From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 3580A4E292C for <9fans@9fans.net>; Sat, 24 Oct 2020 21:16:32 -0400 (EDT) (envelope-from ori@eigenstate.org) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 3E8AAA4D588; Sat, 24 Oct 2020 21:16:32 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1603588592; b=L3VxreTzF8U+It62N9FmZu9E8LxISzBi5rN7b24/uUf6Un2jTj NDyvBn9hBTlSBTiNTqPzgvRRlQ/KEcXJqT9OTJjToqSo4kWGwVY5P1aUMoshqE2G vO2d+ve3zV5forfhnJgKvqi7DTAVSsu7bxeYUX3Wq69wdMO3BdrhMOEzUNmuCgpP icYXj1nKCljTD3UKdA+63kC0VwXXF1uwjL+/ATjWPjvm0cS+XK7kNJf9F6ORzHie cSH0si5S7upcBdAfNcuYjqezhu38XDHnwJ8LRu/ueldkDHr9IUYt80CSAGGmKFjZ L1fEp+Zsv4QAd9sPI7owDjfykNQLWXFXYJEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:date:from:mime-version :content-type:content-transfer-encoding; s=arcseal; t= 1603588592; bh=4BR3OEF5cvApVvxQEVUSxsWM8rZ8bIxwqkUNEuuechg=; b=J PLGGbbHdVJKG4izXQoSSwr2CtBPp6BmVMr96nR5hN0nBNkxhLDNwsxfCw3Qc2RiQ 2uC4jbiSXgVBW6BjipJhHBr1iPh6GR4o/xLf/7xP+RZN7onAC2dV504c6xFDYz+S nBK6N5//jJJqUji/Adp5isqtHb4NwBfdIi5P37V62e7awSpW6TdkWGv+1HgKmRZ+ OKYNOmV2Z8ewA+gsWMYEJ14/KAIJN29P6hdUIkv0VhYuImV8tjHqn02cWY9+FvBi 7dIlKpbPKfjtZhzA+ws8U83MlPbuNKenqlujrYW8pcKNyGOFFeGSTBYdYrizctFH tnQMHQ3HpeGa1a9npVsKA== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=none (no signatures found); dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org,kusuri.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org,kusuri.pikopiko.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=none (Domain is not BIMI enabled); dkim=none (no signatures found); dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org,kusuri.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org,kusuri.pikopiko.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedujedrkeefgdeggecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkffvufffhf ggtgfgsehtkeejtddttdejnecuhfhrohhmpehorhhisegvihhgvghnshhtrghtvgdrohhr ghenucggtffrrghtthgvrhhnpeduudejjeekvdejlefghedvjedujeffffejvdejteeuge dtheeftedtheeftdetteenucffohhmrghinhepvghighgvnhhsthgrthgvrdhorhhgnecu kfhppedvtdeirdduvdegrddufedvrddutdejpdejgedruddtuddrvddrieenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdeirdduvdegrddufedvrddu tdejpdhhvghlohepmhhimhhirhdrvghighgvnhhsthgrthgvrdhorhhgpdhmrghilhhfrh homhepoehorhhisegvihhgvghnshhtrghtvgdrohhrgheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (eigenstate.org: 206.124.132.107 is authorized to use 'ori@eigenstate.org' in 'mfrom' identity (mechanism 'mx' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="ori@eigenstate.org"; helo=mimir.eigenstate.org; client-ip=206.124.132.107 Received: from mimir.eigenstate.org (mimir.eigenstate.org [206.124.132.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sat, 24 Oct 2020 21:16:31 -0400 (EDT) (envelope-from ori@eigenstate.org) Received: from abbatoir.fios-router.home (pool-74-101-2-6.nycmny.fios.verizon.net [74.101.2.6]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 9b2e317d (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9fans@9fans.net>; Sat, 24 Oct 2020 18:16:29 -0700 (PDT) Message-ID: <3A5DAC6D173B9A96E5164EB4265D48A8@eigenstate.org> To: 9fans@9fans.net Subject: upas: sample configs Date: Sat, 24 Oct 2020 18:16:28 -0700 From: ori@eigenstate.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: ba315c46-165f-11eb-a8ef-de21afb34018 The next thing which I've wanted for a while are some slimmed down sample configs. The general scheme that I'm proposing: /mail/lib: comes with a sample config that allows sending mail with minimal configuration. What I've got in this patch works with: upasname=ori@eigenstate.org echo 'key proto=pass server=eigenstate.org '\ 'service=smtp user=ori email=ori@eigensate.org '\ '!password=redacted' > /mnt/factotum/ctl I'm reasonably happy with this config. /mail/lib/smtp.example A minimal smtp config that I'm using on my orib.dev domain at the moment. This, I'm less confident about; I've scraped together the config from /mail/lib, gotten it working, but haven't seriously used it in anger. It may be horribly misconfigured. I'm also going to put out a call for more complex configs. /mail/lib/smtpd-graylist.example /mai/lib/smtpd-mailinglists.example Other changes in this patch include moving the various rc script bits to /mail/lib/rc, to make it clearer what users are expected to configure, and what they shouldn't need to touch. diff -r 0281cd6caa8c sys/lib/dist/mail/lib/remotemail --- a/sys/lib/dist/mail/lib/remotemail Sat Oct 24 17:24:59 2020 -0700 +++ b/sys/lib/dist/mail/lib/remotemail Sat Oct 24 18:08:00 2020 -0700 @@ -1,14 +1,21 @@ #!/bin/rc -shift -sender=$1 -shift -addr=$1 -shift -fd=`{/bin/upas/aliasmail -f $sender} -switch($fd){ -case *.* - ; -case * - fd=yourdomain.dom + +# allow per-user customization +if(test -x $home/mail/lib/remotemail) + exec $home/mail/lib/remotemail + +sender=$2 +svcpat='[ ]service=smtp[ ]' +addrpat='[ ]email='$2'[ ]' +config=`{grep -e $svcpat -e $addrpat /mnt/factotum/ctl} +if(~ $#config 0) + exit 'no server' +for(kv in $config){ + parts=`'='{echo -n $kv} + switch($parts(1)){ + case server; server=$parts(2) + case user; login=$parts(2) + } } -exec /bin/upas/smtp -h $fd $addr $sender $* + +exec /bin/upas/smtp -as -u $login $server $addr $sender $*(4-) diff -r 0281cd6caa8c sys/lib/dist/mail/lib/rewrite --- a/sys/lib/dist/mail/lib/rewrite Sat Oct 24 17:24:59 2020 -0700 +++ b/sys/lib/dist/mail/lib/rewrite Sat Oct 24 18:08:00 2020 -0700 @@ -1,9 +1,14 @@ -# mail rewrite rules, see rewrite(6) -# -# see the appropriate example rewrite files -# your type of mail system: -# -# /mail/lib/rewrite.direct - for systems that deliver all mail directly -# /mail/lib/rewrite.gateway - for systems that route all mail to a gateway -# or mail server for delivery -# +# translate local aliases from /mail/lib/namefiles +\"(.+)\" translate "/bin/upas/aliasmail '\1'" +[^!@.]+ translate "/bin/upas/aliasmail '&'" + +## If you don't set $upasname, then the email comes from your +## local user name; translate it to a domain-qualified name. +## Not needed with the default configuration, which expects +## $upasname to be set. +# +#local!"(.+)" alias \1@YOURDOMAIN.DOM +#local!(.*) alias \1@YOURDOMAIN.DOM + +# send all mail to the gateway or mail server, $smtp, for delivery +([^!]*)!(.*) | "/mail/lib/qmail '\s' 'net!$smtp'" "'\2@\1'" diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/namefiles --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/namefiles Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,3 @@ +# files listed here will be consulted for aliases + +names.local diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/names.local --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/names.local Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,5 @@ +# alias file, listed in /mail/lib/namefiles + +# postmaster goes to glenda +postmaster glenda + diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/qmail --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/qmail Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,6 @@ +#!/bin/rc +# qmail sender machine user... +rfork s +upas/vf | upas/qer /mail/queue mail $* || exit 'qer failed' +upas/runq -n 10 /mail/queue /mail/lib/remotemail /dev/null >[2=1] & +exit '' diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/remotemail --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/remotemail Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,9 @@ +#!/bin/rc + +# program sender addr args... +sender=$2 +addr=$3 +fd=`{/bin/upas/aliasmail -f $sender} +if(! ~ $fd *.*) + fd=YOURDOMAIN.DOM +exec /bin/upas/smtp -h $fd $addr $sender $*(4-) diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/rewrite --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/rewrite Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,29 @@ +# +# sample rewrite file for systems that send and receive mail directly. +# +# by default, the return address points to this system; if you have multiple systems +# and don't want them all to be mail recipients, set $site to a generic +# name (e.g., plan9) or system name in /rc/bin/termrc and /rc/bin/cpurc +# and put an MX DNS record in /lib/ndb to point to that system. +# +# replace YOURDOMAIN.DOM in the following rules with your domain name. +# case conversion for postmaster +pOsTmAsTeR alias postmaster + +# local mail +\l!(.*) alias \1 +(YOURDOMAIN.COM)!(.*) alias \2 +[^!@]+ translate "/bin/upas/aliasmail '&'" +local!(.*) >> /mail/box/\1/mbox + +# we can be just as complicated as BSD sendmail... +# convert source domain address to a chain a@b@c@d... +@([^@!,]*):([^!@]*)@([^!]*) alias \2@\3@\1 +@([^@!]*),([^!@,]*):([^!@]*)@([^!]*) alias @\1:\3@\4@\2 + +# convert a chain a@b@c@d... to ...d!c!b!a +([^@]+)@([^@]+)@(.+) alias \2!\1@\3 +([^@]+)@([^@]+) alias \2!\1 + +# /mail/lib/remotemail will take care of gating to systems we don’t know +([^!]*)!(.*) | "/mail/lib/qmail '\\s' 'net!\1'" "'\2'" diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/smtpd.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/smtpd.conf Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,22 @@ +# +# sample smtpd configuration options for inside connections +# + +# +# replace YOURDOMAIN.COM with the name of your domain +# replace 10.0.0.0 with the IP address range of your networks + +defaultdomain YOURDOMAIN.COM +norelay on #disallow relaying +verifysenderdom on #disable dns verification of sender domain +saveblockedmsg off #save blocked messages + +# +# if norelay is on, you need to set the +# networks allowed to relay through +# as well as the domains to accept mail for +# + +ournets 144.202.1.203 +ourdomains YOURDOMAIN.COM +# ourdomains *.fakedom.dom, *.fakedom.rog diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/validateaddress --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/validateaddress Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,2 @@ +#!/bin/rc +mail -x $1 | grep -vs '^unknown user|^Invalid address' diff -r 0281cd6caa8c sys/lib/dist/mail/lib/smtp.example/validateattachment --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/lib/smtp.example/validateattachment Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,64 @@ +#!/bin/rc +# validateattachment mboxfile +rfork en +upastmp=/mail/tmp +# +# exit status matching: +# +# *discard* - is really bad, refuse the message +# *accept* - is really good, leave attachment alone +# * - rewrite attachment to have .suspect extension +# + +if(! ~ $#* 1){ + echo usage: validateattachment mboxfile >[1=2] + exit usage +} + +echo validating >[1=2] +fn save { + d=`{date -n} + cp body $upastmp/$d.$1 + cp raw $upastmp/$d.$1.raw + whatis x >$upastmp/$d.$1.file +} +fn sigexit { + rm -f $upastmp/$d.$1^('' .raw .file) +} + +upas/fs -f $1 +cd /mail/fs/mbox/1 + +x=`{file body | sed s/body://} +x=$"x +switch($x){ +case *Ascii* *text* *'c program'* *'rc executable'* + save accept + exit accept + +case *'zip archive'* + # >[2=1] because sometimes we get zip files we can't parse + # but the errors look like + # unzip: reading data for philw.doc.scr failed: ... + # so we can still catch these. + if(unzip -tsf body >[2=1] | grep -si ' |\.(scr|exe|pif|bat|com)$'){ + echo executables inside zip file! + exit discard + } + +case jpeg 'PNG image' bmp 'GIF image' *'plan 9 image'* + save accept + exit accept + +case *Microsoft* *Office* + save wrap + exit wrap + +case *MSDOS* + # no executables + echo $x + exit discard +} + +save wrap +exit wrap diff -r 0281cd6caa8c sys/lib/dist/mail/rc/isspam.rc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/rc/isspam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,36 @@ +#!/bin/rc + +if (~ $#USER 0) + USER=$user +cd /mail/box/$USER +rfork en + +TMP=/tmp/spam.$sysname.$pid +sed '/^$/,$ s/^From / From /' >$TMP.msg +upas/fs -f $TMP.msg +{ + echo '# hash table' + upas/msgcat $TMP.msg | upas/msgtok | + grep -v '^....................(.*) ' | + sed 's/$/ 1/' + } >$TMP.tok + +x=`{upas/bayes -k _prof.mbox _prof.spam ~ $TMP.tok} +#echo xx $x xx >>/tmp/spam +#ls -l _prof.mbox _prof.spam $TMP.tok>>/tmp/spam +where=$x(1) +prob=$x(2) +echo $where $prob +*=($x) +shift 2 +while(! ~ $#* 0){ + echo ' ' $1 $2 + shift 2 +} +rm -f $TMP.tok $TMP.msg +if (~ $where *spam*){ + exit '' +} +if not { + exit 'is ok' +} diff -r 0281cd6caa8c sys/lib/dist/mail/rc/msgcat.rc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/rc/msgcat.rc Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,49 @@ +#!/bin/rc + +rfork ne + +if(~ $1 /mail/fs/mbox*){ + dir=$* +} +if not{ + upas/fs -f $1 + dir=/mail/fs/mbox/[0-9]* +} + +fn catmsg { + t=`{cat type} + switch($t){ + case text/html + echo ' + ,x// c// + ,x/<[^>]+>/d + ,p + u + ,y/<[^>]+>/d + ,p + ' | sam -d body |[2] sed '1d;/^\?/d' + case text/* + cat body + case message/* + cat body + case multipart/alternative + if(~ `{cat 1/type} text/plain) + cd 1 && {catmsg; cd ..} + if not if (~ `{cat 2/type >[2]/dev/null} text/plain) + cd 2 && {catmsg; cd ..} + if not { + for (i in [0-9]*) + cd $i && {catmsg; cd ..} + } + case * + echo $t + } +} + +for(i in $dir){ + cd $i + cat unixheader header + echo + catmsg + echo +} diff -r 0281cd6caa8c sys/lib/dist/mail/rc/spam.rc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/rc/spam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,18 @@ +#!/bin/rc + +rfork en +TMP=/tmp/spam.$sysname.$pid +sed '/^$/,$ s/^From / From /' >$TMP.msg +upas/fs -f $TMP.msg +{ + echo '# hash table' +upas/msgcat $TMP.msg | upas/msgtok | + grep -v '^....................(.*) '| + sed 's/$/ 1/' +} >$TMP.tok +cd /mail/box/$user +#cp $TMP.tok /tmp/_prof.spam +upas/addhash -o _prof.mbox _prof.mbox 1 $TMP.tok -1 +upas/addhash -o _prof.spam _prof.spam 1 $TMP.tok 1 +rm -f $TMP.* + diff -r 0281cd6caa8c sys/lib/dist/mail/rc/unspam.rc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/lib/dist/mail/rc/unspam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -0,0 +1,18 @@ +#!/bin/rc + +rfork en +TMP=/tmp/spam.$sysname.$pid +sed '/^$/,$ s/^From / From /' >$TMP.msg +upas/fs -f $TMP.msg +{ + echo '# hash table' +upas/msgcat $TMP.msg | upas/msgtok | + grep -v '^....................(.*) '| + sed 's/$/ 1/' +} >$TMP.tok +cd /mail/box/$user +#cp $TMP.tok /tmp/_prof.mbox +upas/addhash -o _prof.mbox _prof.mbox 1 $TMP.tok 1 +upas/addhash -o _prof.spam _prof.spam 1 $TMP.tok -1 +rm -f $TMP.* + diff -r 0281cd6caa8c sys/src/cmd/upas/binscripts/isspam.rc --- a/sys/src/cmd/upas/binscripts/isspam.rc Sat Oct 24 17:24:59 2020 -0700 +++ b/sys/src/cmd/upas/binscripts/isspam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -1,2 +1,8 @@ #!/bin/rc -exec /mail/lib/isspam.rc $* + +# pre-cleanup, these were tossed +# in /mail/lib: exec them so we +# don't break working configs. +if(test -x /mail/lib/isspam.rc) + exec /mail/lib/isspam.rc +exec /mail/rc/isspam.rc $* diff -r 0281cd6caa8c sys/src/cmd/upas/binscripts/spam.rc --- a/sys/src/cmd/upas/binscripts/spam.rc Sat Oct 24 17:24:59 2020 -0700 +++ b/sys/src/cmd/upas/binscripts/spam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -1,2 +1,2 @@ #!/bin/rc -exec /mail/lib/spam.rc $* +exec /mail/rc/spam.rc $* diff -r 0281cd6caa8c sys/src/cmd/upas/binscripts/unspam.rc --- a/sys/src/cmd/upas/binscripts/unspam.rc Sat Oct 24 17:24:59 2020 -0700 +++ b/sys/src/cmd/upas/binscripts/unspam.rc Sat Oct 24 18:08:00 2020 -0700 @@ -1,2 +1,8 @@ #!/bin/rc -exec /mail/lib/unspam.rc $* + +# pre-cleanup, these were tossed +# in /mail/lib: exec them so we +# don't break working configs. +if(test -x /mail/lib/unspam.rc) + exec /mail/lib/unspam.rc +exec /mail/rc/unspam.rc $*