Re: [9front] Mail server setup

[sirjofri <sirjofri+ml-9front@sirjofri.de>]

11.08.2022 23:17:30 chris@chrisfroeschl.de:
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src?  Is the e flag intended for
> production use? Otherwise a manpage update would help.

Simple answer: because the man page sucks and modern mail sucks. Feel 
free to send patches for the man pages, people will like it. Also read 
the man pages carefully, the arguments are not as listed as in most linux 
man pages.

> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
> SpamAssassin regarding:
>
> -0.001  FSL_BULK_SIG    Bulk signature with no Unsubscribe
> -1.985  PYZOR_CHECK Similar message reported on Pyzor 
> (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by 
> Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001   SPF_HELO_PASS   SPF: HELO matches SPF record
> 0.001   SPF_PASS    SPF: sender matches SPF record
> Great! Your SPF is valid

The -2 by pyzor check tells everything. I guess you sent some kinda test 
mail with some test content? Try sending some real fake text, for example 
one of the short stories I wrote or whatever.

> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before).  My smtpd logs when I try that:
>
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed 
> test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked 
> name test.chrisfroeschl.de!chris

That sounds like an error in /mail/lib files. See the rewrite file there 
and also the smtpd.conf file, I guess. I don't know the exact details, so 
have fun.

> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain.  Perhaps some MX record error from
> my side?  I will debug this as good as I can the following days.  Here
> is my obsd maillog:
>
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route 
> for 
> [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta 
> delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> 
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" 
> relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network 
> error on destination MXs"
>
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 
> 25):
>
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta 
> delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> 
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" 
> relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s 
> result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user 
> unknown"

In my setup I have both tcp25 and tcp587. Tcp587 uses -a fpr 
authentication (use that for sending mail) while tcp25 is the incoming 
port without -a.

In smtpd.conf there should be defaultdomain and ourdomains both be set to 
your domain. Iirc it didn't work properly if I only specified 
defaultdomain.

>> there is a deficiency in the fqa’s description of setting up smtp and 
>> imap for remote users:
>>
>> - client side use against a 9front server is not described at all.
>>
>> - an “Inferno/POP secret” is used as the password for both smtp and
>> imap, which must be configured *in addition to* the user’s regular
>> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
>>
>> i’ll address this.
>
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points.  Feel free to
> edit it afterwards however you like.

Regarding patches, I don't remember if my smtp patch is already applied 
to front. It adds a new flag to smtp to skil the certificate check 
completely. Here it is if you're interested: 
http://sirjofri.de/oat/patches/smtp.patch


Also, send patches.

sirjofri