Setting personal mailserver
I'm facing an issue similar to a person a while ago available on archive. I use alpine, and the conf is as below table aliases file:/etc/smtpd/aliases listen on eth0 action "local" maildir alias action "relay" relay match from any for domain "mydomain.com" action "local" match for local action "local" match from local for any action "relay" DNS -- mail.mydomain.com. MX 10 mydomain.com.-- smtpd is running and when I send a mail to u...@mydomain.com or u...@mail.mydomain.com There is nothing in the mailbox. Thanking you Sagar Acharya https://humaaraartha.in
Re: Setting personal mailserver
How do I do that? What CLI tool do I use? While starting the daemon, the configuration is OK as given in prompt. With the DNS configuration I have, where can I send a mail, at u...@mydomain.com or at u...@mail.mydomain.com ? Thanking you Sagar Acharya https://humaaraartha.in 31 Aug 2023, 01:06 by stu...@gathman.org: > > > On Wed, 30 Aug 2023, Sagar Acharya wrote: > >> I'm facing an issue similar to a person a while ago available on >> archive. I use alpine, and the conf is as below >> >> There is nothing in the mailbox. >> > > Are you looking with alpine, or with CLI tools like ls? Use CLI tools > to check that you've configured smtpd to store incoming mail where you > think you have. > > I go so far as to use raw IPv6 for personal mailbox on various overlay > mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated > IPs independent of any ISP). I just caught up with an online > friend that moved from Hawaii to New York. Still works despite changes > in ISP and ICANN domains. >
Re: Setting personal mailserver
I got a mail, which lies in Maildir, however no mailbox is configured. Is there a default mailbox in alpine and how do I access the mail contents in ~/Maildir My mails are under ~/Maildir/new/ Also, how do I whitelist email ids, say, I want mails only from f...@bar.com f...@bar2.com f...@bar3.com That's it, no other mails. Thanking you Sagar Acharya https://humaaraartha.in 1 Sept 2023, 12:42 by sagaracha...@tutanota.com: > How do I do that? What CLI tool do I use? > > While starting the daemon, the configuration is OK as given in prompt. > > With the DNS configuration I have, where can I send a mail, at > u...@mydomain.com or at u...@mail.mydomain.com ? > > Thanking you > Sagar Acharya > https://humaaraartha.in > > > > 31 Aug 2023, 01:06 by stu...@gathman.org: > >> >> >> On Wed, 30 Aug 2023, Sagar Acharya wrote: >> >>> I'm facing an issue similar to a person a while ago available on >>> archive. I use alpine, and the conf is as below >>> >>> There is nothing in the mailbox. >>> >> >> Are you looking with alpine, or with CLI tools like ls? Use CLI tools >> to check that you've configured smtpd to store incoming mail where you >> think you have. >> >> I go so far as to use raw IPv6 for personal mailbox on various overlay >> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated >> IPs independent of any ISP). I just caught up with an online >> friend that moved from Hawaii to New York. Still works despite changes >> in ISP and ICANN domains. >>
Re: Setting personal mailserver
I used mutt for accessing mail. I still am unable to send mail using my server. I can receive mails. I also completed the whitelist. How can I do this? I want to allow access only upto 25MB attachments from whitelisted emails and allow only 1email (only text based) per day from non-whitelisted emails. How do I do that? How do I limit overall size of mailbox and auto-delete old mails? Thanking you Sagar Acharya https://humaaraartha.in 1 Sept 2023, 14:04 by tphil...@potion-studios.com: > From the doc (smtpd.conf(5)): > > maildir [pathname [junk]] > Deliver the message to the maildir in pathname if > specified, or by default to ~/Maildir. > > So given your config, you seem to get exactly what you configured. > > For your "whitelist", create the match rules for your domains, and for > everything else use a reject rule at the end. > > > > > On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote: > >> I got a mail, which lies in Maildir, however no mailbox is configured. Is >> there a default mailbox in alpine and how do I access the mail contents in >> >> ~/Maildir >> >> My mails are under >> >> ~/Maildir/new/ >> >> Also, how do I whitelist email ids, say, I want mails only from >> >> f...@bar.com >> f...@bar2.com >> f...@bar3.com >> >> That's it, no other mails. >> Thanking you >> Sagar Acharya >> https://humaaraartha.in >> >> >> >> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com: >> >>> How do I do that? What CLI tool do I use? >>> >>> While starting the daemon, the configuration is OK as given in prompt. >>> >>> With the DNS configuration I have, where can I send a mail, at >>> u...@mydomain.com or at u...@mail.mydomain.com ? >>> >>> Thanking you >>> Sagar Acharya >>> https://humaaraartha.in >>> >>> >>> >>> 31 Aug 2023, 01:06 by stu...@gathman.org: >>> >>>> >>>> >>>> On Wed, 30 Aug 2023, Sagar Acharya wrote: >>>> >>>>> I'm facing an issue similar to a person a while ago available on archive. >>>>> I use alpine, and the conf is as below >>>>> >>>>> There is nothing in the mailbox. >>>>> >>>> >>>> Are you looking with alpine, or with CLI tools like ls? Use CLI tools to >>>> check that you've configured smtpd to store incoming mail where you think >>>> you have. >>>> >>>> I go so far as to use raw IPv6 for personal mailbox on various overlay >>>> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs >>>> independent of any ISP). I just caught up with an online friend that >>>> moved from Hawaii to New York. Still works despite changes in ISP and >>>> ICANN domains. >>>>
Re: Setting personal mailserver
To enable being able to send mails from my server, I added tls certs. Now when I send from this email id to u...@mydomain.com , I get the error below. 530 5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL FROM command) Since STARTTLS is working on 25, I think things should go smoothly but it isn't so. Please help. Thanking you Sagar Acharya https://humaaraartha.in 1 Sept 2023, 20:52 by sagaracha...@tutanota.com: > I used mutt for accessing mail. I still am unable to send mail using my > server. I can receive mails. > > I also completed the whitelist. How can I do this? > > I want to allow access only upto 25MB attachments from whitelisted emails and > allow only 1email (only text based) per day from non-whitelisted emails. How > do I do that? > > How do I limit overall size of mailbox and auto-delete old mails? > > Thanking you > Sagar Acharya > https://humaaraartha.in > > > > 1 Sept 2023, 14:04 by tphil...@potion-studios.com: > >> From the doc (smtpd.conf(5)): >> >> maildir [pathname [junk]] >> Deliver the message to the maildir in pathname if >> specified, or by default to ~/Maildir. >> >> So given your config, you seem to get exactly what you configured. >> >> For your "whitelist", create the match rules for your domains, and for >> everything else use a reject rule at the end. >> >> >> >> >> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote: >> >>> I got a mail, which lies in Maildir, however no mailbox is configured. Is >>> there a default mailbox in alpine and how do I access the mail contents in >>> >>> ~/Maildir >>> >>> My mails are under >>> >>> ~/Maildir/new/ >>> >>> Also, how do I whitelist email ids, say, I want mails only from >>> >>> f...@bar.com >>> f...@bar2.com >>> f...@bar3.com >>> >>> That's it, no other mails. >>> Thanking you >>> Sagar Acharya >>> https://humaaraartha.in >>> >>> >>> >>> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com: >>> >>>> How do I do that? What CLI tool do I use? >>>> >>>> While starting the daemon, the configuration is OK as given in prompt. >>>> >>>> With the DNS configuration I have, where can I send a mail, at >>>> u...@mydomain.com or at u...@mail.mydomain.com ? >>>> >>>> Thanking you >>>> Sagar Acharya >>>> https://humaaraartha.in >>>> >>>> >>>> >>>> 31 Aug 2023, 01:06 by stu...@gathman.org: >>>> >>>>> >>>>> >>>>> On Wed, 30 Aug 2023, Sagar Acharya wrote: >>>>> >>>>>> I'm facing an issue similar to a person a while ago available on >>>>>> archive. I use alpine, and the conf is as below >>>>>> >>>>>> There is nothing in the mailbox. >>>>>> >>>>> >>>>> Are you looking with alpine, or with CLI tools like ls? Use CLI tools to >>>>> check that you've configured smtpd to store incoming mail where you think >>>>> you have. >>>>> >>>>> I go so far as to use raw IPv6 for personal mailbox on various overlay >>>>> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated IPs >>>>> independent of any ISP). I just caught up with an online friend that >>>>> moved from Hawaii to New York. Still works despite changes in ISP and >>>>> ICANN domains. >>>>>
Re: Setting personal mailserver
I made some progress. I am able to receive mails now but when I send mail from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get, result="TempFail" stat="Network error on destination MXs" smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out: Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling route [] <-> 81.3.6.165 (w4.tutanota.de) mta error reason=Connection timeout DNS mydomain.com. 86400 IN MX 10 mail.mydomain.com. Thanking you Sagar Acharya https://humaaraartha.in 2 Sept 2023, 05:45 by bub...@live.de: > Hello, pls show your config file. > > Mit freundlichen Grüßen, V.Bubnov > >> 01.09.2023, в 21:43, Sagar Acharya написал(а): >> >> To enable being able to send mails from my server, I added tls certs. >> >> Now when I send from this email id to u...@mydomain.com , I get the error >> below. >> >> 530 >> 5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL >> FROM command) >> >> Since STARTTLS is working on 25, I think things should go smoothly but it >> isn't so. Please help. >> Thanking you >> Sagar Acharya >> https://humaaraartha.in >> >> >> >> 1 Sept 2023, 20:52 by sagaracha...@tutanota.com: >> >>> I used mutt for accessing mail. I still am unable to send mail using my >>> server. I can receive mails. >>> >>> I also completed the whitelist. How can I do this? >>> >>> I want to allow access only upto 25MB attachments from whitelisted emails >>> and allow only 1email (only text based) per day from non-whitelisted >>> emails. How do I do that? >>> >>> How do I limit overall size of mailbox and auto-delete old mails? >>> >>> Thanking you >>> Sagar Acharya >>> https://humaaraartha.in >>> >>> >>> >>> 1 Sept 2023, 14:04 by tphil...@potion-studios.com: >>> >>>> From the doc (smtpd.conf(5)): >>>> >>>> maildir [pathname [junk]] >>>> Deliver the message to the maildir in pathname if >>>> specified, or by default to ~/Maildir. >>>> >>>> So given your config, you seem to get exactly what you configured. >>>> >>>> For your "whitelist", create the match rules for your domains, and for >>>> everything else use a reject rule at the end. >>>> >>>> >>>> >>>> >>>>> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote: >>>>> >>>>> I got a mail, which lies in Maildir, however no mailbox is configured. Is >>>>> there a default mailbox in alpine and how do I access the mail contents in >>>>> >>>>> ~/Maildir >>>>> >>>>> My mails are under >>>>> >>>>> ~/Maildir/new/ >>>>> >>>>> Also, how do I whitelist email ids, say, I want mails only from >>>>> >>>>> f...@bar.com >>>>> f...@bar2.com >>>>> f...@bar3.com >>>>> >>>>> That's it, no other mails. >>>>> Thanking you >>>>> Sagar Acharya >>>>> https://humaaraartha.in >>>>> >>>>> >>>>> >>>>> 1 Sept 2023, 12:42 by sagaracha...@tutanota.com: >>>>> >>>>>> How do I do that? What CLI tool do I use? >>>>>> >>>>>> While starting the daemon, the configuration is OK as given in prompt. >>>>>> >>>>>> With the DNS configuration I have, where can I send a mail, at >>>>>> u...@mydomain.com or at u...@mail.mydomain.com ? >>>>>> >>>>>> Thanking you >>>>>> Sagar Acharya >>>>>> https://humaaraartha.in >>>>>> >>>>>> >>>>>> >>>>>> 31 Aug 2023, 01:06 by stu...@gathman.org: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, 30 Aug 2023, Sagar Acharya wrote: >>>>>>> >>>>>>>> I'm facing an issue similar to a person a while ago available on >>>>>>>> archive. I use alpine, and the conf is as below >>>>>>>> >>>>>>>> There is nothing in the mailbox. >>>>>>>> >>>>>>> >>>>>>> Are you looking with alpine, or with CLI tools like ls? Use CLI tools >>>>>>> to check that you've configured smtpd to store incoming mail where you >>>>>>> think you have. >>>>>>> >>>>>>> I go so far as to use raw IPv6 for personal mailbox on various overlay >>>>>>> mesh vpns like Cjdns and Yggdrasil (giving you personal authenticated >>>>>>> IPs independent of any ISP). I just caught up with an online friend >>>>>>> that moved from Hawaii to New York. Still works despite changes in ISP >>>>>>> and ICANN domains. >>>>>>>
Re: Setting personal mailserver
Port 25 outgoing is blocked. You were correct. I swotched to port 465 with
config
action "relay" relay host smtps://mydomain.com
Such is the error message:
Again there is "Network error on destination MXs"
mta connecting address=smtps://{ipv4}:465 host={xyz}
mta error reason=IO Error: Connection refused
smtp-out: Disabling route [] <-> {ipv4} for 15s
smtp-out: No valid route for
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
DNS
mydomain.com MX 10 mydomain.com
Port 465 is perfectly open from ISP.
Thanking you
Sagar Acharya
https://humaaraartha.in
2 Sept 2023, 19:58 by tphil...@potion-studios.com:
> I tested all of the IPs from your output, and all of them listen on port 25
> and a smtp server is answering. So if you are relaying to those via port 25,
> and you get a network error (I guess a timeout), then I guess your outgoing
> port 25 is blocked. This is relatively common with residential uplinks, ask
> your ISP to open port 25 for you.
>
> That said... I'm only guessing here.
>
>
> On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:
>
>> I made some progress. I am able to receive mails now but when I send mail
>> from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,
>>
>> result="TempFail" stat="Network error on destination MXs"
>> smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out:
>> Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling
>> route [] <-> 81.3.6.165 (w4.tutanota.de)
>> mta error reason=Connection timeout
>>
>>
>> DNS
>>
>> mydomain.com. 86400 IN MX 10 mail.mydomain.com.
>>
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 2 Sept 2023, 05:45 by bub...@live.de:
>>
>>> Hello, pls show your config file.
>>>
>>> Mit freundlichen Grüßen, V.Bubnov
>>>
>>>> 01.09.2023, в 21:43, Sagar Acharya написал(а):
>>>>
>>>> To enable being able to send mails from my server, I added tls certs.
>>>>
>>>> Now when I send from this email id to u...@mydomain.com , I get the error
>>>> below.
>>>>
>>>> 530
>>>> 5.5.1 Invalid command: Must issue an AUTH command first (in reply to MAIL
>>>> FROM command)
>>>>
>>>> Since STARTTLS is working on 25, I think things should go smoothly but it
>>>> isn't so. Please help. Thanking you
>>>> Sagar Acharya
>>>> https://humaaraartha.in
>>>>
>>>>
>>>>
>>>> 1 Sept 2023, 20:52 by sagaracha...@tutanota.com:
>>>>
>>>>> I used mutt for accessing mail. I still am unable to send mail using my
>>>>> server. I can receive mails.
>>>>>
>>>>> I also completed the whitelist. How can I do this?
>>>>>
>>>>> I want to allow access only upto 25MB attachments from whitelisted emails
>>>>> and allow only 1email (only text based) per day from non-whitelisted
>>>>> emails. How do I do that?
>>>>>
>>>>> How do I limit overall size of mailbox and auto-delete old mails?
>>>>>
>>>>> Thanking you
>>>>> Sagar Acharya
>>>>> https://humaaraartha.in
>>>>>
>>>>>
>>>>>
>>>>> 1 Sept 2023, 14:04 by tphil...@potion-studios.com:
>>>>>
>>>>>> From the doc (smtpd.conf(5)):
>>>>>>
>>>>>> maildir [pathname [junk]]
>>>>>> Deliver the message to the maildir in pathname if
>>>>>> specified, or by default to ~/Maildir.
>>>>>>
>>>>>> So given your config, you seem to get exactly what you configured.
>>>>>>
>>>>>> For your "whitelist", create the match rules for your domains, and for
>>>>>> everything else use a reject rule at the end.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Fri, Sep 01, 2023 at 09:59:31AM +0200, Sagar Acharya wrote:
>>>>>>>
>>>>>>> I got a mail, which lies in Maildir, however no mailbox is configured.
>>>>>>> Is there a default mailbox in alpine and how do I access the mail
>>>>>>> contents in
>>>>>>>
>>>>>>> ~/Maildir
>>>>>>>
>>
Re: Setting personal mailserver
I have set spf records, TXT as follows:
"v=spf1 ipv4:{myipv4address} -all"
You can dig them at humaaraartha.in
Everything looks spick and span and the error of
smtp-out: No valid route for
[connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
still remains.
Thanking you
Sagar Acharya
https://humaaraartha.in
3 Sept 2023, 16:45 by s...@gamindustri.fr:
> Hello,
>
> Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314,
> it's even the recommended way to use Submissions as STARTTLS (mostly used on
> tcp/587) is a security nightmare.
>
> More details in this PR i made two months ago :
> https://github.com/stalwartlabs/website/pull/1#issue-1812289068
>
> Jarod G.
>
> Le 03/09/2023 à 00:26, Reio Remma a écrit :
>
>> Port 465 is the deprecated SMTPS submission port, you can't send mail to
>> that.
>>
>> If you're trying to send out e-mail from a residential IP (even with an
>> unblocked outoing port 25), you'll find more problems e.g. receiving servers
>> not accepting your e-mails because of your IP having no FCrDNS etc.
>>
>> Good luck
>> Reio
>>
>> On 02.09.2023 21:56, Sagar Acharya wrote:
>>
>>> Port 25 outgoing is blocked. You were correct. I swotched to port 465 with
>>> config
>>>
>>> action "relay" relay host smtps://mydomain.com
>>>
>>> Such is the error message:
>>> Again there is "Network error on destination MXs"
>>>
>>> mta connecting address=smtps://{ipv4}:465 host={xyz}
>>> mta error reason=IO Error: Connection refused
>>> smtp-out: Disabling route [] <-> {ipv4} for 15s
>>> smtp-out: No valid route for
>>> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>>>
>>> DNS
>>>
>>> mydomain.com MX 10 mydomain.com
>>> Port 465 is perfectly open from ISP.
>>> Thanking you
>>> Sagar Acharya
>>> https://humaaraartha.in
>>>
>>>
>>>
>>> 2 Sept 2023, 19:58 by tphil...@potion-studios.com:
>>>
>>>> I tested all of the IPs from your output, and all of them listen on port
>>>> 25 and a smtp server is answering. So if you are relaying to those via
>>>> port 25, and you get a network error (I guess a timeout), then I guess
>>>> your outgoing port 25 is blocked. This is relatively common with
>>>> residential uplinks, ask your ISP to open port 25 for you.
>>>>
>>>> That said... I'm only guessing here.
>>>>
>>>>
>>>> On Sat, Sep 02, 2023 at 03:52:37PM +0200, Sagar Acharya wrote:
>>>>
>>>>> I made some progress. I am able to receive mails now but when I send mail
>>>>> from u...@mydomain.com to sagaracha...@tutanota.com using mutt , I get,
>>>>>
>>>>> result="TempFail" stat="Network error on destination MXs"
>>>>> smtp-out: Enabling route [] <-> 81.3.6.162 (w1.tutanota.de) smtp-out:
>>>>> Enabling route [] <-> 185.205.69.211 (185.205.69.211) smtp-out: Enabling
>>>>> route [] <-> 81.3.6.165 (w4.tutanota.de)
>>>>> mta error reason=Connection timeout
>>>>>
>>>>>
>>>>> DNS
>>>>>
>>>>> mydomain.com. 86400 IN MX 10 mail.mydomain.com.
>>>>>
>>>>> Thanking you
>>>>> Sagar Acharya
>>>>> https://humaaraartha.in
>>>>>
>>>>>
>>>>>
>>>>> 2 Sept 2023, 05:45 by bub...@live.de:
>>>>>
>>>>>> Hello, pls show your config file.
>>>>>>
>>>>>> Mit freundlichen Grüßen, V.Bubnov
>>>>>>
>>>>>>> 01.09.2023, в 21:43, Sagar Acharya
>>>>>>> написал(а):
>>>>>>>
>>>>>>> To enable being able to send mails from my server, I added tls certs.
>>>>>>>
>>>>>>> Now when I send from this email id to u...@mydomain.com , I get the
>>>>>>> error below.
>>>>>>>
>>>>>>> 530
>>>>>>> 5.5.1 Invalid command: Must issue an AUTH command first (in reply to
>>>>>>> MAIL FROM command)
>>>>>>>
>>>>>>> Since STARTTLS is working on 25, I think things should go smoothly but
>>>>>
Re: Setting personal mailserver
I checked all network settings. They are perfect. Here is my conf below
exactly. There's some issue with it.
== smtpd.conf ==
table aliases file:/etc/smtpd/aliases
table whitelist file:/etc/smtpd/whitelist
pki humaaraartha.in cert "path_to_fullchain"
pki humaaraartha.in key "path_to_privkey"
listen on 0.0.0.0 tls pki humaaraartha.in
listen on 0.0.0.0 smtps pki humaaraartha.in
action "local" maildir alias
action "relay" relay host "smtps://humaaraartha.in" mail-from "@humaaraartha.in"
match from mail-from for domain "humaaraartha.in" action "local"
match for any action "relay"
match for local action local
#match from any reject
=
== whitelist =
sagaracha...@tutanota.com
anotherm...@gmail.com===
Network error on destination MXs.
I cannot send mails. I can receive them.
Thanking you
Sagar Acharya
https://humaaraartha.in
3 Sept 2023, 22:26 by alex.misc...@web.de:
> Hello Sagar,
>
>
> is the port reachable from your system? Check with netcat:
>
>
> nc -v mydomain.com 465
>
>
>
> Is the certificate chain complete and are you trusting the root CA?
> Verify with openssl:
>
>
> openssl s_client -connect mydomain.com:465
>
>
>
> (I assume "mydomain.com" is the anonymized form of your actual domain)
>
>
>
>
> Also, as has been requested before: If people here offer their help you
> should at least be posting your smtpd.conf file
>
>
>
> Kind regards,
>
>
> Alex
>
>
>
>
> On 03.09.23 16:00, Sagar Acharya wrote:
>
>> I have set spf records, TXT as follows:
>>
>> "v=spf1 ipv4:{myipv4address} -all"
>>
>> You can dig them at humaaraartha.in
>>
>> Everything looks spick and span and the error of
>>
>> smtp-out: No valid route for
>> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>>
>> still remains.
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>>
>>
>> 3 Sept 2023, 16:45 by s...@gamindustri.fr:
>>
>>> Hello,
>>>
>>> Port 465 with implicit TLS for Submissions isn't outdated since RFC 8314,
>>> it's even the recommended way to use Submissions as STARTTLS (mostly used
>>> on tcp/587) is a security nightmare.
>>>
>>> More details in this PR i made two months ago :
>>> https://github.com/stalwartlabs/website/pull/1#issue-1812289068
>>>
>>> Jarod G.
>>>
>>> Le 03/09/2023 à 00:26, Reio Remma a écrit :
>>>
>>>> Port 465 is the deprecated SMTPS submission port, you can't send mail to
>>>> that.
>>>>
>>>> If you're trying to send out e-mail from a residential IP (even with an
>>>> unblocked outoing port 25), you'll find more problems e.g. receiving
>>>> servers not accepting your e-mails because of your IP having no FCrDNS etc.
>>>>
>>>> Good luck
>>>> Reio
>>>>
>>>> On 02.09.2023 21:56, Sagar Acharya wrote:
>>>>
>>>>> Port 25 outgoing is blocked. You were correct. I swotched to port 465
>>>>> with config
>>>>>
>>>>> action "relay" relay host smtps://mydomain.com
>>>>>
>>>>> Such is the error message:
>>>>> Again there is "Network error on destination MXs"
>>>>>
>>>>> mta connecting address=smtps://{ipv4}:465 host={xyz}
>>>>> mta error reason=IO Error: Connection refused
>>>>> smtp-out: Disabling route [] <-> {ipv4} for 15s
>>>>> smtp-out: No valid route for
>>>>> [connector:[]->[relay:mydomain.com,port=465,smtps,mx],0x0]
>>>>>
>>>>> DNS
>>>>>
>>>>> mydomain.com MX 10 mydomain.com
>>>>> Port 465 is perfectly open from ISP.
>>>>> Thanking you
>>>>> Sagar Acharya
>>>>> https://humaaraartha.in
>>>>>
>>>>>
>>>>>
>>>>> 2 Sept 2023, 19:58 by tphil...@potion-studios.com:
>>>>>
>>>>>> I tested all of the IPs from your output, and all of them listen on port
>>>>>> 25 and a smtp server is answering. So if you are relaying to those via
>>>>>> port 25, and you get a network error (I guess a timeout), then I guess
>>>>>> your outgoing port 25 is blocked. This is relatively common with
>>>>>>
Re: Setting personal mailserver
So what's the solution? I have a public ip. Can you suggest an edit? Thanking you Sagar Acharya https://humaaraartha.in 7 Sept 2023, 00:43 by archa...@activis.me: > Hi, > > Le 06/09/2023 à 22:40, Sagar Acharya a écrit : > >> I checked all network settings. They are perfect. Here is my conf below >> exactly. There's some issue with it. >> >> == smtpd.conf == >> table aliases file:/etc/smtpd/aliases >> table whitelist file:/etc/smtpd/whitelist >> >> pki humaaraartha.in cert "path_to_fullchain" >> pki humaaraartha.in key "path_to_privkey" >> >> listen on 0.0.0.0 tls pki humaaraartha.in >> listen on 0.0.0.0 smtps pki humaaraartha.in >> >> action "local" maildir alias >> action "relay" relay host "smtps://humaaraartha.in" mail-from >> "@humaaraartha.in" >> > > This line cannot work. You are asking to relay outgoing emails to your own > server (host is the destination host — Jarod just linked the doc while I was > writing). They won’t go anywhere. You cannot workaround port 25 being blocked > by using another port, else port 25 would not be blocked anywhere. You have > to use an external relay that will accept submission from you on port 465 > (smtps) or 587 (submission) and then relay on port 25 to the world. That will > likely have to be one you have an account on (gmail or tutatnota). > > Regards. >
Re: Setting personal mailserver
Or maybe we can simplify mail systems more. If mail, a system used to send messages across computers cannot work on "residential" IPs, then we can make it work on "residential" network since most nodes are "residential". You can look at. humaaraartha.in. TXT And you'll find spf records there. Maybe it's just time to say, reduce the requirements of mail hosting to just static ip and DNS in a world where most don't even have a static ip! Thanking you Sagar Acharya https://humaaraartha.in P.S. I see that you're talking substance and truth to some extent but discarding residential IPs and this need for reverse dns is outrageous! What is the point of reverse DNS in today's world? 7 Sept 2023, 14:25 by archa...@activis.me: > Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP. > > So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also > https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/, > and get a better understanding of SMTP/MTA requirements. > > A public IP is not enough, it has to be not residential or at least you of > course need port 25 to be open towards the world, which is not your case, and > you also need to be able to set the reverse for it, while currently > > humaaraartha.in. IN A 182.59.136.243 > > but > > 243.136.59.182.in-addr.arpa. IN PTR > static-mum-182.59.136.243.mtnl.net.in. > > And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that > reverse. > > So back to our options : either get a VPS or dedicated server somewhere that > allow port 25 and setting reverse, or use an email service provider that > would allow you to relay emails. > > Actually I’m not even sure that your available SMTP options (Tutanota/GMail) > would allow sending with an arbitrary MAIL FROM (i.e. one that is not > @tutanota.tld or @gmail.com), and as I don’t have an account on either I > cannot test that. So you would have to look into > https://man.openbsd.org/smtpd.conf#host and > https://man.openbsd.org/smtpd.conf#auth, and check whether any of your email > providers allow you to send email as @humaaraartha.in (and then you might > want to provide SPF records allowing them to do so). > > Regards. > > Le 06/09/2023 à 23:40, Sagar Acharya a écrit : > >> So what's the solution? I have a public ip. Can you suggest an edit? >> Thanking you >> Sagar Acharya >> https://humaaraartha.in >> >> >> >> 7 Sept 2023, 00:43 by archa...@activis.me: >> >>> Hi, >>> >>> Le 06/09/2023 à 22:40, Sagar Acharya a écrit : >>> >>>> I checked all network settings. They are perfect. Here is my conf below >>>> exactly. There's some issue with it. >>>> >>>> == smtpd.conf == >>>> table aliases file:/etc/smtpd/aliases >>>> table whitelist file:/etc/smtpd/whitelist >>>> >>>> pki humaaraartha.in cert "path_to_fullchain" >>>> pki humaaraartha.in key "path_to_privkey" >>>> >>>> listen on 0.0.0.0 tls pki humaaraartha.in >>>> listen on 0.0.0.0 smtps pki humaaraartha.in >>>> >>>> action "local" maildir alias >>>> action "relay" relay host "smtps://humaaraartha.in" mail-from >>>> "@humaaraartha.in" >>>> >>> This line cannot work. You are asking to relay outgoing emails to your own >>> server (host is the destination host — Jarod just linked the doc while I >>> was writing). They won’t go anywhere. You cannot workaround port 25 being >>> blocked by using another port, else port 25 would not be blocked anywhere. >>> You have to use an external relay that will accept submission from you on >>> port 465 (smtps) or 587 (submission) and then relay on port 25 to the >>> world. That will likely have to be one you have an account on (gmail or >>> tutatnota). >>> >>> Regards. >>>
Re: Setting personal mailserver
In today's times of mature NLP, you will not be able to differentiate human mail from bot mail or spam. Only in person verification is trustworthy. No. Are you saying that only people who control the network should send mails? Well DNS exactly is for that. If you find I send spams, you can easily easily block mails from my domain humaaraartha.in but it is not wise nor ethical to by default not allow people to mail. That issue lies because hardware is not mapped to people. There is no technological solution for trust hopping between machines. ssh should be discouraged and each machine, denoted by single IP address should be mapped to a human. So humaaraartha.in is run by Sagar Acharya. My configuration of whitelisting does exactly that. In today's world where each grain can potentially have an IPv6, I accept requests only from whitelist or at the very least accept from everyone and prioritize the whitelist. Well, what action should be implemented for sending emails. I don't get a sending action. I have changed conf to action "send" relay helo humaaraartha.inmatch from any for any action "send" Thanking you Sagar Acharya https://humaaraartha.in 7 Sept 2023, 14:53 by archa...@activis.me: > This is not the 80–90’s anymore. Internet is not a friendly place, and the > bulk of emails sent today are spams. So most actors are leveraging everything > they can to reduce that, and a high entrance barrier to email sending is > definitively part of this plan. > > That’s why we have (fc)rDNS, SPF, DKIM… And regarding residential IPs, they > are hosts of the biggest botnets in the world, so residential ISP tend to > block port 25 outgoing by default to limit spam. Some provide you the option > to disable the port blocking, but very rare are those that allow you setting > the reverse. > > On my receiving ends (plural, I handle multiple email servers of various > sizes including some with thousands of users), cutting down non (fc)rDNS > compliant senders kills 99+% of spam attempts and I’ve never been reached by > someone having a false positive on that policy. I don’t see why anyone would > want to not have this amazing first layer fence. > > Regards. > > Le 07/09/2023 à 13:12, Sagar Acharya a écrit : > >> Or maybe we can simplify mail systems more. If mail, a system used to send >> messages across computers cannot work on "residential" IPs, then we can make >> it work on "residential" network since most nodes are "residential". You can >> look at. >> >> humaaraartha.in. TXT >> >> And you'll find spf records there. Maybe it's just time to say, reduce the >> requirements of mail hosting to just static ip and DNS in a world where most >> don't even have a static ip! >> Thanking you >> Sagar Acharya >> https://humaaraartha.in >> >> P.S. I see that you're talking substance and truth to some extent but >> discarding residential IPs and this need for reverse dns is outrageous! What >> is the point of reverse DNS in today's world? >> 7 Sept 2023, 14:25 by archa...@activis.me: >> >>> Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP. >>> >>> So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also >>> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/, >>> and get a better understanding of SMTP/MTA requirements. >>> >>> A public IP is not enough, it has to be not residential or at least you of >>> course need port 25 to be open towards the world, which is not your case, >>> and you also need to be able to set the reverse for it, while currently >>> >>> humaaraartha.in. IN A 182.59.136.243 >>> >>> but >>> >>> 243.136.59.182.in-addr.arpa. IN PTR >>> static-mum-182.59.136.243.mtnl.net.in. >>> >>> And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that >>> reverse. >>> >>> So back to our options : either get a VPS or dedicated server somewhere >>> that allow port 25 and setting reverse, or use an email service provider >>> that would allow you to relay emails. >>> >>> Actually I’m not even sure that your available SMTP options >>> (Tutanota/GMail) would allow sending with an arbitrary MAIL FROM (i.e. one >>> that is not @tutanota.tld or @gmail.com), and as I don’t have an account on >>> either I cannot test that. So you would have to look into >>> https://man.openbsd.org/smtpd.conf#host and >>> https://man.openbsd.org/smtpd.conf#auth, and
Re: Setting personal mailserver
I get you, I get you.
Let the mail providers have their setups. Is it possible to have a
configuration where I have 2 servers, example.com example2.com where I can send
and receive emails on ports say, 777 on plaintext, starttls optional and port
778 with smtps?
Give me a configuration for such a thing.
humaaraartha.in. TXT "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in. TXT "resports:777,778"humaaraartha.in.
humaaraartha.in. MX 10 humaaraartha.in.
humaaraartha.in. A {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and
recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV
records for detection of ports 777, 778 if you want.
Thanking you
Sagar Acharya
https://humaaraartha.in
7 Sept 2023, 15:33 by gil...@poolp.org:
> September 7, 2023 11:44 AM, "Sagar Acharya" wrote:
>
>> In today's times of mature NLP, you will not be able to differentiate human
>> mail from bot mail or
>> spam. Only in person verification is trustworthy.
>> No. Are you saying that only people who control the network should send
>> mails? Well DNS exactly is
>> for that. If you find I send spams, you can easily easily block mails from
>> my domain
>> humaaraartha.in but it is not wise nor ethical to by default not allow
>> people to mail.
>>
>> That issue lies because hardware is not mapped to people. There is no
>> technological solution for
>> trust hopping between machines. ssh should be discouraged and each machine,
>> denoted by single IP
>> address should be mapped to a human. So humaaraartha.in is run by Sagar
>> Acharya.
>>
>> My configuration of whitelisting does exactly that. In today's world where
>> each grain can
>> potentially have an IPv6, I accept requests only from whitelist or at the
>> very least accept from
>> everyone and prioritize the whitelist.
>>
>> Well, what action should be implemented for sending emails. I don't get a
>> sending action. I have
>> changed conf to
>>
>> action "send" relay helo humaaraartha.inmatch from any for any action "send"
>> Thanking you
>> Sagar Acharya
>> https://humaaraartha.in
>>
>
> As many people told you, domestic connections are no longer suitable for
> sending mail, wether you
> like it or not this is the actual state of the SMTP network and will remain
> like this because the
> big mailer corps control most of the e-mail address space and have decided
> so. If you ignore this
> then you'll be blocked from most recipients, you decide if it's acceptable
> for you.
>
>
> Then, if you're domestic connection has outgoing port 25 filtered, you can't
> work around this and
> need a relay host somewhere else that can accept mail on a different port
> with unfiltered port 25
> for outgoing trafic. You can't just switch to a different port and expect it
> to work this shows a
> misunderstanding of how networking, internet and SMTP works.
>
> There's nothing that can be changed in your config that will fix this because
> the problem isn't a
> configuration issue but an issue with understanding both what you're allowed
> and trying to do.
>
Re: Setting personal mailserver
Thank you Stuart. That is very helpful.
SRV records would get port, like
https://xmpp.org/extensions/xep-0368.html
The logic would be like, say there is opensmtpd on the other server too.
dig _mail._smtp.humaaraartha.in. SRV
get_port_from_SRV()
if found_different_port() try_port()
else try_25()
Caching can also be done for future requests.
> You and I are small fish. I've been mucking around with mail servers pretty
> much this whole century so far.
OpenBSD and suckless are moving forward and providing solutions. Which
mailserver do you use? If we can establish that any software be run on any
port, then blocking ports won't make sense. Besides, they can block any domains
and they already do if they find spam there. SPAM is just an excuse.
Thanking you
Sagar Acharya
https://humaaraartha.in
8 Sept 2023, 03:55 by stua...@longlandclan.id.au:
> On 7/9/23 20:44, Sagar Acharya wrote:
>
>> Let the mail providers have their setups. Is it possible to have a
>> configuration where I have 2 servers, example.com example2.com where I can
>> send and receive emails on ports say, 777 on plaintext, starttls optional
>> and port 778 with smtps?
>>
>> Give me a configuration for such a thing.
>>
>> humaaraartha.in. TXT "v=spf1 ipv4:{myipv4address} -all"
>> humaaraartha.in. TXT "resports:777,778"
>>
> humaaraartha.in. humaaraartha.in. MX 10 humaaraartha.in.
>
>> humaaraartha.in. A {myipv4address}
>> That is all you have, nothing more for both servers. Can you help me send
>> and recieve mails on ports 777,778 with just above DNS and smtpd? I can add
>> SRV records for detection of ports 777, 778 if you want.
>>
>
> Okay, not quite sure what the "resports" TXT record is achieving (a quick
> search on the topic didn't reveal any documentation on how it was supposed to
> work or correct syntax). I won't labour the point about outgoing port 25
> traffic since others have covered this already.
>
> You can of course use different ports between servers on an agreed-upon
> manner. e.g. say we have a server, bnemx.vk4msl.com, running OpenSMTPD:
>
>> vk4msl-bne# cat /etc/mail/smtpd.conf
>> # $OpenBSD:
>> smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
>>
>> # This is the smtpd server system-wide configuration file.
>> # See smtpd.conf(5) for more information.
>>
>> #table aliases file:/etc/mail/aliases
>> table virtualdomains file:/etc/mail/virtualdomains
>> table virtualusers file:/etc/mail/virtualusers
>>
>> pki bnemx cert "/etc/ssl/bnemx.vk4msl.com.fullchain.pem"
>> pki bnemx key "/etc/ssl/private/bnemx.vk4msl.com.key"
>> pki bnemx dhe auto
>>
>> listen on socket
>> listen on all tls pki bnemx
>>
> … etc, I won't post the full config.
>
> Those `listen` lines are the key, from smtpd.conf manpage:
>
>> listen on interface [family] [options]
>> Listen on the interface for incoming connections, using the same
>> syntax as ifconfig(8). The interface parameter may also be an
>> interface group, an IP address, or a domain name. Listening can
>> optionally be restricted to a specific address family, which can
>> be either inet4 or inet6.
>>
>
> In amongst the options:
>
>> port [port]
>> Listen on the given port instead of the default port 25.
>>
>
> So if I chose to, I could add:
>
> listen on all port 777
>
> and then re-start smtpd, I'd now be listening on port 777.
>
> You could then tell your SMTP server to send to port 777 when sending to my
> domain.
>
> But doing so would be useless:
> - no one else would bother using port 777/tcp: they would most likely use
> port 25
> - you wouldn't be able to send to any other server, unless they too, chose to
> use port 777/tcp.
>
> If you have a good proposal for how such alternative ports could be
> advertised (maybe via DNS TXT record), perhaps you could propose that as a
> Request For Comment to the Internet Engineering Task Force… and maybe if
> enough people thought it was a good idea, it would be adopted with its own
> official RFC number (like RFC-821, later replaced by RFC-2821 and RFC-5321).
>
> That though, won't mean instant ability to pick your own port number. The
> "alternate port number" feature would then need to be added to the various
> SMTP servers out there. Then sysadmins would need to install that version.
>
> This may take years, or even never happen in some cases.
Filtering attachments
How do I reject all emails with attachments by using an opensmtpd filter? At what step do I set the filter? rcpt-to, data, or commit step? Any tutorials are appreciated. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html
Re: Filtering attachments
Are there such tutorials in Lua? filter keep proc-exec /path/to/script.lua With above configuration, how does the script run? How is mail input given to it? At what step can I get size of attachments without downloading them. if sizeof_attach(mail)>0 return 0; Does it work like cgi, i.e. standard output? Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html 14 Oct 2023, 18:52 by kolip...@exoticsilicon.com: > On Sat, Oct 14, 2023 at 03:06:11PM +0200, Sagar Acharya wrote: > >> How do I reject all emails with attachments by using an opensmtpd filter? >> > > You need to parse the content of the emails using the data-line filter event. > > You'll probably want to check the headers for Mime-Version: and Content-Type:. > > If the message is indeed Mime encoded then look in the message body for the > Content-Type: header again, and decide whether to pass it or reject it. > > (You might want to pass some attachments such as plain text or text/html, and > reject all others.) > >> At what step do I set the filter? rcpt-to, data, or commit step? >> > > You will need to parse several events, probably at least: > > link-connect > link-disconnect > data-line > > and maybe others. > >> Any tutorials are appreciated. >> > > If you want a general tutorial about writing filters in C, you could look at: > > https://research.exoticsilicon.com/articles/mail_filters > > Some of the content is applicable to other programming languages too, but the > tutorial is based on programming in C. >
Re: Issue when relaying one smtpd to another with tls
If node B is not connected to internet, it will simply not do anything. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html 15 Oct 2023, 14:47 by s...@gamindustri.fr: > Hello, > > I have two smtpd nodes, i'll call them A and B. > > Node A is exposed to internet, Node B is not and is relaying everything to > node A. > > The action line on node B looks like this : > >> action "send" relay host smtps://[some kind of ipv6] srs >> > > On Node A, i have a match for that "some kind of ipv6" that does a relay for > everything that comes from node B. > >> match from src [some kind of ipv6] action "send" >> action "send" relay srs >> > > However, for some unknown reason, the connection close immediately after > being opened due to this error : > >> Oct 15 11:09:22 compa smtpd[39586]: 764cc496537991dd smtp connected >> address=[some kind of ipv6] host= >> Oct 15 11:09:22 compa smtpd[39586]: 764cc496537991dd smtp disconnected >> reason="io-error: handshake failed: unexpected EOF" >> > > Is this a known bug? > > Regards, > > Jarod >
Example of smtpd-filters
Can you please help me with a sample script for accepting or rejecting mail in lua. Say there is myfilter.lua within /etc/smtpd/ Can one please help with a sample whose pseudocode goes like fetch(mail)if mailbody contains foo, reject, else if mailbody contains bar, accept. Such a sample script would help very much to support users write their own custom filters. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html
Re: Example of smtpd-filters
I'm simply unable to start. I have to know where to get the mail from, format of text, which process to give the return to, in what format, i.e. are there any standard return values for accept or reject mail. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html 20 Oct 2023, 23:47 by tphil...@potion-studios.com: > Post your script that you got so far, explain where you get stuck/confused, > and someone will probably be happy to help. > > > On Fri, Oct 20, 2023 at 02:05:13PM +0200, Sagar Acharya wrote: > >> Can you please help me with a sample script for accepting or rejecting mail >> in lua. >> >> Say there is myfilter.lua within /etc/smtpd/ >> >> Can one please help with a sample whose pseudocode goes like >> >> fetch(mail)if mailbody contains foo, reject, >> else if mailbody contains bar, accept. >> >> Such a sample script would help very much to support users write their own >> custom filters. Thanking you >> Sagar Acharya >> https://humaaraartha.in/selfdost/selfdost.html >>
Connecting client at 587
I am hosting with tls-require at port 587 listen on 0.0.0.0 tls-require port 587 pki pkname auth creds In creds, I have for user foo foo\t But when I authenticate using client Monocles mail, I get invalid username or password, with STARTTLS. Logs say smtp authentication user=foo result=permfail smtp failed-command command="AUTH PLAIN (...)" result="535 Authentication failed" What is the issue? Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html
Re: Connecting client at 587
Made progress. After correcting table as you said, now the authentication happens but the error is smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " This is with remote sending after connecting with smtp at port 587. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html 22 Oct 2023, 01:42 by tphil...@potion-studios.com: > I'm just guessing as you don't post your entire smtpd.conf: > > auth needs a table (in your case "creds", but it misses the <>), which you > have to define beforehand and point to your file via the "table" keyword. > > At the end of smtpd.conf(5) you have examples. > > > On Sat, Oct 21, 2023 at 09:07:04PM +0200, Sagar Acharya wrote: > >> I am hosting with tls-require at port 587 >> >> listen on 0.0.0.0 tls-require port 587 pki pkname auth creds >> >> In creds, I have for user foo >> >> foo\t >> >> But when I authenticate using client Monocles mail, I get invalid username >> or password, with STARTTLS. >> >> Logs say >> >> smtp authentication user=foo result=permfail >> smtp failed-command command="AUTH PLAIN (...)" result="535 Authentication >> failed" >> >> What is the issue? >> >> >> Thanking you >> Sagar Acharya >> https://humaaraartha.in/selfdost/selfdost.html >>
Mail not delivered, permission denied
https://github.com/OpenSMTPD/OpenSMTPD/issues/1200 I am facing the issue above exactly as it is. What is smtpd, and smtpq wrt users. I have given all permissions and added them to mail group but still I cannot remove the error msgs. Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html
