log subject of mail in maillog

[mabi]

Hello,

I was wondering with OpenSMTPD if it is possible to log the subject of the mail 
in the maillog? Currently the from/to are being logged and I wanted to also log 
the subject if possible.

Thank you.

Re: How to set from: for bounce mails from OpenSMTPD

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, February 24, 2020 9:03 PM, Thomas Bohl 
 wrote:

> Fully syspatched and 'pkg_add -u'ed
> OpenBSD 6.5
> OpenSMTPD 6.5.0
> dovecot-2.3.9.2v0

I use exactly the same versions.

> I usually upgrade in a timely manner to the latest stable, but due to
> circumstances I'm still on 6.5.

Same here, still on OpenBSD 6.5 due to time constraints. I hope to upgrade soon.

> Haven't found time to investigate further. I hope to find time in a view
> weeks to upgrade and look again into this topic. Will post an update if
> I find a solution.

Let me know if you upgrade and this fixes the issue. I would be really 
interested to know if this is a bug which has been fixed in a newer version of 
OpenSMTPD.

Re: How to set from: for bounce mails from OpenSMTPD

[mabi]

‐‐‐ Original Message ‐‐‐
On Friday, February 14, 2020 5:48 PM, Thomas Bohl 
 wrote:

> I have the same problem (my logs look the same) and are very interested
> in a solution.

I was wondering which version of OpenBSD are you using? and which version of 
Dovecot?

Have you found a solution in the mean time? I am still searching and no one 
really answered yet to this mail except you.

How to set from: for bounce mails from OpenSMTPD

[mabi]

Hi,

I am running OpenBSD 6.5 with OpenSMTPD and dovecot and if I send an email to 
an invalid email address, I do not get a bounce back from OpenSMTPD telling me 
that the email address is invalid. So this means I never know that I made a 
mistake in sending my email.

Taking a look at the maillog I can see the following two relevant log entries:

Feb 10 11:28:53 mxa1 smtpd[881]: 3b5195a4c7580b02 smtp envelope 
evpid=3e3d1ac92f3d2922 from=<> to=
Feb 10 11:28:53 mxa1 smtpd[881]: 3b5195a5c52b38dc mda delivery 
evpid=3e3d1ac92f3d2922 from=<> to= rcpt= 
user=vmail delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 
501 5.5.4 Invalid FROM: Missing domain")
Feb 10 11:28:53 mxa1 smtpd[19533]: warn: queue: no return path!

It simply looks like the From: header in the envelope is not set at all. So I 
was wondering how can I set the From: header in my smtpd.conf config in order 
to solve this issue?

Cheers,
Mabi

Re: Multiple query_mailaddr when using table_postgresql not possible

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, August 12, 2019 11:44 AM, Reio Remma  wrote:

> Whilst I have no experience with the new OpenSMTPD, I have my 6.0.3
> working with MySQL and 2 separate query_mailaddr (recipients and
> blacklist). I solved it by simply putting the blacklist query_mailaddr
> in a separate config file.
>
> table recipients  mysql:/etc/opensmtpd/mysql.conf
> table blacklist   mysql:/etc/opensmtpd/mysql-blacklist.conf

Nice workaround, thanks Reio, I will try it out!

Multiple query_mailaddr when using table_postgresql not possible

[mabi]

Hello,

I would like to add an extra table in a PostgreSQL database to define domain 
names which I will reject mails from (mostly spam domains) on my OpenBSD 6.5 MX 
server.

For that I would need to add the following query_mailaddr to my 
/etc/mail/postgresql.conf file as documented here 
(https://github.com/OpenSMTPD/OpenSMTPD-extras/pull/54):

query_mailaddr SELECT address FROM rejects WHERE address=?

The problem is that I already have a query_mailaddr entry in that file which is 
the following:

query_mailaddr SELECT destination FROM vusers WHERE email = 
REGEXP_REPLACE($1,'(.*)\+[\w-]+@(.*)','\1@\2');

and which I need in order to define my valid recipients using the following 
table/match rule:

table recipients postgres:/etc/mail/postgresql.conf
match from any for domain  rcpt-to  action "relay_amavis"

so, when I start smtpd I get the following error:

domains[19067]: warn: duplicate key query_mailaddr
domains[19067]: fatal: error parsing config file

Does anyone know how I can still achieve that? Maybe with another type of 
"query_" but which one?

Best regards,
Mabi

Re: Limit max recipients per mail setting gone?

[mabi]

‐‐‐ Original Message ‐‐‐
On Tuesday, August 6, 2019 1:40 PM, Gilles Chehade  wrote:

> Indeed, this somehow didn't get documented, please open an issue on our
> tracker so I take care of this when I get home in a few days.
>
> meanwhile, smtp limits are as follow:
>
> smtp limit max-mails  = max number of mails per session
> smtp limit max-rcpt  = max number of recipient per transaction

Thank you very much for your answer. That's exactly what I was look for. I have 
opened the following issue:

https://github.com/OpenSMTPD/OpenSMTPD/issues/927

and hope that's fine.

Re: new reporting events

[mabi]

‐‐‐ Original Message ‐‐‐
On Sunday, July 14, 2019 11:41 AM, Gilles Chehade  wrote:

> Note that I'm PARTICULARLY thrilled about 1- and 2-, because it means we
> are now VERY VERY VERY sysadmin friendly when it comes to monitoring and
> alerting: pushing useful metrics to elasticsearch has become trivial. It
> is likely I'll release a filter-elastic if there is interest.

Gilles, that's fantastic, thanks for the great work!

I will definitely be interested in the filter-elastic because this will enable 
me to get rid off logstash in between OpenSMTPD and ElasticSearch. Logstash is 
powerful but it's a lot of work to get the regexp filters right in order to 
extract the wanted metrics from OpenSMTPD. So with your filter-elastic I can 
remove one layer of complexity and make my setup easier to maintain.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: what's your LMTP use-case

[mabi]

‐‐‐ Original Message ‐‐‐
On Friday, July 5, 2019 5:25 PM, Edgar Pettijohn  
wrote:

> I'm using dovecot for imap so might as well let it handle the delivery also. 
> Not much of a reason but it's it.

Same here, Dovecot "dictates" me to use LMTP...


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: RBLs?

[mabi]

‐‐‐ Original Message ‐‐‐
On Tuesday, July 2, 2019 11:44 AM, Gilles Chehade  wrote:

> if you configure rspamd to flag spam mail as reject, smtpd will reject them.

Glad to hear that this is possible with rspamd! Because with SpamAssassin it is 
only possible to tag the mail as spam but not to reject it upfront. I want to 
reject the mail immediately if it detected as spam so that it does not get 
relayed further (out to another mail server).

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: RBLs?

[mabi]

‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 1:46 PM, Gilles Chehade  wrote:

> I'm currently working on bringing a filter-rspamd to life, see:
>
> https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/

Fantastic Gilles, thanks for your great work! I am looking forward to try this 
filter out.

Question: will your rspamd filter be able also to simply reject a mail if 
rspamd detects it as spam? I am looking for such a feature in order to block 
user submission of spam mails as explained here:

https://www.mail-archive.com/misc@opensmtpd.org/msg04379.html

So basically I am not interested in the score but just in a boolean true/false 
if the mail is spam or not and then have OpenSMTPD refuse the 
submission/relaying of the mail to further mail servers on the internet.

This is a typical scenario where you don't trust your users or have users which 
often get infected by malwares and having for example their outlook client 
sending (authenticated) spam mails...

My impression is that this right now is not possible with OpenSMTPD. Am I right 
here?

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Simple way of blocking relay of spam on submission port 587

[mabi]

Hello,

I am using OpenSMTPD for authenticated people with their mail client to send 
mail on port 587 (typical mail submission scenario) and am trying to find out a 
simple way to block these relayed mails in case they are detected as spam by 
SpamAssassin.

For that purpose I evaluated spampd but in the man page of spampd it's clearly 
stated:

"Note that spampd does not do anything other than check for spam, so it is not 
suitable as an anti-relay system."

So I was wondering if there is another way to block potential spam mails which 
would be relayed by my users?

I don't want them to be tagged I just really want them to be blocked full stop.

Cheers,
Mabi






--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: LMTP dovecot doesn't accept bounces

[mabi]

Hi everyone,

Just wanted to confirm that I also encounter the same issue with bounces from 
the MAILER-DAEMON now that I upgraded to OpenBSD 6.4 to 6.5 with the latest 
OpenSMTPD 6.5 as you can see below:

May 26 12:20:17 mx1 smtpd[85131]: 0c12bdb4202bd21a mda delivery 
evpid=8a9f8ff1c2320d8c from=<> to= rcpt= 
user=vmail delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 
501 5.5.4 Invalid FROM: Missing domain")
May 26 12:20:17 mx1 smtpd[33901]: warn: queue: no return path!

Gilles, I was wondering if your patch for this issue will make it into the 
official OpenBSD 6.5 errata/patches (https://www.openbsd.org/errata65.html)?

Best regards,
Mabi




‐‐‐ Original Message ‐‐‐
On Saturday, May 18, 2019 2:55 PM, David Flatz  wrote:

> Hello everybody
>
> Thanks for opensmtpd!
>
> I have following config (opensmtpd is compiled with --sysconfdir=/etc/smtpd):
>
> pki "email.com" cert "/etc/ssl/acme/fullchain.pem"
> pki "email.com" key "/etc/ssl/acme/private/privkey.pem"
> table aliases file:/etc/smtpd/aliases
> table virtuals file:/etc/smtpd/virtuals
> table "senders" file:/etc/smtpd/senders
> table domains {"email.com", "email2.com", "email3.com"}
> listen on localhost
> listen on localhost port 10028 tag DKIM
> listen on <> hostname "email.com" pki "email.com" tls-require
> listen on <> hostname "email.com" pki "email.com" tls-require
> listen on <> port 587 hostname "email.com" pki "email.com" tls-require 
> auth mask-src senders <"senders">
> listen on <> port 587 hostname "email.com" pki "email.com" tls-require 
> auth mask-src senders <"senders">
> action "local" lmtp "/var/run/dovecot/lmtp" alias 
> action "remote" lmtp "/var/run/dovecot/lmtp" virtual 
> action "relay_dkim" relay host smtp://127.0.0.1:10027
> action "relay" relay
> match from local for local action "local"
> match from any for domain  action "remote"
> match from local for any tag DKIM action "relay"
> match from local for any action "relay_dkim"
> match auth from any for any action "relay_dkim"
>
> "email.com" in /etc/smtpd/mailname
>
> Delivery to dovecot works pretty good for normal mails locally with
> sendmail and from remote. However, when opensmtpd generates a bounce dovecot
> won't accept it and returns following error message "501 5.5.4
> Invalid FROM: Missing domain".
>
> Here's a short example from my mail log:
>
> 2019-05-16T16:53:44.74235 mail.info: smtpd[14556]: 0426c5ebb3512dbf smtp 
> message address=127.0.0.1 host=localhost msgid=46af690e from=m...@email.com 
> to=inva...@example.com size=1655 ndest=1 proto=ESMTP
> 2019-05-16T16:53:44.74285 mail.info: smtpd[14556]: 0426c5ea6f7e8493 mta 
> delivery evpid=ed61bbacc8e998ab from=m...@email.com to=inva...@example.com 
> rcpt=<-> source="127.0.0.1" relay="127.0.0.1 (localhost)" delay=0s 
> result="Ok" stat="250 2.0.0: 46af690e Message accepted for delivery"
> 2019-05-16T16:53:44.74850 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta 
> connecting address=smtp://xxx.xxx.xxx.xxx:25 host=example.com
> 2019-05-16T16:53:44.75871 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta 
> connected
> 2019-05-16T16:53:45.02044 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta 
> starttls ciphers=version=TLSv1.2, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256
> 2019-05-16T16:53:45.12104 mail.info: smtpd[14556]: smtp-out: Server 
> certificate verification succeeded on session 0426c5ee42eb86d0
> 2019-05-16T16:53:45.19820 mail.info: smtpd[14556]: 0426c5ee42eb86d0 mta 
> delivery evpid=46af690e499ada02 from=m...@email.com to=inva...@example.com 
> rcpt=<-> source="xxx.xxx.xxx.xxx" relay="xxx.xxx.xxx.xxx (example.com)" 
> delay=1s result="PermFail" stat="553 5.3.0 inva...@example.com... No such 
> user here"
> 2019-05-16T16:53:46.20569 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp 
> connected address=local host=email.com
> 2019-05-16T16:53:46.21778 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp 
> message address=local host=email.com msgid=7f01bbab from=<> to=m...@email.com 
> size=2954 ndest=1 proto=ESMTP
> 2019-05-16T16:53:46.22076 mail.info: smtpd[14556]: 0426c5eff2dc9818 smtp 
> disconnected address=local host=email.com reason=quit
> 2019-05-16T16:53:46.26239 mail.info: dovecot: lmtp(14699): Connect from local
> 2019-05-16T16:53:46.26408 mail.info: dovecot: lmtp(14699): Disconnect from 
> local: Remote closed connecti

Re: LMTP delivery broken in 6.5?

[mabi]

Just to get back to all of you guys using OpenSMTPD with Dovecot on OpenBSD 6.5 
who might also encounter this issue: there is indeed a workaround in Dovecot 
which is to basically unset the login_trusted_networks parameter for the LMTP 
protocol like this:

 protocol lmtp {
 login_trusted_networks=
 }

Thanks to all of you answering and the Dovecot mailing list for this hint.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: LMTP delivery broken in 6.5?

[mabi]

‐‐‐ Original Message ‐‐‐
On Friday, May 24, 2019 10:42 AM, Nick Ryan  wrote:

> This doesn't really match your set up, but I have OpenBSD 6.5, dovecot
> 2.3.5.1 and opensmtpd running with the same action line and it's fine.
> No errors or issues - I'm not using dovecot proxies however. Just a
> local delivery to mdbox files.

Good to know, so that really narrows down the problem to using Dovecot in 
combination with LMTP. Sorry for the noise on this mailing list. Although this 
post could be useful to someone else who might also be upgrading to his OpenBSD 
box to 6.5.

> Hope that the XCLIENT fix works out for you.

I don't fancy compiling and install Dovecot 2.3.6 from source on that OpenBSD 
6.5 server so for now I guess I will stick with OpenBSD 6.4 and upgrade to 6.6 
in 5 months ;-)


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: LMTP delivery broken in 6.5?

[mabi]

‐‐‐ Original Message ‐‐‐
On Thursday, May 23, 2019 12:34 PM, mabi  wrote:

> I still think something is not quite right here as it works perfectly with 
> OpenSMTPD 6.4.0 but not with 6.5.0.

I think I found the stinky fish here and that would be Dovecot 2.3.5 with the 
following bug which has been fixed in 2.3.6:

lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server.
Source: 
https://github.com/dovecot/core/commit/5d03f39b345127b80d145ee90772739baa7ab810

Unfortunately OpenBSD 6.5 comes with Dovecot 2.3.5 so it's unusable if you need 
LMTP like in my case. Better stay on OpenBSD 6.4 or wait for 6.6...

Now would be nice if someone with more experience could confirm my hypothesis 
here but I have seen the XCLIENT command being issued nonstop while running 
that tcpdump port the LMTP port...

Maybe there is a way to disable the XCLIENT command in Dovecot but I guess if 
this command is issued during the LMTP session it must then also be required 
for some reason.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: LMTP delivery broken in 6.5?

[mabi]

‐‐‐ Original Message ‐‐‐
On Thursday, May 23, 2019 12:14 PM, Edgar Pettijohn  
wrote:

> Make sure dovecot is running and listening at that path. Netcat should help.

Dovecot is running and I can connect to its LMTP socket file using "nc -U 
/var/dovecot/lmtp" on my MX server.

> You are delivering to a Unix socket not tcp.

I should have been more precise here: my MX server is running Dovecot LMTP in 
proxy mode as I have two Dovecot mailbox servers behind the MX server. These 
mailbox servers are listening on LMTP's standard port 24 so that the LMTP proxy 
on the MX server can connect to. On the MX server the LMTP proxy listens to a 
socket file and on the mailbox servers Dovecot LMTP listens on 24/tcp.

When I mention that I ran "tcpdump" on port 24 that was on the mailbox server. 
So OpenSMTPD has no problem connecting to the Dovecot LMTP proxy on the MX 
server which then also further connects correctly to the right Dovecot mailbox 
server LMTP port 24.

> I haven't gotten around to upgrading yet, so I can't confirm if it's broken. 
> However, I doubt it since there haven't been any other reports I've seen.

I still think something is not quite right here as it works perfectly with 
OpenSMTPD 6.4.0 but not with 6.5.0.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

LMTP delivery broken in 6.5?

[mabi]

Hello,

I upgraded my OpenBSD 6.4 MX server running OpenSMTPD 6.4 to OpenBSD 6.5 
running OpenSMTPD 6.5 but unfortunately had to revert back to 6.4 because mail 
delivery to Dovecot using LMTP did not work anymore. Is it possible that LMTP 
mail delivery is broken in OpenSMTPD 6.5?

In my smtpd.conf file I use:

action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual 

The relevant error log entry of OpenSMTPD is:

May 22 21:49:08 mx1 smtpd[45250]: dfc2d91c04922d88 mda delivery 
evpid=7f51132de0fd58db from= to= 
rcpt= user=vmail delay=1s result=PermFail stat=Error 
("mail.lmtp: LMTP server error: 451 4.4.0 Remote server not answering 
(connect)")

In the log file of Dovecot I don't see anything particular but just some 
information about the connection:

May 22 21:49:07 mx1 dovecot: lmtp(61415): Connect from local
May 22 21:49:08 mx1 dovecot: lmtp(61415): Disconnect from local: Remote closed 
connection (state=READY)

I ran a tcpdump on port 24 (Dovecot LMTP port) and could see that the mail 
delivery never goes past these two first commands:

LHLO mx1.mydomain.tld
XCLIENT HELO=localhost TTL=5

In fact it seems to be trying in a loop to connect and always run LHLO and 
XCLIENT but never goes further to actually issuing the mail.

Running "ps auxwww | grep lmtp" shows me that mail.lmtp is running but never 
manages to deliver the mail successfully:

vmail19798  0.0  0.1   248  1172 ??  I 10:03PM0:00.00 
/usr/libexec/mail.lmtp -f some...@domain.tld -d /var/dovecot/lmtp 
m...@mydomain.tld

Any ideas what could be going wrong here? or is it possibly a bug in 6.5?

Best regards,
Mabi







--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Support of plus character in email address

[mabi]

‐‐‐ Original Message ‐‐‐
On Wednesday, January 2, 2019 5:03 PM, Edgar Pettijohn  
wrote:

> https://www.postgresql.org/docs/9.3/functions-matching.html
>
> You will likely need to use some of the regex functions to pull out the user 
> and domain from $1.

How did I not think about this workaround ;-) Thanks Edgard that works like a 
charm!

For others who might be trying to achieve the same here is the PgSQL query:

SELECT destination FROM vuser WHERE email = 
REGEXP_REPLACE($1,'(.*)\+[\w-]+@(.*)','\1@\2');

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Support of plus character in email address

[mabi]

‐‐‐ Original Message ‐‐‐
On Wednesday, January 2, 2019 3:16 PM, Edgar Pettijohn  
wrote:

> I recently switched to dspam. It ties into smtpd very similarly to amavis 
> Plus it doesn't appear to need the additional  table, and 
> delimeters still work out of the box. Everything you need to know is included 
> in the README plus the specific readme for postgres backend.

I heard good things too about dspam, call me crazy maybe but for me Amavis in 
combination with ClamAV and SpamAssassin has been doing a great job.

> I'm pretty sure that's why I stopped using amavis originally. It is very easy 
> cause problems.

I just would like to precise here that it is not Amavis the source of the 
"problem" in my specific case here but the fact that using an rcpt-to with a 
recipients table in a match rule does not take in account e-mail addresses 
containing a plus character. In my opinion it should allow e-mail adresses with 
a plus or at least it should be a boolean parameter which one can turn on/off 
in smtpd.conf.

@Gilles maybe you have any comments about that?


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Support of plus character in email address

[mabi]

‐‐‐ Original Message ‐‐‐
On Wednesday, January 2, 2019 1:53 PM, Oscar Carlsson  wrote:

> As far as I know sub-addressing is enabled by default. I haven't found
> anything in my configuration that explicitly enables it, but it works
> out of the box here.

That's also what I thought by checking the smtpd.conf man page but I presume my 
issue here is that I use a recipients table in order to check if an e-mail 
address is valid or not before sending to Amavis and then Dovecot. The relevant 
part of my smtpd.conf file looks like this:

table recipients postgres:/etc/mail/postgresql.conf
match from any for domain  rcpt-to  action "relay_amavis"

So here I presume that the rcpt-to option of match does not support having a 
"+" in the e-mail address.

A workaround would be having to manually define the valid "+" recipients in my 
recipients table but that really sound stupid and is not very useful...

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Support of plus character in email address

[mabi]

Hello,

Does OpenSMTPD support the usage of a plus "+" in the e-mail address?

For example I would like to use me+fol...@domain.org in order to instruct my 
dovecot backend IMAP server to deliver the mail into a specific folder.

I had a quick try at it but my OpenSMTPD MX server spits out "550 Invalid 
recipient".

Cheers,
Mabi



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Check first if user exists before sending to Amavis for scanning

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, December 31, 2018 11:56 PM,  wrote:

> That seems weird. Perhaps there is something extra to configure in amavis to 
> keep this from happening. Then
> again if it works it works.

Maybe, i'll check the default amavis config file if I can find an option for 
that but so far I can live with the extra SQL lookup if it avoids a routing 
loop...

And by the way happy new year to the whole OpenSMTPD community :)

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Check first if user exists before sending to Amavis for scanning

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, December 31, 2018 9:44 PM,  wrote:

> be forwarned I haven't used amavis in a few years.

No problem you got it right anyway, amavis listens on port 10024 and sends it 
back to OpenSMTPD on 10025 ;)

I wasn't aware about the mailaddr table but that does exactly the trick, 
brilliant! So now my complete working match rules look like this:

match for local action "local"
match tag AMAVIS for domain  action "lmtp_dovecot"
match tag AMAVIS for any action "relay"
match from any for domain  rcpt-to  action "relay_amavis"
match for any action "relay"

Note that you have spotted the duplicate lookup by using "domain " in 
the second match rule but the problem is that if I remove this "domain 
" lookup then I get into an routing loop (500 5.4.6 Routing loop 
detected: Loop detected) where Amavis sends back to OpenSMTPD which sends back 
to Amavis and so on...

So as far as I understand this "domain " lookup allows me to avoid 
this routing loop.



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Check first if user exists before sending to Amavis for scanning

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, December 31, 2018 8:29 PM,  wrote:

> no worries. I'm sure its still possible. Could you post your full config with 
> the listen directives.

That would be cool :) Below is my full smtpd.conf...

# PKI

pki mx.mydomain.org cert "/etc/ssl/mx.mydomain.org.crt"
pki mx.mydomain.org key "/etc/ssl/private/mx.mydomain.org.key"


# TABLES

table aliases file:/etc/mail/aliases
table domains postgres:/etc/mail/postgresql.conf
table vusers postgres:/etc/mail/postgresql.conf


# LISTEN

listen on egress port 25  hostname mx.mydomain.org tls pki mx.mydomain.org
listen on lo port 10025 tag AMAVIS


# ACTION

action "local" mbox alias 
action "relay" relay
action "relay_amavis" relay host smtp://127.0.0.1:10024
action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual 


# MATCH

match for local action "local"
match tag AMAVIS for domain  action "lmtp_dovecot"
match tag AMAVIS for any action "relay"
match from any for domain  action "relay_amavis"
match for any action "relay"


# SETTINGS

smtp max-message-size 20M


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Check first if user exists before sending to Amavis for scanning

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, December 31, 2018 7:29 PM,  wrote:

> pretty sure you just need...
> action "relay_amavis" relay host smtp://127.0.0.1:10024 virtual 

That would have been very nice, unfortunately the "virtual" parameter does not 
seem to work with relay as I get a syntax error when starting smtpd (line 24 is 
my "relay_amavis" action):

/etc/mail/smtpd.conf:24: syntax error

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Check first if user exists before sending to Amavis for scanning

[mabi]

Hi,

I have an OpenSMTPD on OpenBSD 6.4 MX server which first scans mails with 
Amavis (SpamAssassin + ClamAV) and then delivers it using LMTP to Dovecot. Now 
all mails first go through Amavis which means that even if the mailbox in 
Dovecot does not exist the mail gets processed by Amavis which seems like a 
waste of resources.

Would it possible to have OpenSMTPD first check if the user exists before 
passing the mail to Amavis? I have my valid users defined in a PostgreSQL table 
called vuser and mapped it as the vusers table in OpenSMTPD. I am using the 
table-postgresql extras addon. If the user does not exist then it could abort 
the whole process immediately and return something like User not found. Not 
sure though if this is possible with OpenSMTPD yet?

The relevant part of my smtpd.conf file looks like this:

<...>
table domains postgres:/etc/mail/postgresql.conf
table vusers postgres:/etc/mail/postgresql.conf

action "local" mbox alias 
action "relay" relay
action "relay_amavis" relay host smtp://127.0.0.1:10024
action "lmtp_dovecot" lmtp "/var/dovecot/lmtp" rcpt-to virtual 

match for local action "local"
match tag AMAVIS for domain  action "lmtp_dovecot"
match tag AMAVIS for any action "relay"
match from any for domain  action "relay_amavis"
match for any action "relay"
<...>

Regards,
Mabi

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: different lmtp destinations from table for mail delivery depending on email address

[mabi]

‐‐‐ Original Message ‐‐‐
On Thursday, December 27, 2018 2:09 PM, Craig Skinner  
wrote:

> Can your public MX machine route to your private IMAP machines via SMTP?
>
> Each of your IMAP servers would have an MTA on it.
>
> Make those MTAs send via LMTP to the local Dovecot over a UNIX socket.
>
> Keeps it simple, no SQL nor proxies needed.
>
> Set up a mapping on the public MX machine like this
> (have a cron job write it when users are added/removed):
>
> joe@public.domain -> joe@imap1.private
> sarah@public.domain -> sarah@imap2.private
> andy@public.domain -> andy@imap3.private

Sounds like a good idea unfortunately my backend Dovecot servers are just 
mailbox servers and only reachable via LMTP or IMAP.


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: different lmtp destinations from table for mail delivery depending on email address

[mabi]

Thanks Matt and Gilles for your answers.

I will then go with Dovecot LMTP proxy on my MX server. I was trying to avoid 
having to install Dovecot on my OpenSTMPD MX server to keep it as lean as 
possible but it looks like this is the way to go as I don't want any "hacky" 
solution.

Cheers,
M

‐‐‐ Original Message ‐‐‐
On Wednesday, December 26, 2018 11:31 PM, Gilles Chehade  
wrote:

> Doable with OpenSMTPD using multiple actions and using the rcpt-to matching 
> criteria, however it feels kind of hackish to do it at that level.
>
> Basically you would create one action per dovecot shard, then one match per 
> shard with an rcpt-to criteria pointing to a table containing the recipients 
> for that shard.
>
> I’d do that in dovecot myself.
>
> Cheers,
>
> > On 26 Dec 2018, at 22:24, mabi m...@protonmail.ch wrote:
> > Hello,
> > I would like to setup one OpenSMTPD server as MX server for incoming mails 
> > and have OpenSMTPD deliver the mail to different Dovecot mailbox servers 
> > using LTMP depending on the e-mail address of the recipient.
> > Would this kind of setup be possible to do using the table-postgresql extra 
> > addon? I would then have a table in my database where the recipient email 
> > address is mapped to a respective mailbox server name (email1 -> server1, 
> > email2 -> server2, etc.).
> > Right now I use the following action:
> > action "dovecot" lmtp "server1:24" rcpt-to virtual 
> > which basically only allows me to deliver to one single mailbox server.
> > If I guess I could still use Dovecot's LMTP proxying feature for that 
> > purpose but I think it would be much smarter to do that in OpenSMTPD 
> > directly.
> > Anyone know if this is possible or have an alternative idea how to do that?
> > Best regards,
> > Mabi
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

different lmtp destinations from table for mail delivery depending on email address

[mabi]

Hello,

I would like to setup one OpenSMTPD server as MX server for incoming mails and 
have OpenSMTPD deliver the mail to different Dovecot mailbox servers using LTMP 
depending on the e-mail address of the recipient.

Would this kind of setup be possible to do using the table-postgresql extra 
addon? I would then have a table in my database where the recipient email 
address is mapped to a respective mailbox server name (email1 -> server1, 
email2 -> server2, etc.).

Right now I use the following action:

action "dovecot" lmtp "server1:24" rcpt-to virtual 

which basically only allows me to deliver to one single mailbox server.

If I guess I could still use Dovecot's LMTP proxying feature for that purpose 
but I think it would be much smarter to do that in OpenSMTPD directly.

Anyone know if this is possible or have an alternative idea how to do that?

Best regards,
Mabi




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Issues with Thunderbird and STARTTLS (Pipelining not supported)

[mabi]

‐‐‐ Original Message ‐‐‐
On Monday, December 17, 2018 1:49 PM, Matt Schwartz  
wrote:

> Right off the bat, I think the mask-src might be causing a problem. I know 
> that Thunderbird does some weird stuff and it doesn't play well with 
> OpenSMTPD's correct implementation of smtps but you're using starttls. So 
> instead of mask-src, try using the hostname parameter and set it to the 
> hostname that you want to use.

Spot on, that was it. I simply removed mask-src and STARTTLS works nicely with 
Thunderbird too.

Thanks Matt and Edgar for answering!

Issues with Thunderbird and STARTTLS (Pipelining not supported)

[mabi]

Hi,

I just configured OpenSMTPD on OpenBSD 6.4 with authentication to send mails as 
a MSA (port 587). I did some tests with swaks and TLS enabled and it works fine 
but with Thunderbird it miserably fails to use STARTTLS. On the server side I 
get:

500 5.5.1 Invalid command: Pipelining not supported

Is Thunderbird somehow so broken that it doesn't even respect that OpenSMTPD 
does not support SMTP pipelining?

I am using Thunderbird 60.3.0...

Any workarounds?

Also I was wondering if OpenSMTPD supports other authentication types 
additionally to PLAIN and LOGIN?

Regards,
Mabi







--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: FAQ gone?

[mabi]

I see, that makes sense...


‐‐‐ Original Message ‐‐‐
On Wednesday, December 12, 2018 7:42 PM, Matt Schwartz 
 wrote:

> I think the FAQ section is probably in the process of being reworked
> due to the recent grammar and functionality changes in OpenSMTPD 6.4.
> On Wed, Dec 12, 2018 at 1:40 PM mabi m...@protonmail.ch wrote:
>
> > Hi,
> > I was wondering where did the FAQ section on the opensmtpd.org website 
> > disappear?
> > It had useful setup examples with LMTP and Dovecot if I remember 
> > correctly...
> > Regards,
> > Mabi
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
> --
>
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

FAQ gone?

[mabi]

Hi,

I was wondering where did the FAQ section on the opensmtpd.org website 
disappear?

It had useful setup examples with LMTP and Dovecot if I remember correctly...

Regards,
Mabi

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Fail2Ban filter for OpenSMTPD

[mabi]

Hi there,

Does anyone have a fail2ban filter for OpenSMTPD?

I would like to block the many many AUTH LOGIN attempts as you can see here 
from the logs:

Jun 17 11:55:49 gw smtpd[594]: 7eeebcc95623efe1 smtp event=failed-command 
command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not supported"
Jun 17 11:55:52 gw smtpd[594]: 7eeebcc95623efe1 smtp event=closed 
reason="io-error: Connection reset by peer"

Cheers,
M.

Re: Enabling route every 2 seconds in a loop

[mabi]

Hi,

I did a grep like you mentioned but there is only that:

May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connecting 
address=smtp+tls://163.114.21.130:25 host=mtagated.edf.fr
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connected
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=error reason=IO 
Error: Connection reset by peer

Now it simply stopped by magic and at the time this happened I did not have any 
webapp trying to sendmail.

 Original Message 
Subject: Re: Enabling route every 2 seconds in a loop
Local Time: May 24, 2017 9:02 AM
UTC Time: May 24, 2017 7:02 AM
From: mikyde...@yahoo.fr
To: misc@opensmtpd.org <misc@opensmtpd.org>

Hello,
I have the same problem and wrote two days ago about that (but the mailling 
list drop my mails)
Could you try to locate the first connection for this session: grep 
c806af9e5fc46153 /var/log/messages
If you have the same problem as I do you're find a connection from the outside 
with a user belonging to that domain and your MTA tries to reply back that the 
destination address doesn't exist

Le Mercredi 24 mai 2017 3h01, Edgar Pettijohn <ed...@pettijohn-web.com> a écrit 
:

On 05/23/17 13:03, mabi wrote:
Hello,

My OpenSMTPd 6.0.2p1 mail gateway is somehow looping indefinitely with the 
following log output every 2 seconds:

May 23 20:00:44 mgw smtpd[28997]: smtp-out: Enabling route [] <-> 
163.114.21.130 (mtagated.edf.fr)
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connecting 
address=smtp+tls://163.114.21.130:25 host=mtagated.edf.fr
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=connected
May 23 20:00:44 mgw smtpd[28997]: c806af9e5fc46153 mta event=error reason=IO 
Error: Connection reset by peer
May 23 20:00:44 mgw smtpd[28997]: smtp-out: Disabling route [] <-> 
163.114.21.130 (mtagated.edf.fr) for 15s

There are no mails in the queue and I don't see why it is trying to connect to 
that server every 2 seconds.

Any idea what is going wrong here?

Regards,
M.
Do you have some sort of webapp trying to "sendmail"?

Re: pkg_add thinks I am still on 5.9

[mabi]

My bad I had the PKG_PATH env var pointing to 5.9 in my .profile.

Thanks for the great 6.1 release!

 Original Message 
Subject: pkg_add thinks I am still on 5.9
Local Time: April 30, 2017 12:00 AM
UTC Time: April 29, 2017 10:00 PM
From: m...@protonmail.ch
To: misc@opensmtpd.org 

Hi,

I just upgraded my firewall from OpenBSD 6.0 to 6.1 and somehow my 
installations seems to think that I am still running OpenBSD 5.9 as you can see 
in the example below:

$ doas pkg_add net-snmp
http://mirror.switch.ch/ftp/pub/OpenBSD/5.9/packages/amd64/net-snmp-5.7.3p6.tgz:
 unsigned package (signify(1) doesn't see old-style signatures)

How can I force OpenBSD to use 6.1 packages instead of 5.9?

Regards,
M.

rspamd compatibility

[mabi]

Hello,
Did anyone already succesfully integrate rspamd with OpenSMTPD ? I would be 
interested to know if both products work nicely together and if anyone has any 
example of working config.
Regards
M.