? > > > > Thanks in advance! > > > > Cheers > > Johannes > > > > > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Grabing release from www.opensmtpd.org
I think it's best if you get the sources from OpenBSD CVS. On Mon, Oct 22, 2018, 8:06 AM Joel Carnat wrote: > Hi, > > On my way to move from 6.0.x to 6.4, I went to www.opensmtpd.org and > hoped I could get the 6.4 release, build it and test my new > configuration file (before doing the whole obsd 6.3 to 6.4 upgrade). > But... the osmtpd website seem to only offer sources for the 6.0.3 > release. Will the website be updated or should I grab the sources from > openbsd repo ? > > Thanks. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Reject Senders by IP address - SMTPD
Antonino, What I ended up doing was configuring spamd in blacklist only mode and using spamd simply to populate the table in pf. From there, instead of sending members of the table to the spamd daemon, I just block them outright. To stop some of the connection attempts that have not been reported to nixspam (i.e. they're not in the table) I created a small, crude script to parse the maillog file for login attempts where logins have been specifically disabled on port 25. I just have this script run every 15 minutes on a cronjob. If you want to try this out, you'll have to do two things: 1. Add the following lines to /etc/mail/spamd.conf all:\ :nixspam:mylist: mylist:\ :black:\ :msg="Your address %A has been blocked indefinitely":\ :method=file:\ :file=/var/db/mylist.txt 2. Create the /var/db/mylist.txt file 3. Create the script. I put it in /usr/local/sbin/mylist-update.sh. Then create a cron job to have the script run. #!/bin/sh MAILLOG=/var/log/maillog DBFILE=/var/db/mylist.txt TMPFILE=/tmp/mylist-ip.tmp if [ -r $MAILLOG ]; then cat $MAILLOG | grep AUTH | cut -d " " -f 9 | cut -d "=" -f 2 >> $DBFILE cat $MAILLOG | grep "HELO *.*" | cut -d " " -f 9 | cut -d "=" -f 2 >> $DBFILE # Remove duplicates cat $DBFILE | sort -u > $TMPFILE cat $TMPFILE > $DBFILE fi It's crude but effective. I've been using it for several weeks without issue. Matt On Fri, Sep 28, 2018 at 5:40 AM Antonino Sidoti wrote: > > Hi Gilles > Therefore in my case I can remove the “reject” statement and let the packet > filter block the IP. I don’t want the offending IP to even reach the mail > server. > > Thanks for the clarification. > > > > > On 28 Sep 2018, at 7:25 pm, Gilles Chehade wrote: > > > >> On Fri, Sep 28, 2018 at 09:14:17AM +, Antonino Sidoti wrote: > >> Hi Peter > >> > > > > Hi, > > > >> I am using spamd. > >> > >> So the ???reject??? statement still logs the connection as seen in the log > >> sample I provided. I was expecting to see a different log entry along the > >> lines of ???source IP rejected???. The log information gives me the > >> impression that the ???reject??? is not working. > >> > >> Happy to configure a table in ???pf.conf??? and block the IP that way. > >> But then what is the point of the ???reject??? in the smtpd.conf? > >> > > > > The ruleset within smtpd only cares about envelopes. > > > > It doesn't accept or reject clients, it accept or rejects envelopes so they > > do or do not enter the queue for delivery. > > > > Gilles > > > > > > > > > On 28 Sep 2018, at 6:56 pm, Peter N. M. Hansteen wrote: > > On Fri, Sep 28, 2018 at 08:30:55AM +, Antonino Sidoti wrote: > table shithole file:/etc/mail/blacklist > > The file ???blacklist??? contain the IP addresses that I wish to block, > one per line. I also have added a reject statement to my > ???smtpd.conf??? like so; > > reject from source for any > > What I notice is that it does not block the IP address and it continues > to attempt a connection to the mail server. The IP address in question > is showing up in ???/var/log/maillog??? like so; > > Sep 28 18:22:12 obsd-svr3 smtpd[68949]: b6ab24ef369520cc smtp > event=failed-command address=185.xxx.xxx.254 host=185.xxx.xxx.254 > command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not > supported??? > > Any idea why the reject statement does not work? > >>> > >>> Well, the mail does get rejected, doesn't it? > >>> > >>> it's possible that a simple pf.conf with a table you block from, fed from > >>> the file you already have would be the solution > >>> your're looking for. Perhaps supplemented with a spamd(8) setup. > >>> > >>> a couple of writeups of mine that you might find useful: > >>> > >>> https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html > >>> https://bsdly.blogspot.com/2013/05/keep-smiling-waste-spammers-time.html > >>> > >>> It's also possible that the enumerated badness from > >>> https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html could > >>> usefully supplement your data sources. > >>> > >>> All the best, > >>> Peter > >>> > >>> -- > >>> Peter N. M. Hansteen, member of the first RFC 1149 implementation team > >>> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > >>> "Remember to set the evil bit on all malicious network traffic" > >>> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >>> > >>> -- > >>> You received this mail because you are subscribed to misc@opensmtpd.org > >>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >>> > > > > -- > > Gilles Chehade > > > > https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: TempFail Error (exited abnormally)
Hi Gonzalo,
I believe smtpd is failing at the point of running rspamc. I've seen
this once before and solved it by doing the following:
"/usr/local/bin/rspamc -d %{dest} --mime -e
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
%{rcpt}'
On Fri, Sep 21, 2018 at 6:16 PM Edgar Pettijohn wrote:
>
>
> On Sep 21, 2018 4:24 PM, Gonzalo wrote:
> >
> > Hello,
> >
> > I am having this problem with my setup:
> >
> > mda event=delivery evpid=b4b9eaa2be1a713b from=<>
> > to= user=vmail method=mda delay=21h30m49s result=TempFail
> > stat=Error (exited abnormally)
> >
> > This setup is an OpenBSD 6.3 (release), opensmtpd, dkimproxy, rspam and
> > dovecot:
> >
> > # cat /etc/mail/smtpd.conf
> > queue compression
> >
> > bounce-warn 1h, 6h, 2d
> > expire 3d
> >
> > pki xxx.com certificate "/etc/ssl/xxx.com.crt"
> > pki xxx.com key "/etc/ssl/private/xxx.com.key"
> >
> > table aliases file:/etc/mail/aliases
> > table domains file:/etc/mail/domains
> > table passwdpasswd:/etc/mail/passwd
> > table virtuals file:/etc/mail/virtuals
> >
> > max-message-size 50M
> >
> > listen on lo0
> > listen on lo0 port 10028 tag DKIM_OUT
> > listen on egress port 25 tls pki xxx.com
> > listen on egress port 587 tls-require pki xxx.com auth
> >
> > # Accept mail sent from local server to a local account
> > accept from local \
> > for local alias \
> > deliver to mda "/usr/local/bin/rspamc --mime --exec
> > \"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}\""
> >
> > accept from any for domain virtual \
> > deliver to mda "/usr/local/bin/rspamc --mime --exec
> > \"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}\""
> >
> > accept for local alias \
> > deliver to mda "/usr/local/bin/rspamc --mime --exec
> > \"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}\""
> >
> > accept tagged DKIM_OUT for any relay \
> > hostname xxx.com
> >
> > accept from local for any \
> > relay via smtp://127.0.0.1:10027
> >
> > smtpd -dv -Tlookup:
> >
> > debug: mda: session c28f5914f36f6dbb done
> > debug: mda: user "vmail" becomes runnable
> > debug: mda: all done for user ":vmail"
> > debug: smtpd: scanning offline queue...
> > debug: smtpd: offline scanning done
> > debug: control -> client: pipe closed
> > debug: clearing p=client, fd=11, pid=0
> > debug: control -> client: pipe closed
> > debug: clearing p=client, fd=11, pid=0
> > debug: control -> client: pipe closed
> > debug: clearing p=client, fd=11, pid=0
> > debug: scheduler: evp:f37c310084099e67 scheduled (mda)
> > mda: new user c28f5915d6f82643 for ":vmail" delivering as "vmail"
> > debug: lka: userinfo :vmail
> > lookup: lookup "vmail" as USERINFO in table getpwnam: ->
> > "vmail:1002:1002:/var/vmail"
> > debug: mda: new session c28f5916fe1cad73 for user ":vmail" evpid
> > f37c310084099e67
> > debug: mda: no more envelope for ":vmail"
> > debug: mda: got message fd 17 for session c28f5916fe1cad73 evpid
> > f37c310084099e67
> > debug: mda: querying mda fd for session c28f5916fe1cad73 evpid
> > f37c310084099e67
> > debug: smtpd: forking mda for session c28f5916fe1cad73:
> > "/usr/local/bin/rspamc --mime --exec
> > "/usr/local/libexec/dovecot/dovecot-lda -f @ -d x...@xxx.com"" as vmail
> > debug: mda: got mda fd 18 for session c28f5916fe1cad73 evpid
> > f37c310084099e67
> > debug: mda: end-of-file for session c28f5916fe1cad73 evpid f37c310084099e67
> > debug: mda: all data sent for session c28f5916fe1cad73 evpid
> > f37c310084099e67
> > debug: smtpd: mda process done for session c28f5916fe1cad73: exited
> > abnormally
> > mda event=delivery evpid=f37c310084099e67 from=<>
> > to= user=vmail method=mda delay=14h14s result=TempFail
> > stat=Error (exited abnormally)
> > debug: mda: session c28f5916fe1cad73 done
> > debug: mda: user "vmail" becomes runnable
> > debug: mda: all done for user ":vmail"
> > debug: control -> client: pipe closed
> > debug: clearing p=client, fd=11, pid=0
> >
> >
> > serv0# smtpctl show envelope 85ecfe2420d5d3af
> > smtpctl: fopen: No such file or directory
> > serv0#
> > serv0# smtpctl show envelope 50b0a6b8d6057de6
> > version: 2
> > tag: local
> > type: mda
> > smtpname: xxx.com
> > helo: xxx.com
> > hostname: xxx.com
> > errorline: exited abnormally
> > sockaddr: local
> > sender: @
> > rcpt: x...@xxx.com
> > dest: x...@xxx.com
> > ctime: 1537479298
> > last-try: 0
> > last-bounce: 1537500898
> > expire: 259200
> > retry: 73
> > flags: authenticated
> > dsn-notify: 0
> > esc-class: 4
> > esc-code: 30
> > mda-buffer: /usr/local/bin/rspamc --mime --exec
> > "/usr/local/libexec/dovecot/dovecot-lda -f @ -d x...@xxx.com"
> > mda-method: mda
> > mda-user: vmail
> > mda-usertable:
> > mda-delivery-user: vmail
> >
> >
> > Any idea? All the emails inbound end up like that.
> >
> > Thanks
>
> My guess is that rspamc is exiting
Re: sqlite tables
Yes, I'm interested in getting those going so I can update the table_sqlite(5) page for you. :-) Basic files do work well enough though. On Mon, Sep 3, 2018, 4:29 AM Gilles Chehade wrote: > On Sun, Sep 02, 2018 at 10:26:15PM -0400, Matt Schwartz wrote: > > Does anyone know how the following tables work? > > query_netaddr > > query_userinfo > > query_source > > query_mailaddr > > query_addrname > > > > I am trying to convert my setup entirely to sqlite. > > > > any particular reason ? > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg >
sqlite tables
Does anyone know how the following tables work? query_netaddr query_userinfo query_source query_mailaddr query_addrname I am trying to convert my setup entirely to sqlite. Thanks, Matt -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Thanks Gilles. I puzzled it out and it's working great now. On Sat, Sep 1, 2018 at 1:50 PM Gilles Chehade wrote: > > On Sat, Sep 01, 2018 at 11:59:20AM -0400, Matt Schwartz wrote: > > I am afraid that I am hopelessly confused on the userbase parameter. > > If I were to have the following: > > > > # credentials > > user1 > > > > # userinfo > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > > # virtuals > > us...@domain1.com vmail > > > > [...] > > > > In theory, shouldn't this deliver email addressed to us...@domain1.com > > to /var/vmail/user1/Maildir/new? > > > > you got the configuration file wrong again, despite having it right with > the comment itself: > > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > I'll describe how things work in this mail so it serves as reference for > future questions regarding aliases, virtual and userbase: > > Aliases and virtuals are mutually exclusive features that operate at the > same level, converting an e-mail address into a local user. > > Userbases operate at a lower level, allowing to lookup system details of > a local user such as uid, gid and home directory. > > You don't have to have aliases or virtuals, but you MUST have a userbase > which defaults to the system user database when you don't specify one. > > Aliases and virtuals can be seen as functions that take an e-mail as the > input and produce usernames that _MUST_ exist in the underlying userbase > as the output, otherwise the recipient will be rejected. > > The difference between aliases and virtuals is subtle but simple: > > - aliases assume that all users on the system are allowed to get e-mails > and that the user-part of recipient e-mail addresses are the usernames > on the system. the mechanism allows you to provide an OPTIONAL list of > transformations in case some recipients have user-parts that are not a > system user, and it assumes that if no alias is found, then user-parts > must be looked up as real usernames. > > - virtuals assume that users are NOT allowed to get e-mails, unless they > are EXPLICITELY allowed on a list. either a transform is found and the > recipient is converted into a username, or the recipient is rejected. > > > You can receive e-mail if you're not in the aliases list, if you have an > account on the system with a username matching the user-part. > > You can't receive e-mail if you're not in the virtuals list, EVEN if you > have an account matching the user-part. > > > Now with that being said, converting a recipient into a username doesn't > help us much if that username doesn't exist for real. We need a uid, gid > and a home directory, so no matter if you used aliases, virtuals or none > of them, the username behind a recipient must be found in the user base. > > If I take your example: > > > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > > # virtuals > > us...@domain1.com vmail > > you have resolved us...@domain1.com into the user 'vmail'. > then we lookup the user 'vmail' in the userbase and ... nope, not found. > > Hope it clears it for everyone. > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Here is my complete smtpd.conf. I actually don't use lmtp because I
need to take advantage of spam checking. I use rspamd for spam
checking. You can see that I use multiple domains as well. Gilles was
kind enough to suggest using a wrapper and boy did it make things much
more easy to read.
pki mail cert "/etc/ssl/smtpd.crt"
pki mail key "/etc/ssl/private/smtpd.key"
mda wrapper antispam "/usr/local/bin/rspamc --mime -e '%{mda}'"
table aliases file:/etc/mail/aliases
table addrnames file:/etc/mail/addrnames
table credentials file:/etc/mail/credentials
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table userinfo file:/etc/mail/userinfo
table rejects file:/etc/mail/rejects
# Listeners
#
listen on lo0
listen on lo0 port 10028 tag DKIM
listen on vio0 tls pki mail hostnames
listen on vio0 port 587 tls-require pki mail auth \
hostnames
# Actions
#
action "local" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk
wrapper "antispam" alias
action "domain" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk
wrapper "antispam" userbase virtual
action "dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
# Incoming
#
match from any mail-from for any reject
match from local for local action "local"
match from any for domain action "domain"
# Outgoing
#
match tag DKIM for any action "relay"
match from local for any action "dkim"
match auth from any for any action "dkim"
On Sat, Sep 1, 2018 at 1:06 PM Reio Remma wrote:
>
> On 01.09.2018 19:56, Matt Schwartz wrote:
> > Thanks but I finally figured it out and wrote up a little something
> > that could hopefully benefit others. It's nice being able to use the
> > .forward feature.
>
> Wondeful. :)
>
> For multiple domains we have to use something like this for the userbase
> lookup to succeed. :)
>
> table virtuals { r...@turin.mrstuudio.ee = reio_turin.mrstuudio.ee }
> table userinfo { reio_turin.mrstuudio.ee =
> 5000:5000:/home/vmail/turin.mrstuudio.ee/reio }
>
> accept tagged Filtered for domain virtual userbase
> deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to
>
> It actually doesn't look that complicated with just one user defined. :D
>
> Good luck,
> Reio
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Thanks but I finally figured it out and wrote up a little something
that could hopefully benefit others. It's nice being able to use the
.forward feature.
On Sat, Sep 1, 2018 at 12:45 PM Reio Remma wrote:
>
> Hello!
>
> Are you using multiple domains? I just tested it in its simplest form
> (in 6.0.3) with one domain and it worked without virtuals.
>
> table userinfo { reio = 5000:5000:/home/vmail/turin.mrstuudio.ee/reio }
>
> accept tagged Filtered for domain userbase deliver
> to lmtp "/var/run/dovecot/lmtp" rcpt-to
>
> OpenSMTPD successfully read the .forward file from
> 5000:5000:/home/vmail/turin.mrstuudio.ee/reio/.forward
>
> If you're using multiple domains, then you need a somewhat convoluted
> system with virtuals and userbase.
>
> The trouble is that OpenSMTPD is checking only the user name without the
> domain part from userbase.
>
> Good luck,
> Reio
>
> On 01.09.2018 18:59, Matt Schwartz wrote:
> > I am afraid that I am hopelessly confused on the userbase parameter.
> > If I were to have the following:
> >
> > # credentials
> > user1
> >
> > # userinfo
> > # vmail user is 2000
> > user1 2000:2000:/var/vmail/user1
> >
> > # virtuals
> > us...@domain1.com vmail
> >
> > # smtpd.conf
> > table credentials file:/etc/mail/credentials
> > table virtuals file:/etc/mail/virtuals
> > table userinfo file:/etc/mail/userinfo
> >
> > action "action01" maildir userbase virtuals
> > match from any for domain "domain1.com" action "action01"
> >
> > In theory, shouldn't this deliver email addressed to us...@domain1.com
> > to /var/vmail/user1/Maildir/new?
> >
> > Thanks in advance,
> > Matt
> >
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
I finally understand userbase
Hi @misc,
Please disregard my previous email. I finally figured out how userbase
works! In case anyone is wondering how this works I wrote up something
explaining it really quickly. Userbase simply maps a virtual user to a
system user. The virtual user is defined in a separate file. So here's
how it works.
# userinfo
# File for the userbase parameter. All of my emails are stored as the
system user vmail which has a uid and gid of 2000
matt 2000:2000:/var/vmail/example.org/matt
# virtuals
# File for the virtual parameter.
m...@example.org matt
# or if you want a catch-all
@example.org matt
So, this makes the following work:
action "action01" maildir "/var/vmail/%{dest.domain}/%{dest.user}"
userbase virtual
match from any for domain "example.org" action "action01"
If you want to create a .forward file for the user matt, just create
it in /var/vmail/example.org/matt and make certain that it is owned by
the vmail user.
As Gilles mentioned, this feature works with regular files. You do not
need to use a database in order to get it to work. It works perfectly
with a regular file.
-Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
very confused on userbase parameter
I am afraid that I am hopelessly confused on the userbase parameter. If I were to have the following: # credentials user1 # userinfo # vmail user is 2000 user1 2000:2000:/var/vmail/user1 # virtuals us...@domain1.com vmail # smtpd.conf table credentials file:/etc/mail/credentials table virtuals file:/etc/mail/virtuals table userinfo file:/etc/mail/userinfo action "action01" maildir userbase virtuals match from any for domain "domain1.com" action "action01" In theory, shouldn't this deliver email addressed to us...@domain1.com to /var/vmail/user1/Maildir/new? Thanks in advance, Matt -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase question
Hi Gilles,
Thank you for your advice about using wrappers. I decided to implement
an mda wrapper as per your suggestion. It is interesting that I still
needed to specify either an mbox or maildir in the syntax when I
specify a wrapper. In this case, it doesn't seem to matter if I use
mbox or maildir because dovecot's LDA is doing the final delivery.
This works but I might be doing it wrong.
action "local" mbox wrapper "deliver" alias
action "domain" mbox wrapper "deliver" virtual
match for local action "local"
match from any for domain action "domain"
I have to agree that using the mda wrapper feature is a heck of a lot
cleaner. I am even going to do some testing using OpenSMTPD for final
delivery now that there is explicit support for junk mail delivery. I
think the reason that the userbase didn't work is that I am using
dovecot for final delivery of the email. Below is a patch for the
smtpd.conf(8) man page to reflect where to use the wrapper specified
by mda wrapper.
--- smtpd.conf.5Sat Sep 1 08:52:32 2018
+++ smtpd.conf.5 Sat Sep 1 08:55:23 2018
@@ -156,6 +156,9 @@
.Pq see Sx FORMAT SPECIFIERS .
.It Cm relay
Relay the message to another SMTP server.
+.It Cm wrapper Ar name
+Use a wrapper specified by
+.Cm mda wrapper .It command.
.El
.Pp
The local delivery methods support additional options:
On Sat, Sep 1, 2018 at 8:01 AM Gilles Chehade wrote:
>
> On Mon, Aug 27, 2018 at 09:54:05AM -0400, Matt Schwartz wrote:
> > I am hoping not to have to use sqlite tables. I like the simplicity of
> > file-based configuration.
>
> just for the record:
>
> besides table-specific features, all smtpd features are usable from file
> configurations since I write the features for the file backend _then_ we
> adapt the other backends.
>
>
>
> > On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote:
> > >
> > > Iirc I got the .forward file working with sqlite tables, where the user
> > > query also returned the virtual user???s maildir as an extra parameter.
> > >
> > > Good luck,
> > > Reio
> > >
> > > > On 27 Aug 2018, at 16:11, Matt Schwartz
> > > > wrote:
> > > >
> > > > Hello misc@,
> > > >
> > > > Below is my configuration file. I am trying to use the userbase
> > > > parameter and when I try to send an email to myself, I get the 550
> > > > Invalid Recipient error. I am trying to get the usrbase parameter
> > > > working so that I can add a .forward file for virtual users as per the
> > > > table(5) man page. If I don't use the userbase parameter, mail
> > > > delivery works just fine. I am not certain what I am doing wrong here.
> > > >
> > > > #smtpd.conf
> > > > pki mail cert "/etc/ssl/smtpd.crt"
> > > > pki mail key "/etc/ssl/private/smtpd.key"
> > > >
> > > > table aliases file:/etc/mail/aliases
> > > > table addrnames file:/etc/mail/addrnames
> > > > table credentials file:/etc/mail/credentials
> > > > table domains file:/etc/mail/domains
> > > > table virtuals file:/etc/mail/virtuals
> > > > table usrbase file:/etc/mail/usrbase
> > > > table rejects file:/etc/mail/rejects
> > > >
> > > > # Listeners
> > > > #
> > > > listen on lo0
> > > > listen on lo0 port 10028 tag DKIM
> > > > listen on vio0 tls pki mail hostnames
> > > > listen on vio0 port 587 tls-require pki mail auth \
> > > >hostnames
> > > >
> > > > # Actions
> > > > #
> > > > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > > %{rcpt}'" alias
> > > > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > > %{rcpt}'" userbase virtual
> > > > action "dkim" relay host smtp://127.0.0.1:10027
> > > > action "relay" relay
> > > >
> > > > # Incoming
> > > > #
> > > > match from any mail-from for any reject
> > > > match from local for local action "local"
> > > > match from any for domain action "domain"
> > > >
> > > > # Outgoing
> > > > #
> > > > match tag DKIM for any action "relay"
> > > > match from local for any act
Re: Credentials Table
I feel more comfortable having two separate password files for Dovecot and OpenSMTPD. Yes, it's more administrative work but it works fine for my purposes. On Mon, Aug 27, 2018, 2:40 PM Bruno Pagani wrote: > The passwd option exists actually, but is provided by opensmtpd-extras. > > And that’s what I use since it allows keeping the same file for opensmtpd > and dovecot. > > Regards, > Bruno > > Le 27 août 2018 09:31:54 GMT+02:00, Antonino Sidoti a > écrit : >> >> HI, >> >> Base on the feedback I am going to use the ‘file’ option for the >> credentials table in my smtpd.conf; >> >> table passed file:/etc/mail/passwd >> >> Thanks >> >> On 27 Aug 2018, at 5:24 pm, Matt Schwartz >> wrote: >> >> I simply use the file type. For example: >> table credentials file:/etc/mail/credentials. >> >> I do it this way because it is the simplest form. All I have in the >> credentials file is username:password. Use smtpctl encrypt to generate the >> encrypted password for the user. Finally, use smtpctl update table >> credentials to tell smtpd about the changes. >> >> On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: >> >>> Hi, >>> >>> When using a credentials table (man table), what table type do I use >>> with regards to using the table in a smtpd.conf configuration? >>> >>> I have created this table in my smtpd.conf but I am not sure it is >>> correct? >>> >>> table passwd file:/etc/mail/passwd >>> >>> Though I have seen a sample configuration from another site using a >>> different table type; >>> >>> table passwd passwd:/etc/mail/passwd >>> >>> Reading the man page, it does not make any reference to the table type >>> using ‘passwd’. It only talks about ‘file’ and ‘db’. >>> >>> Nino >> >> >>
Re: userbase question
I am hoping not to have to use sqlite tables. I like the simplicity of
file-based configuration.
On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote:
>
> Iirc I got the .forward file working with sqlite tables, where the user query
> also returned the virtual user’s maildir as an extra parameter.
>
> Good luck,
> Reio
>
> > On 27 Aug 2018, at 16:11, Matt Schwartz wrote:
> >
> > Hello misc@,
> >
> > Below is my configuration file. I am trying to use the userbase
> > parameter and when I try to send an email to myself, I get the 550
> > Invalid Recipient error. I am trying to get the usrbase parameter
> > working so that I can add a .forward file for virtual users as per the
> > table(5) man page. If I don't use the userbase parameter, mail
> > delivery works just fine. I am not certain what I am doing wrong here.
> >
> > #smtpd.conf
> > pki mail cert "/etc/ssl/smtpd.crt"
> > pki mail key "/etc/ssl/private/smtpd.key"
> >
> > table aliases file:/etc/mail/aliases
> > table addrnames file:/etc/mail/addrnames
> > table credentials file:/etc/mail/credentials
> > table domains file:/etc/mail/domains
> > table virtuals file:/etc/mail/virtuals
> > table usrbase file:/etc/mail/usrbase
> > table rejects file:/etc/mail/rejects
> >
> > # Listeners
> > #
> > listen on lo0
> > listen on lo0 port 10028 tag DKIM
> > listen on vio0 tls pki mail hostnames
> > listen on vio0 port 587 tls-require pki mail auth \
> >hostnames
> >
> > # Actions
> > #
> > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > %{rcpt}'" alias
> > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > %{rcpt}'" userbase virtual
> > action "dkim" relay host smtp://127.0.0.1:10027
> > action "relay" relay
> >
> > # Incoming
> > #
> > match from any mail-from for any reject
> > match from local for local action "local"
> > match from any for domain action "domain"
> >
> > # Outgoing
> > #
> > match tag DKIM for any action "relay"
> > match from local for any action "dkim"
> > match auth from any for any action "dkim"
> >
> > #usrbase
> > m...@example.org 2000:2000:/var/vmail/example.org/matt
> >
> > #virtuals
> > m...@example.org vmail
> >
> > Thanks in advance,
> > Matt
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
userbase question
Hello misc@,
Below is my configuration file. I am trying to use the userbase
parameter and when I try to send an email to myself, I get the 550
Invalid Recipient error. I am trying to get the usrbase parameter
working so that I can add a .forward file for virtual users as per the
table(5) man page. If I don't use the userbase parameter, mail
delivery works just fine. I am not certain what I am doing wrong here.
#smtpd.conf
pki mail cert "/etc/ssl/smtpd.crt"
pki mail key "/etc/ssl/private/smtpd.key"
table aliases file:/etc/mail/aliases
table addrnames file:/etc/mail/addrnames
table credentials file:/etc/mail/credentials
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table usrbase file:/etc/mail/usrbase
table rejects file:/etc/mail/rejects
# Listeners
#
listen on lo0
listen on lo0 port 10028 tag DKIM
listen on vio0 tls pki mail hostnames
listen on vio0 port 587 tls-require pki mail auth \
hostnames
# Actions
#
action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
%{rcpt}'" alias
action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
%{rcpt}'" userbase virtual
action "dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
# Incoming
#
match from any mail-from for any reject
match from local for local action "local"
match from any for domain action "domain"
# Outgoing
#
match tag DKIM for any action "relay"
match from local for any action "dkim"
match auth from any for any action "dkim"
#usrbase
m...@example.org 2000:2000:/var/vmail/example.org/matt
#virtuals
m...@example.org vmail
Thanks in advance,
Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: TLS and relay
Hi Pete, I was just looking over the man page for smtpd.conf and there is a way to disable cert verification. There is also a match statement that, while it won't force the connection to be over TLS per se, it just won't allow the transaction to happen if it is not over TLS. action "action01" relay tls-noverify. match tls from domain "example.org" to any action "action01" Hope this helps some, Matt On Mon, Aug 27, 2018 at 8:42 AM Pete wrote: > > Hello, > > i'm trying to get my config up to speed before 6.4, but i wasn't > really able to figure out how to to what i wanted regarding relaying and > TLS. > > Currenly i have: > # Suckers > accept tagged OUT_OK from source for domain relay > # always enforce TLS for outbound > accept tagged OUT_OK from source for any relay tls > > This forces TLS on relay except for a few that don't support it. > In the new config there only seems to be tls no-verify to disable cert > verfication. How do i have to craft the action rules to to force or > disable TLS on relay? Is it even possible? > > > > Pete > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Credentials Table
I simply use the file type. For example: table credentials file:/etc/mail/credentials. I do it this way because it is the simplest form. All I have in the credentials file is username:password. Use smtpctl encrypt to generate the encrypted password for the user. Finally, use smtpctl update table credentials to tell smtpd about the changes. On Sun, Aug 26, 2018, 11:35 PM Antonino Sidoti wrote: > Hi, > > When using a credentials table (man table), what table type do I use with > regards to using the table in a smtpd.conf configuration? > > I have created this table in my smtpd.conf but I am not sure it is > correct? > > table passwd file:/etc/mail/passwd > > Though I have seen a sample configuration from another site using a > different table type; > > table passwd passwd:/etc/mail/passwd > > Reading the man page, it does not make any reference to the table type > using ‘passwd’. It only talks about ‘file’ and ‘db’. > > Nino
Re: Dovecot - Do I need this?
All you have to do is just have the final delivery happen to an mbox location. For example: action "action01" mbox alias action "action02" relay match from any for domain "example.org" action "action01" match from local for any action "action02" >From there you should be able to use a mail reader like alpine or mutt. On Sat, Aug 25, 2018 at 7:28 PM Antonino Sidoti wrote: > > Hi, > > I am currently building a mail server using OpenSMTPD on OpenBSD 6.3 > > I see a lot of examples on the web about configurations and nearly all of > them are using a combination of OpenSMTPD, Dovecot, Spamassassin and so on. I > understand the reason behind the selection of software and the intended > purpose of each software. > > My question is, Can I use OpenSMTPD with Spamd (OpenBSD - Spamd, Greylisting, > Graytrapping) and not have anything to do with Dovecot or any other MDA. I > also know the configuration is having a syntax change (pool.org) and I see > that they have no reference to Dovecot or other third party software. In > particular, pools.org has reference to Maildir in their configuration > examples and that is what I am trying to achieve too in OpenSMTPD. > > Nino > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Dovecot - Do I need this?
You don't have to use Dovecot. Dovecot is just very popular because it is stable, secure, and scales very well! On Sat, Aug 25, 2018, 7:28 PM Antonino Sidoti wrote: > Hi, > > I am currently building a mail server using OpenSMTPD on OpenBSD 6.3 > > I see a lot of examples on the web about configurations and nearly all of > them are using a combination of OpenSMTPD, Dovecot, Spamassassin and so on. > I understand the reason behind the selection of software and the intended > purpose of each software. > > My question is, Can I use OpenSMTPD with Spamd (OpenBSD - Spamd, > Greylisting, Graytrapping) and not have anything to do with Dovecot or any > other MDA. I also know the configuration is having a syntax change ( > pool.org) and I see that they have no reference to Dovecot or other third > party software. In particular, pools.org has reference to Maildir in > their configuration examples and that is what I am trying to achieve too in > OpenSMTPD. > > Nino > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Forward of singele email address
Try adding something similar to this to your vusers: u...@example.orgu...@example.com It would help to know what's in your vusers file. On Thu, Aug 23, 2018, 8:20 PM wrote: > Hello, > > I have a problem with forwarding for an email account to an external > address. I user openbsd version 6.3. > > # cat /etc/mail/userinfo > ... > external 5000:5000:/var/maildir/external > > > # cat /var/maildir/caritas/.forward > i...@otherdomain.com > > # cat /etc/mail/smtpd.conf > ... > accept from any recipient ! for domain "mydomain.net" > virtual userbase deliver to maildir > > > I'm pretty sure that this configuration has worked a few version before > but I haven't tested it for quite a while and now it doesn't > work any more. > > Maybe it is much easier in an other way. > Can somebody give me a hand? Thanks in advance. > > -- > cheers > > wof > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: mail.lmtp: net: service not supported by ai_socktype
Vijay, Are you using OpenSMTPD for backup MXes? I've been trying
unsuccessfully to setup a backup mx with the new version of OpenSMTPD.
On Mon, Jul 16, 2018 at 9:44 PM, Vijay Sankar wrote:
>
> Quoting Vijay Sankar :
>
>> I am trying to upgrade my old mail server which is using OpenSMTPD,
>> Dovecot etc., to one running -current.
>>
>> So I am trying to use the new grammar and almost everything works great,
>> but having problems with LMTP.
>>
>> If I try:
>>
>> action "lmtp-local" lmtp "unix:/var/dovecot/lmtp"
>> match from any for domain foretell.ca action "lmtp-local"
>>
>> I get the following error in /var/log/maillog
>>
>> Jul 16 20:16:08 server10 smtpd[96427]: mda event=delivery
>> evpid=fd06d20741a44021 from= to=
>> rcpt= user=vijay delay=6m result=TempFail stat=Error
>> ("mail.lmtp: inet: service not supported for ai_socktype")
>>
>> Not sure how to troubleshoot this. smtpd -v does not show any syntax
>> errors in smtpd.conf. The test server is listening on tcp ports 25 and 587.
>>
>> Please let me know what I could be doing wrong or if there is any
>> additional info I could provide.
>>
>> Thanks very much,
>>
>> Vijay
>>
>>
>>
>> Vijay Sankar, M.Eng., P.Eng.
>> ForeTell Technologies Limited
>> vsan...@foretell.ca
>>
>>
>> --
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>
> Probably this is a mistake few would make but posting this just in case. A
> very kind person pointed out in a private email that there was no need to
> specify a socket.
>
> So the syntax that works is
>
> action "lmtp-local" lmtp "/var/dovecot/lmtp"
> match from any for domain foretell.ca action "lmtp-local"
>
> Vijay
>
> Vijay Sankar, M.Eng., P.Eng.
> ForeTell Technologies Limited
> vsan...@foretell.ca
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Backup MXes
Hello list,
I want to setup a backup mx with the new version of smtpd; using the
new grammar structure. However, I think I am doing this wrong because
it is not working. Below is the relevant configuration for the primary
mx:
# Actions
#
action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}'"
alias
action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
'/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest}'"
virtual
action "dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
# Incoming
#
match from local for local action "local"
match from any for domain action "domain"
# Outgoing
#
match tag DKIM for any action "relay"
match from local for any action "dkim"
match auth from any for any action "dkim"
Below is the relevant config for the backup mx:
# Actions
#
action "local" mbox alias
action "domain" relay backup
# Matches
#
match for local action "local"
match from any for domain action "domain"
To test, I stop smtpd on the primary mx and send a test email to
m...@example.org from m...@gmail.com. I notice that the message gets
queued on the backup mx so then I restart smtpd on the primary mx.
However, the message fails to go to the primary mx. In the backup mx
server log, I notice that the rcpt-to field has been set to the
m...@gmail.com address instead of the m...@example.org so this would
explain why the relay to the primary ultimately fails. What am I doing
wrong?
Thanks,
Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Kudos
I have to give kudos to Gilles and his team for the truly fantastic changes that were made to the forthcoming new release of OpenSMTPD. The splitting of the action and match parts have made it easier to configure and troubleshoot. Furthermore, on restarting the daemon, whatever was queued simply picks up right where it left off in the delivery process. If you aren't using it in production now, it's certainly safe to do so and I high recommend doing it. This way you'll be ready for OpenBSD 6.4. Please test and help out! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Using an MDA
Hello list,
I've made a lot of progress and everything basically works. However,
when I try to implement spam checking I get an error that states only
one command is allowed. Here is the action that is not working.
action "domain" mda "/usr/local/bin/rspamc -h
/var/run/rspamd/rspamd.sock --mime \
--exec \"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d
%{dest} -a %{rcpt}\""
Basically what rspamc does is pass the message to the spam checker,
rspamd, and then to the dovecot lda for final delivery. The error is
as follows:
Jun 29 18:40:41 panther smtpd[37961]: mda
event=delivery evpid=a7a904a33bc40956 from=
to= rcpt=
user=vmail delay=6m result=TempFail stat=Error ("mail.mda: mail.mda:
only one command is supported")
Thanks again,
Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
OpenSMTPD 6.4.0
Hello list, I have decided to test out the latest version of OpenSMTPD and for the most part it is working well. Incoming emails are handled properly. However, I cannot send emails to anyone outside of my server and I am having trouble determining why. Below is my smtpd.conf file: pki mail cert "/etc/ssl/mail.crt" pki mail key "/etc/ssl/private/mail.key" table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table credentials file:/etc/mail/credentials table virtuals file:/etc/mail/virtuals table secrets file:/etc/mail/secrets # Listeners # listen on lo0 listen on lo0 port 10028 tag DKIM listen on egress tls pki mail hostname "mail.blackcatenterprises.co" listen on egress port submission tls-require pki mail \ hostname "mail.blackcatenterprises.co" # Actions # action "local" mbox alias action "domains" lmtp "/var/dovecot/lmtp" rcpt-to virtual action "dkim" relay host smtp://127.0.0.1:10027 action "outbound" relay host tls+auth://mail...@in-v3.mailjet.com:587 \ auth # Matches # match for local action "local" match from any for domain action "domains" match tag DKIM action "outbound" match for any action "dkim" When I try to send an email message to myself, I get the following error: Jun 28 18:44:47 panther smtpd[30423]: ad8e51d16395db47 smtp event=failed-command address=192.168.1.1 host=FIOS_Quantum_Gateway.fios-router.home command="RCPT TO:< matt.schwart...@gmail.com>" result="550 Invalid recipient" Any help would be greatly appreciated. Thanks, Matt
subscribe misc
subscribe misc -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
