log subject of mail in maillog
Hello, I was wondering with OpenSMTPD if it is possible to log the subject of the mail in the maillog? Currently the from/to are being logged and I wanted to also log the subject if possible. Thank you.
Re: How to set from: for bounce mails from OpenSMTPD
‐‐‐ Original Message ‐‐‐ On Monday, February 24, 2020 9:03 PM, Thomas Bohl wrote: > Fully syspatched and 'pkg_add -u'ed > OpenBSD 6.5 > OpenSMTPD 6.5.0 > dovecot-2.3.9.2v0 I use exactly the same versions. > I usually upgrade in a timely manner to the latest stable, but due to > circumstances I'm still on 6.5. Same here, still on OpenBSD 6.5 due to time constraints. I hope to upgrade soon. > Haven't found time to investigate further. I hope to find time in a view > weeks to upgrade and look again into this topic. Will post an update if > I find a solution. Let me know if you upgrade and this fixes the issue. I would be really interested to know if this is a bug which has been fixed in a newer version of OpenSMTPD.
Re: How to set from: for bounce mails from OpenSMTPD
‐‐‐ Original Message ‐‐‐ On Friday, February 14, 2020 5:48 PM, Thomas Bohl wrote: > I have the same problem (my logs look the same) and are very interested > in a solution. I was wondering which version of OpenBSD are you using? and which version of Dovecot? Have you found a solution in the mean time? I am still searching and no one really answered yet to this mail except you.
How to set from: for bounce mails from OpenSMTPD
Hi, I am running OpenBSD 6.5 with OpenSMTPD and dovecot and if I send an email to an invalid email address, I do not get a bounce back from OpenSMTPD telling me that the email address is invalid. So this means I never know that I made a mistake in sending my email. Taking a look at the maillog I can see the following two relevant log entries: Feb 10 11:28:53 mxa1 smtpd[881]: 3b5195a4c7580b02 smtp envelope evpid=3e3d1ac92f3d2922 from=<> to= Feb 10 11:28:53 mxa1 smtpd[881]: 3b5195a5c52b38dc mda delivery evpid=3e3d1ac92f3d2922 from=<> to= rcpt= user=vmail delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Missing domain") Feb 10 11:28:53 mxa1 smtpd[19533]: warn: queue: no return path! It simply looks like the From: header in the envelope is not set at all. So I was wondering how can I set the From: header in my smtpd.conf config in order to solve this issue? Cheers, Mabi
Re: Multiple query_mailaddr when using table_postgresql not possible
‐‐‐ Original Message ‐‐‐ On Monday, August 12, 2019 11:44 AM, Reio Remma wrote: > Whilst I have no experience with the new OpenSMTPD, I have my 6.0.3 > working with MySQL and 2 separate query_mailaddr (recipients and > blacklist). I solved it by simply putting the blacklist query_mailaddr > in a separate config file. > > table recipients mysql:/etc/opensmtpd/mysql.conf > table blacklist mysql:/etc/opensmtpd/mysql-blacklist.conf Nice workaround, thanks Reio, I will try it out!
Multiple query_mailaddr when using table_postgresql not possible
Hello, I would like to add an extra table in a PostgreSQL database to define domain names which I will reject mails from (mostly spam domains) on my OpenBSD 6.5 MX server. For that I would need to add the following query_mailaddr to my /etc/mail/postgresql.conf file as documented here (https://github.com/OpenSMTPD/OpenSMTPD-extras/pull/54): query_mailaddr SELECT address FROM rejects WHERE address=? The problem is that I already have a query_mailaddr entry in that file which is the following: query_mailaddr SELECT destination FROM vusers WHERE email = REGEXP_REPLACE($1,'(.*)\+[\w-]+@(.*)','\1@\2'); and which I need in order to define my valid recipients using the following table/match rule: table recipients postgres:/etc/mail/postgresql.conf match from any for domain rcpt-to action "relay_amavis" so, when I start smtpd I get the following error: domains[19067]: warn: duplicate key query_mailaddr domains[19067]: fatal: error parsing config file Does anyone know how I can still achieve that? Maybe with another type of "query_" but which one? Best regards, Mabi
Re: Limit max recipients per mail setting gone?
‐‐‐ Original Message ‐‐‐ On Tuesday, August 6, 2019 1:40 PM, Gilles Chehade wrote: > Indeed, this somehow didn't get documented, please open an issue on our > tracker so I take care of this when I get home in a few days. > > meanwhile, smtp limits are as follow: > > smtp limit max-mails = max number of mails per session > smtp limit max-rcpt = max number of recipient per transaction Thank you very much for your answer. That's exactly what I was look for. I have opened the following issue: https://github.com/OpenSMTPD/OpenSMTPD/issues/927 and hope that's fine.
Re: new reporting events
‐‐‐ Original Message ‐‐‐ On Sunday, July 14, 2019 11:41 AM, Gilles Chehade wrote: > Note that I'm PARTICULARLY thrilled about 1- and 2-, because it means we > are now VERY VERY VERY sysadmin friendly when it comes to monitoring and > alerting: pushing useful metrics to elasticsearch has become trivial. It > is likely I'll release a filter-elastic if there is interest. Gilles, that's fantastic, thanks for the great work! I will definitely be interested in the filter-elastic because this will enable me to get rid off logstash in between OpenSMTPD and ElasticSearch. Logstash is powerful but it's a lot of work to get the regexp filters right in order to extract the wanted metrics from OpenSMTPD. So with your filter-elastic I can remove one layer of complexity and make my setup easier to maintain. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: what's your LMTP use-case
‐‐‐ Original Message ‐‐‐ On Friday, July 5, 2019 5:25 PM, Edgar Pettijohn wrote: > I'm using dovecot for imap so might as well let it handle the delivery also. > Not much of a reason but it's it. Same here, Dovecot "dictates" me to use LMTP... -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 11:44 AM, Gilles Chehade wrote: > if you configure rspamd to flag spam mail as reject, smtpd will reject them. Glad to hear that this is possible with rspamd! Because with SpamAssassin it is only possible to tag the mail as spam but not to reject it upfront. I want to reject the mail immediately if it detected as spam so that it does not get relayed further (out to another mail server). -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
‐‐‐ Original Message ‐‐‐ On Sunday, June 30, 2019 1:46 PM, Gilles Chehade wrote: > I'm currently working on bringing a filter-rspamd to life, see: > > https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/ Fantastic Gilles, thanks for your great work! I am looking forward to try this filter out. Question: will your rspamd filter be able also to simply reject a mail if rspamd detects it as spam? I am looking for such a feature in order to block user submission of spam mails as explained here: https://www.mail-archive.com/misc@opensmtpd.org/msg04379.html So basically I am not interested in the score but just in a boolean true/false if the mail is spam or not and then have OpenSMTPD refuse the submission/relaying of the mail to further mail servers on the internet. This is a typical scenario where you don't trust your users or have users which often get infected by malwares and having for example their outlook client sending (authenticated) spam mails... My impression is that this right now is not possible with OpenSMTPD. Am I right here? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Simple way of blocking relay of spam on submission port 587
Hello, I am using OpenSMTPD for authenticated people with their mail client to send mail on port 587 (typical mail submission scenario) and am trying to find out a simple way to block these relayed mails in case they are detected as spam by SpamAssassin. For that purpose I evaluated spampd but in the man page of spampd it's clearly stated: "Note that spampd does not do anything other than check for spam, so it is not suitable as an anti-relay system." So I was wondering if there is another way to block potential spam mails which would be relayed by my users? I don't want them to be tagged I just really want them to be blocked full stop. Cheers, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: LMTP dovecot doesn't accept bounces
Hi everyone, Just wanted to confirm that I also encounter the same issue with bounces from the MAILER-DAEMON now that I upgraded to OpenBSD 6.4 to 6.5 with the latest OpenSMTPD 6.5 as you can see below: May 26 12:20:17 mx1 smtpd[85131]: 0c12bdb4202bd21a mda delivery evpid=8a9f8ff1c2320d8c from=<> to= rcpt= user=vmail delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Missing domain") May 26 12:20:17 mx1 smtpd[33901]: warn: queue: no return path! Gilles, I was wondering if your patch for this issue will make it into the official OpenBSD 6.5 errata/patches (https://www.openbsd.org/errata65.html)? Best regards, Mabi ‐‐‐ Original Message ‐‐‐ On Saturday, May 18, 2019 2:55 PM, David Flatz wrote: > Hello everybody > > Thanks for opensmtpd! > > I have following config (opensmtpd is compiled with --sysconfdir=/etc/smtpd): > > pki "email.com" cert "/etc/ssl/acme/fullchain.pem" > pki "email.com" key "/etc/ssl/acme/private/privkey.pem" > table aliases file:/etc/smtpd/aliases > table virtuals file:/etc/smtpd/virtuals > table "senders" file:/etc/smtpd/senders > table domains {"email.com", "email2.com", "email3.com"} > listen on localhost > listen on localhost port 10028 tag DKIM > listen on <> hostname "email.com" pki "email.com" tls-require > listen on <> hostname "email.com" pki "email.com" tls-require > listen on <> port 587 hostname "email.com" pki "email.com" tls-require > auth mask-src senders <"senders"> > listen on <> port 587 hostname "email.com" pki "email.com" tls-require > auth mask-src senders <"senders"> > action "local" lmtp "/var/run/dovecot/lmtp" alias > action "remote" lmtp "/var/run/dovecot/lmtp" virtual > action "relay_dkim" relay host smtp://127.0.0.1:10027 > action "relay" relay > match from local for local action "local" > match from any for domain action "remote" > match from local for any tag DKIM action "relay" > match from local for any action "relay_dkim" > match auth from any for any action "relay_dkim" > > "email.com" in /etc/smtpd/mailname > > Delivery to dovecot works pretty good for normal mails locally with > sendmail and from remote. However, when opensmtpd generates a bounce dovecot > won't accept it and returns following error message "501 5.5.4 > Invalid FROM: Missing domain". > > Here's a short example from my mail log: > > 2019-05-16T16:53:44.74235 mail.info: smtpd[14556]: 0426c5ebb3512dbf smtp > message address=127.0.0.1 host=localhost msgid=46af690e from=m...@email.com > to=inva...@example.com size=1655 ndest=1 proto=ESMTP > 2019-05-16T16:53:44.74285 mail.info: smtpd[14556]: 0426c5ea6f7e8493 mta > delivery evpid=ed61bbacc8e998ab from=m...@email.com to=inva...@example.com > rcpt=<-> source="127.0.0.1" relay="127.0.0.1 (localhost)" delay=0s > result="Ok" stat="250 2.0.0: 46af690e Message accepted for delivery" > 2019-05-16T16:53:44.74850 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta > connecting address=smtp://xxx.xxx.xxx.xxx:25 host=example.com > 2019-05-16T16:53:44.75871 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta > connected > 2019-05-16T16:53:45.02044 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta > starttls ciphers=version=TLSv1.2, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256 > 2019-05-16T16:53:45.12104 mail.info: smtpd[14556]: smtp-out: Server > certificate verification succeeded on session 0426c5ee42eb86d0 > 2019-05-16T16:53:45.19820 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta > delivery evpid=46af690e499ada02 from=m...@email.com to=inva...@example.com > rcpt=<-> source="xxx.xxx.xxx.xxx" relay="xxx.xxx.xxx.xxx (example.com)" > delay=1s result="PermFail" stat="553 5.3.0 inva...@example.com... No such > user here" > 2019-05-16T16:53:46.20569 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp > connected address=local host=email.com > 2019-05-16T16:53:46.21778 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp > message address=local host=email.com msgid=7f01bbab from=<> to=m...@email.com > size=2954 ndest=1 proto=ESMTP > 2019-05-16T16:53:46.22076 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp > disconnected address=local host=email.com reason=quit > 2019-05-16T16:53:46.26239 mail.info: dovecot: lmtp(14699): Connect from local > 2019-05-16T16:53:46.26408 mail.info: dovecot: lmtp(14699): Disconnect from > local: Remote closed connecti
Re: LMTP delivery broken in 6.5?
Just to get back to all of you guys using OpenSMTPD with Dovecot on OpenBSD 6.5 who might also encounter this issue: there is indeed a workaround in Dovecot which is to basically unset the login_trusted_networks parameter for the LMTP protocol like this: protocol lmtp { login_trusted_networks= } Thanks to all of you answering and the Dovecot mailing list for this hint. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: LMTP delivery broken in 6.5?
‐‐‐ Original Message ‐‐‐ On Friday, May 24, 2019 10:42 AM, Nick Ryan wrote: > This doesn't really match your set up, but I have OpenBSD 6.5, dovecot > 2.3.5.1 and opensmtpd running with the same action line and it's fine. > No errors or issues - I'm not using dovecot proxies however. Just a > local delivery to mdbox files. Good to know, so that really narrows down the problem to using Dovecot in combination with LMTP. Sorry for the noise on this mailing list. Although this post could be useful to someone else who might also be upgrading to his OpenBSD box to 6.5. > Hope that the XCLIENT fix works out for you. I don't fancy compiling and install Dovecot 2.3.6 from source on that OpenBSD 6.5 server so for now I guess I will stick with OpenBSD 6.4 and upgrade to 6.6 in 5 months ;-) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: LMTP delivery broken in 6.5?
‐‐‐ Original Message ‐‐‐ On Thursday, May 23, 2019 12:34 PM, mabi wrote: > I still think something is not quite right here as it works perfectly with > OpenSMTPD 6.4.0 but not with 6.5.0. I think I found the stinky fish here and that would be Dovecot 2.3.5 with the following bug which has been fixed in 2.3.6: lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server. Source: https://github.com/dovecot/core/commit/5d03f39b345127b80d145ee90772739baa7ab810 Unfortunately OpenBSD 6.5 comes with Dovecot 2.3.5 so it's unusable if you need LMTP like in my case. Better stay on OpenBSD 6.4 or wait for 6.6... Now would be nice if someone with more experience could confirm my hypothesis here but I have seen the XCLIENT command being issued nonstop while running that tcpdump port the LMTP port... Maybe there is a way to disable the XCLIENT command in Dovecot but I guess if this command is issued during the LMTP session it must then also be required for some reason. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: LMTP delivery broken in 6.5?
‐‐‐ Original Message ‐‐‐ On Thursday, May 23, 2019 12:14 PM, Edgar Pettijohn wrote: > Make sure dovecot is running and listening at that path. Netcat should help. Dovecot is running and I can connect to its LMTP socket file using "nc -U /var/dovecot/lmtp" on my MX server. > You are delivering to a Unix socket not tcp. I should have been more precise here: my MX server is running Dovecot LMTP in proxy mode as I have two Dovecot mailbox servers behind the MX server. These mailbox servers are listening on LMTP's standard port 24 so that the LMTP proxy on the MX server can connect to. On the MX server the LMTP proxy listens to a socket file and on the mailbox servers Dovecot LMTP listens on 24/tcp. When I mention that I ran "tcpdump" on port 24 that was on the mailbox server. So OpenSMTPD has no problem connecting to the Dovecot LMTP proxy on the MX server which then also further connects correctly to the right Dovecot mailbox server LMTP port 24. > I haven't gotten around to upgrading yet, so I can't confirm if it's broken. > However, I doubt it since there haven't been any other reports I've seen. I still think something is not quite right here as it works perfectly with OpenSMTPD 6.4.0 but not with 6.5.0. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
LMTP delivery broken in 6.5?
Hello, I upgraded my OpenBSD 6.4 MX server running OpenSMTPD 6.4 to OpenBSD 6.5 running OpenSMTPD 6.5 but unfortunately had to revert back to 6.4 because mail delivery to Dovecot using LMTP did not work anymore. Is it possible that LMTP mail delivery is broken in OpenSMTPD 6.5? In my smtpd.conf file I use: action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual The relevant error log entry of OpenSMTPD is: May 22 21:49:08 mx1 smtpd[45250]: dfc2d91c04922d88 mda delivery evpid=7f51132de0fd58db from= to= rcpt= user=vmail delay=1s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 451 4.4.0 Remote server not answering (connect)") In the log file of Dovecot I don't see anything particular but just some information about the connection: May 22 21:49:07 mx1 dovecot: lmtp(61415): Connect from local May 22 21:49:08 mx1 dovecot: lmtp(61415): Disconnect from local: Remote closed connection (state=READY) I ran a tcpdump on port 24 (Dovecot LMTP port) and could see that the mail delivery never goes past these two first commands: LHLO mx1.mydomain.tld XCLIENT HELO=localhost TTL=5 In fact it seems to be trying in a loop to connect and always run LHLO and XCLIENT but never goes further to actually issuing the mail. Running "ps auxwww | grep lmtp" shows me that mail.lmtp is running but never manages to deliver the mail successfully: vmail19798 0.0 0.1 248 1172 ?? I 10:03PM0:00.00 /usr/libexec/mail.lmtp -f some...@domain.tld -d /var/dovecot/lmtp m...@mydomain.tld Any ideas what could be going wrong here? or is it possibly a bug in 6.5? Best regards, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Support of plus character in email address
‐‐‐ Original Message ‐‐‐ On Wednesday, January 2, 2019 5:03 PM, Edgar Pettijohn wrote: > https://www.postgresql.org/docs/9.3/functions-matching.html > > You will likely need to use some of the regex functions to pull out the user > and domain from $1. How did I not think about this workaround ;-) Thanks Edgard that works like a charm! For others who might be trying to achieve the same here is the PgSQL query: SELECT destination FROM vuser WHERE email = REGEXP_REPLACE($1,'(.*)\+[\w-]+@(.*)','\1@\2'); -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Support of plus character in email address
‐‐‐ Original Message ‐‐‐ On Wednesday, January 2, 2019 3:16 PM, Edgar Pettijohn wrote: > I recently switched to dspam. It ties into smtpd very similarly to amavis > Plus it doesn't appear to need the additional table, and > delimeters still work out of the box. Everything you need to know is included > in the README plus the specific readme for postgres backend. I heard good things too about dspam, call me crazy maybe but for me Amavis in combination with ClamAV and SpamAssassin has been doing a great job. > I'm pretty sure that's why I stopped using amavis originally. It is very easy > cause problems. I just would like to precise here that it is not Amavis the source of the "problem" in my specific case here but the fact that using an rcpt-to with a recipients table in a match rule does not take in account e-mail addresses containing a plus character. In my opinion it should allow e-mail adresses with a plus or at least it should be a boolean parameter which one can turn on/off in smtpd.conf. @Gilles maybe you have any comments about that? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Support of plus character in email address
‐‐‐ Original Message ‐‐‐ On Wednesday, January 2, 2019 1:53 PM, Oscar Carlsson wrote: > As far as I know sub-addressing is enabled by default. I haven't found > anything in my configuration that explicitly enables it, but it works > out of the box here. That's also what I thought by checking the smtpd.conf man page but I presume my issue here is that I use a recipients table in order to check if an e-mail address is valid or not before sending to Amavis and then Dovecot. The relevant part of my smtpd.conf file looks like this: table recipients postgres:/etc/mail/postgresql.conf match from any for domain rcpt-to action "relay_amavis" So here I presume that the rcpt-to option of match does not support having a "+" in the e-mail address. A workaround would be having to manually define the valid "+" recipients in my recipients table but that really sound stupid and is not very useful... -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Support of plus character in email address
Hello, Does OpenSMTPD support the usage of a plus "+" in the e-mail address? For example I would like to use me+fol...@domain.org in order to instruct my dovecot backend IMAP server to deliver the mail into a specific folder. I had a quick try at it but my OpenSMTPD MX server spits out "550 Invalid recipient". Cheers, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Check first if user exists before sending to Amavis for scanning
‐‐‐ Original Message ‐‐‐ On Monday, December 31, 2018 11:56 PM, wrote: > That seems weird. Perhaps there is something extra to configure in amavis to > keep this from happening. Then > again if it works it works. Maybe, i'll check the default amavis config file if I can find an option for that but so far I can live with the extra SQL lookup if it avoids a routing loop... And by the way happy new year to the whole OpenSMTPD community :) -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Check first if user exists before sending to Amavis for scanning
‐‐‐ Original Message ‐‐‐ On Monday, December 31, 2018 9:44 PM, wrote: > be forwarned I haven't used amavis in a few years. No problem you got it right anyway, amavis listens on port 10024 and sends it back to OpenSMTPD on 10025 ;) I wasn't aware about the mailaddr table but that does exactly the trick, brilliant! So now my complete working match rules look like this: match for local action "local" match tag AMAVIS for domain action "lmtp_dovecot" match tag AMAVIS for any action "relay" match from any for domain rcpt-to action "relay_amavis" match for any action "relay" Note that you have spotted the duplicate lookup by using "domain " in the second match rule but the problem is that if I remove this "domain " lookup then I get into an routing loop (500 5.4.6 Routing loop detected: Loop detected) where Amavis sends back to OpenSMTPD which sends back to Amavis and so on... So as far as I understand this "domain " lookup allows me to avoid this routing loop. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Check first if user exists before sending to Amavis for scanning
‐‐‐ Original Message ‐‐‐ On Monday, December 31, 2018 8:29 PM, wrote: > no worries. I'm sure its still possible. Could you post your full config with > the listen directives. That would be cool :) Below is my full smtpd.conf... # PKI pki mx.mydomain.org cert "/etc/ssl/mx.mydomain.org.crt" pki mx.mydomain.org key "/etc/ssl/private/mx.mydomain.org.key" # TABLES table aliases file:/etc/mail/aliases table domains postgres:/etc/mail/postgresql.conf table vusers postgres:/etc/mail/postgresql.conf # LISTEN listen on egress port 25 hostname mx.mydomain.org tls pki mx.mydomain.org listen on lo port 10025 tag AMAVIS # ACTION action "local" mbox alias action "relay" relay action "relay_amavis" relay host smtp://127.0.0.1:10024 action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual # MATCH match for local action "local" match tag AMAVIS for domain action "lmtp_dovecot" match tag AMAVIS for any action "relay" match from any for domain action "relay_amavis" match for any action "relay" # SETTINGS smtp max-message-size 20M -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Check first if user exists before sending to Amavis for scanning
‐‐‐ Original Message ‐‐‐ On Monday, December 31, 2018 7:29 PM, wrote: > pretty sure you just need... > action "relay_amavis" relay host smtp://127.0.0.1:10024 virtual That would have been very nice, unfortunately the "virtual" parameter does not seem to work with relay as I get a syntax error when starting smtpd (line 24 is my "relay_amavis" action): /etc/mail/smtpd.conf:24: syntax error -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Check first if user exists before sending to Amavis for scanning
Hi, I have an OpenSMTPD on OpenBSD 6.4 MX server which first scans mails with Amavis (SpamAssassin + ClamAV) and then delivers it using LMTP to Dovecot. Now all mails first go through Amavis which means that even if the mailbox in Dovecot does not exist the mail gets processed by Amavis which seems like a waste of resources. Would it possible to have OpenSMTPD first check if the user exists before passing the mail to Amavis? I have my valid users defined in a PostgreSQL table called vuser and mapped it as the vusers table in OpenSMTPD. I am using the table-postgresql extras addon. If the user does not exist then it could abort the whole process immediately and return something like User not found. Not sure though if this is possible with OpenSMTPD yet? The relevant part of my smtpd.conf file looks like this: <...> table domains postgres:/etc/mail/postgresql.conf table vusers postgres:/etc/mail/postgresql.conf action "local" mbox alias action "relay" relay action "relay_amavis" relay host smtp://127.0.0.1:10024 action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual match for local action "local" match tag AMAVIS for domain action "lmtp_dovecot" match tag AMAVIS for any action "relay" match from any for domain action "relay_amavis" match for any action "relay" <...> Regards, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: different lmtp destinations from table for mail delivery depending on email address
‐‐‐ Original Message ‐‐‐ On Thursday, December 27, 2018 2:09 PM, Craig Skinner wrote: > Can your public MX machine route to your private IMAP machines via SMTP? > > Each of your IMAP servers would have an MTA on it. > > Make those MTAs send via LMTP to the local Dovecot over a UNIX socket. > > Keeps it simple, no SQL nor proxies needed. > > Set up a mapping on the public MX machine like this > (have a cron job write it when users are added/removed): > > joe@public.domain -> joe@imap1.private > sarah@public.domain -> sarah@imap2.private > andy@public.domain -> andy@imap3.private Sounds like a good idea unfortunately my backend Dovecot servers are just mailbox servers and only reachable via LMTP or IMAP. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: different lmtp destinations from table for mail delivery depending on email address
Thanks Matt and Gilles for your answers. I will then go with Dovecot LMTP proxy on my MX server. I was trying to avoid having to install Dovecot on my OpenSTMPD MX server to keep it as lean as possible but it looks like this is the way to go as I don't want any "hacky" solution. Cheers, M ‐‐‐ Original Message ‐‐‐ On Wednesday, December 26, 2018 11:31 PM, Gilles Chehade wrote: > Doable with OpenSMTPD using multiple actions and using the rcpt-to matching > criteria, however it feels kind of hackish to do it at that level. > > Basically you would create one action per dovecot shard, then one match per > shard with an rcpt-to criteria pointing to a table containing the recipients > for that shard. > > I’d do that in dovecot myself. > > Cheers, > > > On 26 Dec 2018, at 22:24, mabi m...@protonmail.ch wrote: > > Hello, > > I would like to setup one OpenSMTPD server as MX server for incoming mails > > and have OpenSMTPD deliver the mail to different Dovecot mailbox servers > > using LTMP depending on the e-mail address of the recipient. > > Would this kind of setup be possible to do using the table-postgresql extra > > addon? I would then have a table in my database where the recipient email > > address is mapped to a respective mailbox server name (email1 -> server1, > > email2 -> server2, etc.). > > Right now I use the following action: > > action "dovecot" lmtp "server1:24" rcpt-to virtual > > which basically only allows me to deliver to one single mailbox server. > > If I guess I could still use Dovecot's LMTP proxying feature for that > > purpose but I think it would be much smarter to do that in OpenSMTPD > > directly. > > Anyone know if this is possible or have an alternative idea how to do that? > > Best regards, > > Mabi > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
different lmtp destinations from table for mail delivery depending on email address
Hello, I would like to setup one OpenSMTPD server as MX server for incoming mails and have OpenSMTPD deliver the mail to different Dovecot mailbox servers using LTMP depending on the e-mail address of the recipient. Would this kind of setup be possible to do using the table-postgresql extra addon? I would then have a table in my database where the recipient email address is mapped to a respective mailbox server name (email1 -> server1, email2 -> server2, etc.). Right now I use the following action: action "dovecot" lmtp "server1:24" rcpt-to virtual which basically only allows me to deliver to one single mailbox server. If I guess I could still use Dovecot's LMTP proxying feature for that purpose but I think it would be much smarter to do that in OpenSMTPD directly. Anyone know if this is possible or have an alternative idea how to do that? Best regards, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Issues with Thunderbird and STARTTLS (Pipelining not supported)
‐‐‐ Original Message ‐‐‐ On Monday, December 17, 2018 1:49 PM, Matt Schwartz wrote: > Right off the bat, I think the mask-src might be causing a problem. I know > that Thunderbird does some weird stuff and it doesn't play well with > OpenSMTPD's correct implementation of smtps but you're using starttls. So > instead of mask-src, try using the hostname parameter and set it to the > hostname that you want to use. Spot on, that was it. I simply removed mask-src and STARTTLS works nicely with Thunderbird too. Thanks Matt and Edgar for answering!
Issues with Thunderbird and STARTTLS (Pipelining not supported)
Hi, I just configured OpenSMTPD on OpenBSD 6.4 with authentication to send mails as a MSA (port 587). I did some tests with swaks and TLS enabled and it works fine but with Thunderbird it miserably fails to use STARTTLS. On the server side I get: 500 5.5.1 Invalid command: Pipelining not supported Is Thunderbird somehow so broken that it doesn't even respect that OpenSMTPD does not support SMTP pipelining? I am using Thunderbird 60.3.0... Any workarounds? Also I was wondering if OpenSMTPD supports other authentication types additionally to PLAIN and LOGIN? Regards, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: FAQ gone?
I see, that makes sense... ‐‐‐ Original Message ‐‐‐ On Wednesday, December 12, 2018 7:42 PM, Matt Schwartz wrote: > I think the FAQ section is probably in the process of being reworked > due to the recent grammar and functionality changes in OpenSMTPD 6.4. > On Wed, Dec 12, 2018 at 1:40 PM mabi m...@protonmail.ch wrote: > > > Hi, > > I was wondering where did the FAQ section on the opensmtpd.org website > > disappear? > > It had useful setup examples with LMTP and Dovecot if I remember > > correctly... > > Regards, > > Mabi > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
FAQ gone?
Hi, I was wondering where did the FAQ section on the opensmtpd.org website disappear? It had useful setup examples with LMTP and Dovecot if I remember correctly... Regards, Mabi -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Fail2Ban filter for OpenSMTPD
Hi there, Does anyone have a fail2ban filter for OpenSMTPD? I would like to block the many many AUTH LOGIN attempts as you can see here from the logs: Jun 17 11:55:49 gw smtpd[594]: 7eeebcc95623efe1 smtp event=failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not supported" Jun 17 11:55:52 gw smtpd[594]: 7eeebcc95623efe1 smtp event=closed reason="io-error: Connection reset by peer" Cheers, M.
Re: Enabling route every 2 seconds in a loop
Hi, I did a grep like you mentioned but there is only that: May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connecting address=smtp+tls://163.114.21.130:25 host=mtagated.edf.fr May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connected May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=error reason=IO Error: Connection reset by peer Now it simply stopped by magic and at the time this happened I did not have any webapp trying to sendmail. Original Message Subject: Re: Enabling route every 2 seconds in a loop Local Time: May 24, 2017 9:02 AM UTC Time: May 24, 2017 7:02 AM From: mikyde...@yahoo.fr To: misc@opensmtpd.org <misc@opensmtpd.org> Hello, I have the same problem and wrote two days ago about that (but the mailling list drop my mails) Could you try to locate the first connection for this session: grep c806af9e5fc46153 /var/log/messages If you have the same problem as I do you're find a connection from the outside with a user belonging to that domain and your MTA tries to reply back that the destination address doesn't exist Le Mercredi 24 mai 2017 3h01, Edgar Pettijohn <ed...@pettijohn-web.com> a écrit : On 05/23/17 13:03, mabi wrote: Hello, My OpenSMTPd 6.0.2p1 mail gateway is somehow looping indefinitely with the following log output every 2 seconds: May 23 20:00:44 mgw smtpd[28997]: smtp-out: Enabling route [] <-> 163.114.21.130 (mtagated.edf.fr) May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connecting address=smtp+tls://163.114.21.130:25 host=mtagated.edf.fr May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connected May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=error reason=IO Error: Connection reset by peer May 23 20:00:44 mgw smtpd[28997]: smtp-out: Disabling route [] <-> 163.114.21.130 (mtagated.edf.fr) for 15s There are no mails in the queue and I don't see why it is trying to connect to that server every 2 seconds. Any idea what is going wrong here? Regards, M. Do you have some sort of webapp trying to "sendmail"?
Re: pkg_add thinks I am still on 5.9
My bad I had the PKG_PATH env var pointing to 5.9 in my .profile. Thanks for the great 6.1 release! Original Message Subject: pkg_add thinks I am still on 5.9 Local Time: April 30, 2017 12:00 AM UTC Time: April 29, 2017 10:00 PM From: m...@protonmail.ch To: misc@opensmtpd.orgHi, I just upgraded my firewall from OpenBSD 6.0 to 6.1 and somehow my installations seems to think that I am still running OpenBSD 5.9 as you can see in the example below: $ doas pkg_add net-snmp http://mirror.switch.ch/ftp/pub/OpenBSD/5.9/packages/amd64/net-snmp-5.7.3p6.tgz: unsigned package (signify(1) doesn't see old-style signatures) How can I force OpenBSD to use 6.1 packages instead of 5.9? Regards, M.
rspamd compatibility
Hello, Did anyone already succesfully integrate rspamd with OpenSMTPD ? I would be interested to know if both products work nicely together and if anyone has any example of working config. Regards M.