9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] Mail server setup
@ 2022-08-06 13:17 chris
  2022-08-06 19:46 ` william
                   ` (2 more replies)
  0 siblings, 3 replies; 19+ messages in thread
From: chris @ 2022-08-06 13:17 UTC (permalink / raw)
  To: 9front

Greetings all,

I recently started to setup my first 9front hosting system.  At the
moment I'm having great issues with preparing my mail setup (like I
expected).

My server is already up and running auth/cpu/fs server
(185.183.157.17) which I can rcpu into without issues.

I'm not yet able to change my DNS entries, and as a result of that
bound to testing most of the features via IP. (If that turns out to be
the issue perhaps, I will be glad to risk it. I think smtp won't
be testable like that? Correct me if I'm wrong)

I followed the mail server configuration and maintenance from the FQA
( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .

IMAP should work soley work with a proper tcp993, tls cert and of
course my user (chris) (having a proper Inferno/POP secret (?) and
groups):

cpu% ls -l /sys/lib/tls/
--rw-rw-r-- M 192 sys   sys  412 Oct  5  2019 /sys/lib/tls/README
d-rwxrwxr-x M 192 sys   sys    0 Apr  3 17:52 /sys/lib/tls/acmed
--rw-rw-r-- M 192 chris sys 1025 Aug  6 12:20 /sys/lib/tls/cert
--rw------- M 192 chris sys 2399 Aug  5 15:24 /sys/lib/tls/key
cpu% ls -l /mail/box/
d-rwxr-xr-x M 192 chris  chris  0 Aug  5 20:21 /mail/box/chris
d-rwxrwxr-x M 192 glenda glenda 0 Aug  3 15:29 /mail/box/glenda
cpu% cat /adm/users 
-1:adm:adm:glenda,chris
0:none:adm:
1:tor:tor:
2:glenda:glenda:
3:chris:chris:
10000:sys::glenda,chris
10001:map:map:
10002:doc::
10003:upas:upas:glenda,chris
10004:font::
cpu% cat /bin/service/tcp993 
#!/bin/rc
exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
-r `{cat $3/remote} /bin/upas/imap4d -v -p \
>>[2]/sys/log/imap4d
cpu% 

My tcp993 differs a bit, because the FQA version seemed faulty.
(imap4d in /bin/upas instead of /bin/ip and no second -r option,
aswell as some additional debug flags. I will fix that in the
FQA if it turns out to be wrong)

My TLS key is of course already in factotum and appended to it on
every boot in my cpurc like so:

cat /sys/lib/tls/key >> /mnt/factotum/ctl

Error response on client:

; upas/fs -f /imaps/185.183.157.17/chris 

!Adding key: proto=cram server=185.183.157.17 user=chris
password: 
!
upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
;

I also tried connecting via thunderbird on a linux machine.  But no
success.

Log output server (either client):

cpu% cat /sys/log/imap4d

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tlsServer2

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
	version: 0303
	random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
	sid: <0> [ ]
	ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
	compressors: <1> [ 00 ]
	extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports   cipher cca8, compressor 0

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
	version: 0303
	random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
	sid: <0> [ ]
	cipher: cca8
	compressor: 00

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send Certificate
	<717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
	curve: 001d
	dh_Ys: nil
	sigalg: 0401
	dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
	dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 
chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
	key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls secrets

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
708eba2ee0ab671051ab3a11

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HFinished
0ad8ef477b13c840feb6a93b

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls finished

chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports open

cpu%

I know that I could just 9fs my mail, but I would like to get IMAP
working anyways.  Feel free to ask if further information is required.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-06 13:17 [9front] Mail server setup chris
@ 2022-08-06 19:46 ` william
  2022-08-06 19:47 ` william
  2022-08-07  0:56 ` sl
  2 siblings, 0 replies; 19+ messages in thread
From: william @ 2022-08-06 19:46 UTC (permalink / raw)
  To: 9front

urgh. Mail is a struggle. I suspect one of the more experienced developers might have an answer. But to clarify
for everyone. The mail server works and you can get and receive mail on the server just fine. 

Problem you are having is restricted to imap only and you wish to receive mail from a client like thunderbird
or another 9front using imap4d etc...

I get the feeling you have it correct but maybe the key is wrong?

I think you use auth/rsagen... to create the key. Then you run auth/rsa2x509 to sign it so what's in factotum
should be the key and it might look in /sys/lib/tls for the pem or cert? I Usually get this mixed up

I also had to throw my key in /cfg/$sysname and echo to factotum at boot. Yea maybe not the best security but 
it works

 mkdir /cfg/$sysname
 touch /cfg/$sysname/cpustart
 echo 'cat /sys/lib/tls/smtp/key >>/mnt/factotum/ctl' >>/cfg/$sysname/cpustart

Maybe its not the best way but my Macbook mail client for work can get mail, my ios phone can't because of a recent change and my self signed service is violates apple BS as a contractor.

my logs are usualy 
fail or devtls expcted etc. 

oh and chmod 400 for the key?



Quoth chris@chrisfroeschl.de:
> Greetings all,
> 
> I recently started to setup my first 9front hosting system.  At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
> 
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
> 
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
> 
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
> 
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
> 
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys   sys  412 Oct  5  2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys   sys    0 Apr  3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug  6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug  5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris  chris  0 Aug  5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug  3 15:29 /mail/box/glenda
> cpu% cat /adm/users 
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993 
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu% 
> 
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
> 
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
> 
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
> 
> Error response on client:
> 
> ; upas/fs -f /imaps/185.183.157.17/chris 
> 
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password: 
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
> 
> I also tried connecting via thunderbird on a linux machine.  But no
> success.
> 
> Log output server (either client):
> 
> cpu% cat /sys/log/imap4d
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> 	version: 0303
> 	random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> 	sid: <0> [ ]
> 	ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> 	compressors: <1> [ 00 ]
> 	extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports   cipher cca8, compressor 0
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> 	version: 0303
> 	random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> 	sid: <0> [ ]
> 	cipher: cca8
> 	compressor: 00
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> 	<717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> 	curve: 001d
> 	dh_Ys: nil
> 	sigalg: 0401
> 	dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> 	dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> 	key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls secrets
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls finished
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports open
> 
> cpu%
> 
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways.  Feel free to ask if further information is required.
> 
> chris
> 


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-06 13:17 [9front] Mail server setup chris
  2022-08-06 19:46 ` william
@ 2022-08-06 19:47 ` william
  2022-08-08 10:26   ` chris
  2022-08-07  0:56 ` sl
  2 siblings, 1 reply; 19+ messages in thread
From: william @ 2022-08-06 19:47 UTC (permalink / raw)
  To: 9front

chmod 600 for the key sorry



Quoth chris@chrisfroeschl.de:
> Greetings all,
> 
> I recently started to setup my first 9front hosting system.  At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
> 
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
> 
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
> 
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
> 
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
> 
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys   sys  412 Oct  5  2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys   sys    0 Apr  3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug  6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug  5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris  chris  0 Aug  5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug  3 15:29 /mail/box/glenda
> cpu% cat /adm/users 
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993 
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu% 
> 
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
> 
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
> 
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
> 
> Error response on client:
> 
> ; upas/fs -f /imaps/185.183.157.17/chris 
> 
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password: 
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
> 
> I also tried connecting via thunderbird on a linux machine.  But no
> success.
> 
> Log output server (either client):
> 
> cpu% cat /sys/log/imap4d
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> 	version: 0303
> 	random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> 	sid: <0> [ ]
> 	ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> 	compressors: <1> [ 00 ]
> 	extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports   cipher cca8, compressor 0
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> 	version: 0303
> 	random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> 	sid: <0> [ ]
> 	cipher: cca8
> 	compressor: 00
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> 	<717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> 	curve: 001d
> 	dh_Ys: nil
> 	sigalg: 0401
> 	dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> 	dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> 	key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls secrets
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls finished
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports open
> 
> cpu%
> 
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways.  Feel free to ask if further information is required.
> 
> chris
> 


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-06 13:17 [9front] Mail server setup chris
  2022-08-06 19:46 ` william
  2022-08-06 19:47 ` william
@ 2022-08-07  0:56 ` sl
  2 siblings, 0 replies; 19+ messages in thread
From: sl @ 2022-08-07  0:56 UTC (permalink / raw)
  To: 9front

> cpu% cat /bin/service/tcp993 
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu% 
> 
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)

thanks, /bin/ip/upas was a mistake. i've updated the example to read:

	#!/bin/rc
	exec tlssrv -c/sys/lib/tls/cert -limap4d \
		-r`{cat $3/remote} /bin/upas/imap4d -p \
		-r`{cat $3/remote} >>[2]/sys/log/imap4d
		# tlssrv and imap4d both have -r flags.
		# to use with listen1, change $3 to $net.

the duplicate -r flag wasn't really a duplicate, it's just a valid
flag for both tlssrv and imap4d. maybe pointless overkill, but we
try to capture all the logging and error output we can.

sl

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-06 19:47 ` william
@ 2022-08-08 10:26   ` chris
  2022-08-09  8:21     ` william
  0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-08 10:26 UTC (permalink / raw)
  To: 9front

Got a subdomain for testing now, but the error remains:

; upas/fs -f /imaps/test.chrisfroeschl.de/chris

!Adding key: proto=cram server=test.chrisfroeschl.de user=chris
password: 
!
upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax

> chmod 600 for the key sorry

I created a new TLS cert several times to avoid an error there.

These were my last creation steps: (from the FQA)

; ramfs -p
; cd /tmp
; auth/rsagen -t 'service=tls role=client owner=*' >key
; chmod 600 key
; cp key /sys/lib/tls/key
; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert

Permission should suffice therefore.

I really can't see what I'm doing wrong by now.  Perhaps some ndb
stuff that is required but not mentioned?  Some special user settings?
etc.

Will investigate further while testing smtp as soon as I get the chance.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-08 10:26   ` chris
@ 2022-08-09  8:21     ` william
  2022-08-09 18:09       ` chris
  0 siblings, 1 reply; 19+ messages in thread
From: william @ 2022-08-09  8:21 UTC (permalink / raw)
  To: 9front

yea I don't know. Here is my ndb 

ipnet=thinktankworkspaces.com ip=45.79.94.0 ipmask=255.255.255.0
	ipgw=45.79.94.1
	dns=173.230.145.5
	authdom=maat
	auth=maat
	dnsdom=think
	cpu=maat
	fs=maat
	smtp=thinktankworkspaces.com
	mail=thinktankworkspaces.com
	#smtp=45.79.94.76
	#mail=45.79.94.76

before I moved the domain I did everything with IP address. But relay issues DKIM issues popped up from
time to time. But final version is with fully qualified domain

I did do some other mangling but abandoned it because I'm letting gandi handle dns. Its just easier

but I had this earlier on before I commented it all out. 

#dom=thinktankworkspaces.com
#	ns=ns1.thinktankworkspaces.com
#	ns=ns2.thinktankworkspaces.com
#	mx=maat.thinktankworkspaces.com pref=1
#	mail=maat.thinktankworkspaces.com

do you have a new line after the command exec tlssrv in /rc/bin/service/tcp993
Some of these scripts break because you must have a blank line at the very end. I forget the rules.


Quoth chris@chrisfroeschl.de:
> Got a subdomain for testing now, but the error remains:
> 
> ; upas/fs -f /imaps/test.chrisfroeschl.de/chris
> 
> !Adding key: proto=cram server=test.chrisfroeschl.de user=chris
> password: 
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> 
> > chmod 600 for the key sorry
> 
> I created a new TLS cert several times to avoid an error there.
> 
> These were my last creation steps: (from the FQA)
> 
> ; ramfs -p
> ; cd /tmp
> ; auth/rsagen -t 'service=tls role=client owner=*' >key
> ; chmod 600 key
> ; cp key /sys/lib/tls/key
> ; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert
> 
> Permission should suffice therefore.
> 
> I really can't see what I'm doing wrong by now.  Perhaps some ndb
> stuff that is required but not mentioned?  Some special user settings?
> etc.
> 
> Will investigate further while testing smtp as soon as I get the chance.
> 
> chris
> 


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-09  8:21     ` william
@ 2022-08-09 18:09       ` chris
  2022-08-11 12:37         ` chris
  0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-09 18:09 UTC (permalink / raw)
  To: 9front

Huh it just worked on a linux machine using my old s-nail configuration.

The logs showed:

chrisfroeschl Aug  9 18:02:53 initkeyseed: no keyseed: '/adm/keyseed' does not exist
chrisfroeschl Aug  9 18:02:53 keyfs starting warnings: 62f2852d 62f12a7d
chrisfroeschl Aug  9 18:02:53 cram-ok chris 185.183.157.17
chrisfroeschl Aug  9 18:02:53 tr-ok chris@chris(185.183.157.17) -> chris@chris

After that I tried it again on 9front and it just worked...

Feels like a first crack in had to be done through another client (?)

Anyways happy that it works.  Sadly this doesn't feel like something I
could append to the FQA, since I still don't know what was going on.

I would be happy to hear, if someone sees an explanation for the
problem in this log.

Fighting with smtp now...

I always receive the claim to be a liar. (only in smtp ofc)

I know that the error is coming from /sys/src/cmd/upas/smtp/smtpd.c:475 ,
but I'm not competent enough to see my real issue behind that logic.
(at least for now)

cpu% cat /sys/log/smtpd

chrisfroeschl Aug  9 19:30:01 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug  9 19:30:03 Hung up on XXX.XXX.XXX.XXX; claimed to be cirno.fritz.box

And from my s-nail setup with according error for example:

chris@test.chrisfroeschl.de requires a password: 
s-nail: SMTP server: 554 5.7.0 Liar!
/home/pi/dead.letter 10/246
s-nail: ... message not sent

or my 9front client system smtpd log:

cirno Aug  9 19:29:34 delivery  at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) hello failed: connection closed unexpectedly by remote system

after sending like so:

; echo $upasname # Changed other configs according to FQA aswell
chris@test.chrisfroeschl.de
; echo 9test1 | mail -s '9test1' chris@chrisfroeschl.de

My client factotum is filled with the smtp password like mentioned in
the FQA.  Since I can send this email, my 9front client smtp configs
are working aswell (adjusting to subdomain for testing ofc).

I probably messed up some smtp config. Debugging at the moment.

Here is my current server status if someone is interested and
spots something:

cpu% cat /mail/lib/smtpd.conf 
defaultdomain		test.chrisfroeschl.de
norelay			on
verifysenderdom		off
saveblockedmsg		off
ourdomains		test.chrisfroeschl.de
cpu% cat /mail/lib/rewrite
# case conversion for postmaster
pOsTmAsTeR	alias postmaster

# local mail
\l!(.*)				alias	\1
test.chrisfroeschl.de!(.*)	alias	\1
# translate local aliases from /mail/lib/namefiles
# \"(.+)\"			translate	"/bin/upas/aliasmail '\1'"
[^!@]+				translate	"/bin/upas/aliasmail '&'"
local!(.*)			>>		/mail/box/\1/mbox

# convert source domain address to a chain a@b@c@d...
@([^@!,]*):([^!@]*)@([^!]*)		alias	\2@\3@\1
@([^@!]*),@([^!@,]*):([^!@]*)@([^!]*)	alias	@\1:\3@\4@\2

# convert a chain a@b@c@d... to ...d!c!b!a
([^@]+)@([^@]+)@(.+)	alias		\2!\1@\3
([^@]+)@([^@]+)		alias		\2!\1

# queue all mail for delivery
([^!]*)!(.*) 		| 		"/mail/lib/qmail '\s' 'net!\1'" "'\2'"
cpu% cat /mail/lib/names.local 
# alias file, listed in /mail/lib/namefiles
postmaster	chris

cpu% cat /mail/lib/remotemail 
#!/bin/rc
shift
sender=$1
shift
addr=$1
shift
fd=`{/bin/upas/aliasmail -f $sender}
switch($fd){
case *.*
	;
case *
	fd=test.chrisfroeschl.de
}
exec /bin/upas/smtp -d -h $fd $addr $sender $*
cpu% cat /bin/service/tcp587 
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3
cpu% 

Btw my /lib/ndb/local :
(no smtp or mail whatsoever, doesn't seem to be required)

sys=chrisfroeschl fs=chrisfroeschl auth=chrisfroeschl ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.253.0 ipgw=185.183.156.1
	 dns=185.183.156.1

auth=chrisfroeschl authdom=chrisfroeschl.de

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-09 18:09       ` chris
@ 2022-08-11 12:37         ` chris
  2022-08-11 14:29           ` Stanley Lieber
  0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-11 12:37 UTC (permalink / raw)
  To: 9front

I tried to adjust my tcp587 like so:

cpu% cat /bin/service/tcp587 
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3

using the hidden E flag which allows me to skip the liar part (
/sys/src/cmd/upas/smtp/smtpd.c:465 ).  I'm not sure if that is more of
a hack away for debugging or intended for use.  Either way not
mentioned in the manpage, but used by sirjofri in his setup
http://sirjofri.de/changeblog/1594881674/ , while getting me at
least away from the liar errors.

Running from my client (all other configs adjusted ofc):

; echo $upasname
chris@test.chrisfroeschl.de
; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de

There doesn't seem to happen a 'real' authentication.  The next server
logs show the attempt to use the queue of 'none':

cpu% tail /sys/log/auth
chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
cpu% tail /sys/log/mail
chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
error+  from 'test.chrisfroeschl.de!chris'
error+ to 'chrisfroeschl.de!chris'
error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
error+ '.
error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
error+ 
error+
cpu% tail /sys/log/smtpd
chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused:  from 'test.chrisfroeschl.de!chris'

Not sure why there doesn't seem to be a proper auth attempt (although
CRAM-MD5) is mentioned.

Do I have to prepare some /mail/queue structure for 'chris' btw?  I
didn't do that by hand on my client if I remember correctly.  Here is
my whole server /mail structure:

cpu% walk -exp /mail/
a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
...
d-rwxrwxrwx /mail/box/glenda/mbox
d-rwxrwxr-x /mail/box/glenda
a-rw-rw---- /mail/box/chris/mbox/1659696500.00
...
d-rwxrwxrwx /mail/box/chris/mbox
-lrw------- /mail/box/chris/mbox.idx
-lrw------- /mail/box/chris/L.mbox
--rwxrwxrwx /mail/box/chris/mbox.imp
a-rw-r----- /mail/box/chris/Sent/1660061970.00
...
d-rwxr-xr-x /mail/box/chris/Sent
-lrw------- /mail/box/chris/Sent.idx
--rw-r--r-- /mail/box/chris/Sent.imp
d-rwxr-xr-x /mail/box/chris
-lrw------- /mail/box/chris.idx
d-rwxrwxr-x /mail/box
d-rwxrwxr-x /mail/faxoutqueue
d-rwxrwxr-x /mail/faxqueue
d-r-xr-xr-x /mail/fs
d-rwxrwxr-x /mail/grey
--rw-rw-r-- /mail/lib/blocked
--rw-rw-r-- /mail/lib/classify.re
--rwxrwxr-x /mail/lib/gone.fishing
--rwxrwxr-x /mail/lib/justqmail
--rwxrwxr-x /mail/lib/kickqueue
--rwxrwxr-x /mail/lib/lazyqmail
--rw-rw-r-- /mail/lib/namefiles
--rw-rw-r-- /mail/lib/names.local
--rw-rw-r-- /mail/lib/pipeto.bayes
--rw-rw-r-- /mail/lib/prof.mbox
--rw-rw-r-- /mail/lib/prof.spam
--rwxrwxr-x /mail/lib/remotemail
--rw-rw-r-- /mail/lib/rewrite.direct
--rw-rw-r-- /mail/lib/rewrite.gateway
--rwxrwxr-x /mail/lib/setup.bayes
--rw-rw-r-- /mail/lib/smtpd.conf
--rwxrwxr-x /mail/lib/validateaddress
--rwxrwxr-x /mail/lib/validateattachment
--rw-rw-r-- /mail/lib/white.starter
--rw-rw-r-- /mail/lib/gone.msg
--rw-rw-r-- /mail/lib/ignore
--rwxrwxr-x /mail/lib/isspam.rc
--rwxrwxr-x /mail/lib/mailnews
--rwxrwxr-x /mail/lib/msgcat.rc
--rw-rw-r-- /mail/lib/patterns
--rw-rw-r-- /mail/lib/pipeto.lib
--rwxrwxr-x /mail/lib/qmail
--rw-rw-r-- /mail/lib/rewrite
--rwxrwxr-x /mail/lib/spam.rc
--rwxrwxr-x /mail/lib/unspam.rc
d-rwxrwxr-x /mail/lib
d-rwxrwxr-x /mail/queue
d-rwxrwxrwx /mail/tmp
d-rwxrwxr-x /mail
cpu% 

My client shows following log after sending the mail:

; tail /sys/log/smtp.fail 
cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de  at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused:  from 'test.chrisfroeschl.de!chris'
; tail /sys/log/smtp
cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
; tail /sys/log/mail
cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220

Can't test the whole thing from my s-nail client because it demands a
cert that is not self signed.  I could probably configure it to ignore
it somehow, but I'm not really interested in running s-nail anyway.

Am I going to run into issues if I use a self signed cert in
communication with other smtp daemons?  I would really like to avoid
signing certs to be honest.

Anyway, I don't see how the FQA information alone could work.  Is this
indeed the current configuration of the (9front.org|cat-v.org|...)
mail server?  Any updates or insights would be very helpful.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-11 12:37         ` chris
@ 2022-08-11 14:29           ` Stanley Lieber
  2022-08-11 21:17             ` chris
  0 siblings, 1 reply; 19+ messages in thread
From: Stanley Lieber @ 2022-08-11 14:29 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 7095 bytes --]

sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.)

i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files:

in cpustart:

cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas

http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/

gaff; walk -d -e xUGp /mail/queue
d-rwxrwxr-x upas upas /mail/queue/upas
d-rwxrwxrwx none upas /mail/queue/none
d-rwxrwxr-x sl upas /mail/queue/sl
d-rwxrwxrwx sl upas /mail/queue

all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress).

the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created.

as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled.

there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:

- client side use against a 9front server is not described at all.

- an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see: http://fqa.9front.org/fqa7.html#7.4.2

i’ll address this.

sl

> On Aug 11, 2022, at 8:38 AM, chris@chrisfroeschl.de wrote:
> 
> I tried to adjust my tcp587 like so:
> 
> cpu% cat /bin/service/tcp587 
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3
> 
> using the hidden E flag which allows me to skip the liar part (
> /sys/src/cmd/upas/smtp/smtpd.c:465 ).  I'm not sure if that is more of
> a hack away for debugging or intended for use.  Either way not
> mentioned in the manpage, but used by sirjofri in his setup
> http://sirjofri.de/changeblog/1594881674/ , while getting me at
> least away from the liar errors.
> 
> Running from my client (all other configs adjusted ofc):
> 
> ; echo $upasname
> chris@test.chrisfroeschl.de
> ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de
> 
> There doesn't seem to happen a 'real' authentication.  The next server
> logs show the attempt to use the queue of 'none':
> 
> cpu% tail /sys/log/auth
> chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
> cpu% tail /sys/log/mail
> chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
> error+  from 'test.chrisfroeschl.de!chris'
> error+ to 'chrisfroeschl.de!chris'
> error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
> error+ '.
> error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
> error+ 
> error+
> cpu% tail /sys/log/smtpd
> chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused:  from 'test.chrisfroeschl.de!chris'
> 
> Not sure why there doesn't seem to be a proper auth attempt (although
> CRAM-MD5) is mentioned.
> 
> Do I have to prepare some /mail/queue structure for 'chris' btw?  I
> didn't do that by hand on my client if I remember correctly.  Here is
> my whole server /mail structure:
> 
> cpu% walk -exp /mail/
> a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
> ...
> d-rwxrwxrwx /mail/box/glenda/mbox
> d-rwxrwxr-x /mail/box/glenda
> a-rw-rw---- /mail/box/chris/mbox/1659696500.00
> ...
> d-rwxrwxrwx /mail/box/chris/mbox
> -lrw------- /mail/box/chris/mbox.idx
> -lrw------- /mail/box/chris/L.mbox
> --rwxrwxrwx /mail/box/chris/mbox.imp
> a-rw-r----- /mail/box/chris/Sent/1660061970.00
> ...
> d-rwxr-xr-x /mail/box/chris/Sent
> -lrw------- /mail/box/chris/Sent.idx
> --rw-r--r-- /mail/box/chris/Sent.imp
> d-rwxr-xr-x /mail/box/chris
> -lrw------- /mail/box/chris.idx
> d-rwxrwxr-x /mail/box
> d-rwxrwxr-x /mail/faxoutqueue
> d-rwxrwxr-x /mail/faxqueue
> d-r-xr-xr-x /mail/fs
> d-rwxrwxr-x /mail/grey
> --rw-rw-r-- /mail/lib/blocked
> --rw-rw-r-- /mail/lib/classify.re
> --rwxrwxr-x /mail/lib/gone.fishing
> --rwxrwxr-x /mail/lib/justqmail
> --rwxrwxr-x /mail/lib/kickqueue
> --rwxrwxr-x /mail/lib/lazyqmail
> --rw-rw-r-- /mail/lib/namefiles
> --rw-rw-r-- /mail/lib/names.local
> --rw-rw-r-- /mail/lib/pipeto.bayes
> --rw-rw-r-- /mail/lib/prof.mbox
> --rw-rw-r-- /mail/lib/prof.spam
> --rwxrwxr-x /mail/lib/remotemail
> --rw-rw-r-- /mail/lib/rewrite.direct
> --rw-rw-r-- /mail/lib/rewrite.gateway
> --rwxrwxr-x /mail/lib/setup.bayes
> --rw-rw-r-- /mail/lib/smtpd.conf
> --rwxrwxr-x /mail/lib/validateaddress
> --rwxrwxr-x /mail/lib/validateattachment
> --rw-rw-r-- /mail/lib/white.starter
> --rw-rw-r-- /mail/lib/gone.msg
> --rw-rw-r-- /mail/lib/ignore
> --rwxrwxr-x /mail/lib/isspam.rc
> --rwxrwxr-x /mail/lib/mailnews
> --rwxrwxr-x /mail/lib/msgcat.rc
> --rw-rw-r-- /mail/lib/patterns
> --rw-rw-r-- /mail/lib/pipeto.lib
> --rwxrwxr-x /mail/lib/qmail
> --rw-rw-r-- /mail/lib/rewrite
> --rwxrwxr-x /mail/lib/spam.rc
> --rwxrwxr-x /mail/lib/unspam.rc
> d-rwxrwxr-x /mail/lib
> d-rwxrwxr-x /mail/queue
> d-rwxrwxrwx /mail/tmp
> d-rwxrwxr-x /mail
> cpu% 
> 
> My client shows following log after sending the mail:
> 
> ; tail /sys/log/smtp.fail 
> cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de  at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused:  from 'test.chrisfroeschl.de!chris'
> ; tail /sys/log/smtp
> cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
> ; tail /sys/log/mail
> cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220
> 
> Can't test the whole thing from my s-nail client because it demands a
> cert that is not self signed.  I could probably configure it to ignore
> it somehow, but I'm not really interested in running s-nail anyway.
> 
> Am I going to run into issues if I use a self signed cert in
> communication with other smtp daemons?  I would really like to avoid
> signing certs to be honest.
> 
> Anyway, I don't see how the FQA information alone could work.  Is this
> indeed the current configuration of the (9front.org|cat-v.org|...)
> mail server?  Any updates or insights would be very helpful.
> 
> chris
> 

[-- Attachment #2: Type: text/html, Size: 10208 bytes --]

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-11 14:29           ` Stanley Lieber
@ 2022-08-11 21:17             ` chris
  2022-08-12  6:23               ` william
  2022-08-12  6:33               ` sirjofri
  0 siblings, 2 replies; 19+ messages in thread
From: chris @ 2022-08-11 21:17 UTC (permalink / raw)
  To: 9front

Hello sl,

> sorry i have not been able to devote more time to troubleshooting
> this with you.  (typing on a phone here.)

thank you for your message!  No pressure regarding your help in
troubleshooting.  It's not like I'm paying anyone here to help me.

Most ml messages had the function to document my current state for
myself anyway.

> http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
> http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/

Your links helped me very much.  I always forget that you share almost
all of your setup and didn't look into your /mail before.
I got the e flag from your tcp587 script and changed the /mail/queue
permissions like so:

cpu% cat /bin/service/tcp587 
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
cpu% ls -ld /mail/queue/
d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue

After applying these changes my /mail/queue was filled with a none
directory and I am able to send mail.

I would like to not dedicate a whole directory for services run by
user upas for now.  Just chmoding a directory seems to suffice for
now.

I got perhaps some more questions if you are already involved:
(I will probably figure most of the stuff out myself (hopefully))

1.) Could you tell me why so many flags (and especially MANDATORY
flags) seem to be hidden in the src?  Is the e flag intended for
production use? Otherwise a manpage update would help.

2.) What is your highscore at https://www.mail-tester.com ? Mine is
7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
SpamAssassin regarding:

-0.001	FSL_BULK_SIG	Bulk signature with no Unsubscribe
-1.985	PYZOR_CHECK	Similar message reported on Pyzor (https://www.pyzor.org)
https://pyzor.readthedocs.io/en/latest/
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (https://www.pyzor.org)
0.001	SPF_HELO_PASS	SPF: HELO matches SPF record
0.001	SPF_PASS	SPF: sender matches SPF record
Great! Your SPF is valid

3.) I don't seem to be able to send mail to myself with this setup
(worked before).  My smtpd logs when I try that:

test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris

4.) Issues regarding receiving mails from my current mail server to
the 9 smtp server seem to remain.  Perhaps some MX record error from
my side?  I will debug this as good as I can the following days.  Here
is my obsd maillog:

Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"

After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):

Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"

> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> 
> - client side use against a 9front server is not described at all.
> 
> - an “Inferno/POP secret” is used as the password for both smtp and
> imap, which must be configured *in addition to* the user’s regular
> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
> 
> i’ll address this.

I intend to send a FQA patch the coming days (as soon as everything
works) with some minor stuff I found besides the things you mentioned.
I can try to add a first draft regarding your points.  Feel free to
edit it afterwards however you like.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-11 21:17             ` chris
@ 2022-08-12  6:23               ` william
  2022-08-12 13:47                 ` Stanley Lieber
  2022-08-12  6:33               ` sirjofri
  1 sibling, 1 reply; 19+ messages in thread
From: william @ 2022-08-12  6:23 UTC (permalink / raw)
  To: 9front

I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
this year which was mostly messing around with dns.

http://thinktankworkspaces.com/plan9/email-upas

Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
think you have most of this figured out. 


Quoth chris@chrisfroeschl.de:
> Hello sl,
> 
> > sorry i have not been able to devote more time to troubleshooting
> > this with you.  (typing on a phone here.)
> 
> thank you for your message!  No pressure regarding your help in
> troubleshooting.  It's not like I'm paying anyone here to help me.
> 
> Most ml messages had the function to document my current state for
> myself anyway.
> 
> > http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
> > http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/
> 
> Your links helped me very much.  I always forget that you share almost
> all of your setup and didn't look into your /mail before.
> I got the e flag from your tcp587 script and changed the /mail/queue
> permissions like so:
> 
> cpu% cat /bin/service/tcp587 
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
> cpu% ls -ld /mail/queue/
> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
> 
> After applying these changes my /mail/queue was filled with a none
> directory and I am able to send mail.
> 
> I would like to not dedicate a whole directory for services run by
> user upas for now.  Just chmoding a directory seems to suffice for
> now.
> 
> I got perhaps some more questions if you are already involved:
> (I will probably figure most of the stuff out myself (hopefully))
> 
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src?  Is the e flag intended for
> production use? Otherwise a manpage update would help.
> 
> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
> SpamAssassin regarding:
> 
> -0.001	FSL_BULK_SIG	Bulk signature with no Unsubscribe
> -1.985	PYZOR_CHECK	Similar message reported on Pyzor (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001	SPF_HELO_PASS	SPF: HELO matches SPF record
> 0.001	SPF_PASS	SPF: sender matches SPF record
> Great! Your SPF is valid
> 
> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before).  My smtpd logs when I try that:
> 
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
> 
> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain.  Perhaps some MX record error from
> my side?  I will debug this as good as I can the following days.  Here
> is my obsd maillog:
> 
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
> 
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
> 
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
> 
> > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> > 
> > - client side use against a 9front server is not described at all.
> > 
> > - an “Inferno/POP secret” is used as the password for both smtp and
> > imap, which must be configured *in addition to* the user’s regular
> > auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
> > 
> > i’ll address this.
> 
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points.  Feel free to
> edit it afterwards however you like.
> 
> chris
> 


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-11 21:17             ` chris
  2022-08-12  6:23               ` william
@ 2022-08-12  6:33               ` sirjofri
  2022-08-12  7:10                 ` sirjofri
  1 sibling, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12  6:33 UTC (permalink / raw)
  To: 9front


11.08.2022 23:17:30 chris@chrisfroeschl.de:
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src?  Is the e flag intended for
> production use? Otherwise a manpage update would help.

Simple answer: because the man page sucks and modern mail sucks. Feel 
free to send patches for the man pages, people will like it. Also read 
the man pages carefully, the arguments are not as listed as in most linux 
man pages.

> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
> SpamAssassin regarding:
>
> -0.001  FSL_BULK_SIG    Bulk signature with no Unsubscribe
> -1.985  PYZOR_CHECK Similar message reported on Pyzor 
> (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by 
> Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001   SPF_HELO_PASS   SPF: HELO matches SPF record
> 0.001   SPF_PASS    SPF: sender matches SPF record
> Great! Your SPF is valid

The -2 by pyzor check tells everything. I guess you sent some kinda test 
mail with some test content? Try sending some real fake text, for example 
one of the short stories I wrote or whatever.

> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before).  My smtpd logs when I try that:
>
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from 
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed 
> test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked 
> name test.chrisfroeschl.de!chris

That sounds like an error in /mail/lib files. See the rewrite file there 
and also the smtpd.conf file, I guess. I don't know the exact details, so 
have fun.

> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain.  Perhaps some MX record error from
> my side?  I will debug this as good as I can the following days.  Here
> is my obsd maillog:
>
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route 
> for 
> [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta 
> delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> 
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" 
> relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network 
> error on destination MXs"
>
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 
> 25):
>
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta 
> delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> 
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" 
> relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s 
> result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user 
> unknown"

In my setup I have both tcp25 and tcp587. Tcp587 uses -a fpr 
authentication (use that for sending mail) while tcp25 is the incoming 
port without -a.

In smtpd.conf there should be defaultdomain and ourdomains both be set to 
your domain. Iirc it didn't work properly if I only specified 
defaultdomain.

>> there is a deficiency in the fqa’s description of setting up smtp and 
>> imap for remote users:
>>
>> - client side use against a 9front server is not described at all.
>>
>> - an “Inferno/POP secret” is used as the password for both smtp and
>> imap, which must be configured *in addition to* the user’s regular
>> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
>>
>> i’ll address this.
>
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points.  Feel free to
> edit it afterwards however you like.

Regarding patches, I don't remember if my smtp patch is already applied 
to front. It adds a new flag to smtp to skil the certificate check 
completely. Here it is if you're interested: 
http://sirjofri.de/oat/patches/smtp.patch


Also, send patches.

sirjofri

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12  6:33               ` sirjofri
@ 2022-08-12  7:10                 ` sirjofri
  2022-08-12 15:27                   ` chris
  0 siblings, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12  7:10 UTC (permalink / raw)
  To: 9front

I also did a mail-tester test, but from my phone mail client using my 
server, so I don't know what headers are added.

Results are 9/10, and the missing points are: No DKIM, no 
unsubscribe-header.

sirjofri

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12  6:23               ` william
@ 2022-08-12 13:47                 ` Stanley Lieber
  0 siblings, 0 replies; 19+ messages in thread
From: Stanley Lieber @ 2022-08-12 13:47 UTC (permalink / raw)
  To: 9front

that was ori. i’ve never messed with dkim or dmarc at all.

sl


> On Aug 12, 2022, at 2:24 AM, william@thinktankworkspaces.com wrote:
> 
> I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
> this year which was mostly messing around with dns.
> 
> http://thinktankworkspaces.com/plan9/email-upas
> 
> Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
> dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
> think you have most of this figured out. 
> 
> 
> Quoth chris@chrisfroeschl.de:
>> Hello sl,
>> 
>>> sorry i have not been able to devote more time to troubleshooting
>>> this with you.  (typing on a phone here.)
>> 
>> thank you for your message!  No pressure regarding your help in
>> troubleshooting.  It's not like I'm paying anyone here to help me.
>> 
>> Most ml messages had the function to document my current state for
>> myself anyway.
>> 
>>> http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
>>> http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/
>> 
>> Your links helped me very much.  I always forget that you share almost
>> all of your setup and didn't look into your /mail before.
>> I got the e flag from your tcp587 script and changed the /mail/queue
>> permissions like so:
>> 
>> cpu% cat /bin/service/tcp587 
>> #!/bin/rc
>> user=`{cat /dev/user}
>> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
>> cpu% ls -ld /mail/queue/
>> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>> 
>> After applying these changes my /mail/queue was filled with a none
>> directory and I am able to send mail.
>> 
>> I would like to not dedicate a whole directory for services run by
>> user upas for now.  Just chmoding a directory seems to suffice for
>> now.
>> 
>> I got perhaps some more questions if you are already involved:
>> (I will probably figure most of the stuff out myself (hopefully))
>> 
>> 1.) Could you tell me why so many flags (and especially MANDATORY
>> flags) seem to be hidden in the src?  Is the e flag intended for
>> production use? Otherwise a manpage update would help.
>> 
>> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
>> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
>> SpamAssassin regarding:
>> 
>> -0.001    FSL_BULK_SIG    Bulk signature with no Unsubscribe
>> -1.985    PYZOR_CHECK    Similar message reported on Pyzor (https://www.pyzor.org)
>> https://pyzor.readthedocs.io/en/latest/
>> Please test a real content, test Newsletters will always be flagged by Pyzor
>> Adjust your message or request whitelisting (https://www.pyzor.org)
>> 0.001    SPF_HELO_PASS    SPF: HELO matches SPF record
>> 0.001    SPF_PASS    SPF: sender matches SPF record
>> Great! Your SPF is valid
>> 
>> 3.) I don't seem to be able to send mail to myself with this setup
>> (worked before).  My smtpd logs when I try that:
>> 
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>> 
>> 4.) Issues regarding receiving mails from my current mail server to
>> the 9 smtp server seem to remain.  Perhaps some MX record error from
>> my side?  I will debug this as good as I can the following days.  Here
>> is my obsd maillog:
>> 
>> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
>> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>> 
>> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>> 
>> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>> 
>>> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
>>> 
>>> - client side use against a 9front server is not described at all.
>>> 
>>> - an “Inferno/POP secret” is used as the password for both smtp and
>>> imap, which must be configured *in addition to* the user’s regular
>>> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
>>> 
>>> i’ll address this.
>> 
>> I intend to send a FQA patch the coming days (as soon as everything
>> works) with some minor stuff I found besides the things you mentioned.
>> I can try to add a first draft regarding your points.  Feel free to
>> edit it afterwards however you like.
>> 
>> chris
>> 
> 
> 


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12  7:10                 ` sirjofri
@ 2022-08-12 15:27                   ` chris
  2022-08-12 18:49                     ` sirjofri
  2022-08-12 22:25                     ` ori
  0 siblings, 2 replies; 19+ messages in thread
From: chris @ 2022-08-12 15:27 UTC (permalink / raw)
  To: 9front

> Results are 9/10, and the missing points are: No DKIM, no 
> unsubscribe-header.

Indeed I got the same after sending a 'real' message. Nice!

> That sounds like an error in /mail/lib files. See the rewrite file there 
> and also the smtpd.conf file, I guess. I don't know the exact details, so 
> have fun.

Still struggeling with 3.)  and 4.)  . I'm certain they are the same
problem.  My server always responds to the client (9 client aswell as
a linux client) after trying to send to chris@test.chrisfroeschl.de :

cirno Aug 12 16:37:40 delivery chris@test.chrisfroeschl.de  at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 550 5.1.1 test.chrisfroeschl.de!chris ... user unknown

While logging on the server:

test.chrisfroeschl.de Aug 12 16:38:13 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.20) to blocked name test.chrisfroeschl.de!chris

This feels like a /mail/lib/rewrite issue.  Resulting from a faulty
upas/aliasmail or unmatched alias.

 From my understanding test.chrisfroeschl.de!chris should be resolved by

\l!(.*)		alias	\1

to 'chris', followed by

[^!@]+	translate	"/bin/upas/aliasmail '&'"

resulting in 'local!chris', and finally followed by

local!(.*)	>>	/mail/box/\1/mbox

appending the mail to /mail/box/chris/mbox .

Or isn't the real rewrite input 'test.chrisfroeschl.de!chris'?

I feel like I read every resource on those /mail/lib files a thousand
times, but I'm not able to see anything by now.  I tried plenty of
stuff, but I will share (hopefully for the last time) my current updated
configs in case someone can see a mistake:

cpu% cat /mail/lib/rewrite
# case conversion for postmaster
pOsTmAsTeR	alias	postmaster

\l!(.*)				alias	\1
\l\.test.chrisfroeschl.de!(.*)	alias	\1
(test.chrisfroeschl.de)!(.*)	alias	\2

# translate local aliases from /mail/lib/namefiles
\"(.+)\"			translate	"/bin/upas/aliasmail '\1'"
[^!@]+				translate	"/bin/upas/aliasmail '&'"

local!"(.+)"			>>		/mail/box/\1/mbox
local!(.*)			>>		/mail/box/\1/mbox

# convert source domain address to a chain a@b@c@d...
@([^@!,]*):([^!@]*)@([^!]*)		alias	\2@\3@\1
@([^@!]*),@([^!@,]*):([^!@]*)@([^!]*)	alias	@\1:\3@\4@\2

# convert a chain a@b@c@d... to ...d!c!b!a
([^@]+)@([^@]+)@(.+)	alias		\2!\1@\3
([^@]+)@([^@]+)		alias		\2!\1

# queue all mail for delivery
([^!]*)!(.*) 		| 		"/mail/lib/qmail '\s' 'net!\1'" "'\2'"
cpu% cat /mail/lib/smtpd.conf 
defaultdomain		test.chrisfroeschl.de
norelay			on
verifysenderdom		off
saveblockedmsg		off
ournets			185.183.157.17/22
ourdomains		test.chrisfroeschl.de
cpu% walk -exp /mail/
a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
a-rw-rw---- /mail/box/glenda/mbox/1659696248.00
a-rw-rw---- /mail/box/glenda/mbox/1659696323.00
d-rwxrwxrwx /mail/box/glenda/mbox
d-rwxrwxr-x /mail/box/glenda
a-rw-r----- /mail/box/chris/mbox/1660242093.00
a-rw-r----- /mail/box/chris/mbox/1660299006.00
d-rwxr-xr-x /mail/box/chris/mbox
-lrw------- /mail/box/chris/mbox.idx
-lrw------- /mail/box/chris/L.mbox
--rwxr-xr-x /mail/box/chris/mbox.imp
a-rw-r----- /mail/box/chris/Sent/1660226710.00
a-rw-r----- /mail/box/chris/Sent/1660309584.00
d-rwxr-xr-x /mail/box/chris/Sent
-lrw------- /mail/box/chris/Sent.idx
--rwxr-xr-x /mail/box/chris/Sent.imp
--rw-r--r-- /mail/box/chris/imap.subscribed
d-rwxr-xr-x /mail/box/chris/Trash
-lrw------- /mail/box/chris/Trash.idx
--rwxr-xr-x /mail/box/chris/Trash.imp
a-rw-r----- /mail/box/chris/Drafts/1660309938.00
d-rwxr-xr-x /mail/box/chris/Drafts
-lrw------- /mail/box/chris/Drafts.idx
--rwxr-xr-x /mail/box/chris/Drafts.imp
d-rwxr-xr-x /mail/box/chris
d-rwxrwxr-x /mail/box
d-rwxrwxr-x /mail/faxoutqueue
d-rwxrwxr-x /mail/faxqueue
d-r-xr-xr-x /mail/fs
d-rwxrwxr-x /mail/grey
--rw-rw-r-- /mail/lib/blocked
--rw-rw-r-- /mail/lib/classify.re
--rwxrwxr-x /mail/lib/gone.fishing
--rwxrwxr-x /mail/lib/justqmail
--rwxrwxr-x /mail/lib/kickqueue
--rwxrwxr-x /mail/lib/lazyqmail
--rw-rw-r-- /mail/lib/namefiles
--rw-rw-r-- /mail/lib/names.local
--rw-rw-r-- /mail/lib/pipeto.bayes
--rw-rw-r-- /mail/lib/prof.mbox
--rw-rw-r-- /mail/lib/prof.spam
--rwxrwxr-x /mail/lib/remotemail
--rw-rw-r-- /mail/lib/rewrite.direct
--rw-rw-r-- /mail/lib/rewrite.gateway
--rwxrwxr-x /mail/lib/setup.bayes
--rw-rw-r-- /mail/lib/smtpd.conf
--rwxrwxr-x /mail/lib/validateaddress
--rwxrwxr-x /mail/lib/validateattachment
--rw-rw-r-- /mail/lib/white.starter
--rw-rw-r-- /mail/lib/gone.msg
--rw-rw-r-- /mail/lib/ignore
--rwxrwxr-x /mail/lib/isspam.rc
--rwxrwxr-x /mail/lib/mailnews
--rwxrwxr-x /mail/lib/msgcat.rc
--rw-rw-r-- /mail/lib/patterns
--rw-rw-r-- /mail/lib/pipeto.lib
--rwxrwxr-x /mail/lib/qmail
--rw-rw-r-- /mail/lib/rewrite
--rwxrwxr-x /mail/lib/spam.rc
--rwxrwxr-x /mail/lib/unspam.rc
d-rwxrwxr-x /mail/lib
-lrw-rw-rw- /mail/queue/none/L.mbox
d-rwxrwxrwx /mail/queue/none
d-rwxrwxrwx /mail/queue/none
d-rwxrwxrwx /mail/queue
d-rwxrwxrwx /mail/tmp
d-rwxrwxr-x /mail
cpu% cat /bin/service/tcp25
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3
cpu% cat /bin/service/tcp587 
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -a -d -e -c /sys/lib/tls/cert -n $3
cpu% cat /lib/ndb/local

sys=test.chrisfroeschl.de fs=test.chrisfroeschl.de auth=test.chrisfroeschl.de smtp=test.chrisfroeschl.de mail=test.chrisfroeschl.de authdom=chrisfroeschl.de ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.252.0 ipgw=185.183.156.1
	dns=185.183.156.1
cpu% 

I don't seem to get to remotemail or qmail (like expected because it
should be a local mbox append inside rewrite, right?). That's why I
don't mind them for now.

I changed my sysname to the actual domain aswell as most other entries
associated with it after having mail score issues with my previous one
(chrisfroeschl).  I hope that's not an issue.

PS: Thanks william@thinktankworkspaces.com for the link.  Got some
more insights, but nothing final for now from it.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12 15:27                   ` chris
@ 2022-08-12 18:49                     ` sirjofri
  2022-08-12 20:53                       ` chris
  2022-08-12 22:25                     ` ori
  1 sibling, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12 18:49 UTC (permalink / raw)
  To: 9front

My advise is to also follow the functionality:

For example, you get debug output/log messages. You can try finding the 
messages in the source and see what's happening there. This way you can 
figure out what's needed and understand why it happens.

Also, have a look in the scripts. Iirc there's some program that 
essentially uses some input and the rewrite rules to figure out the real 
address. Use the same program (I don't remember the name) to see what's 
returned, and that can be totally wrong -> then your rewrite rules are 
wrong.

Good luck

sirjofri

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12 18:49                     ` sirjofri
@ 2022-08-12 20:53                       ` chris
  0 siblings, 0 replies; 19+ messages in thread
From: chris @ 2022-08-12 20:53 UTC (permalink / raw)
  To: 9front

Solved it. In the end it was all about permission problems.

/mail/box/chris/... seems to be used as 'none' again. Requires
read and write permissions for other.

I will probably play a bit with auth/box and 'auth/as upas' to
get sane permissions configuration.

Thanks to all folks helping here. You did a great service to a
desperate mail server pleb.

chris

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12 15:27                   ` chris
  2022-08-12 18:49                     ` sirjofri
@ 2022-08-12 22:25                     ` ori
  2022-08-13  9:56                       ` Steve Simon
  1 sibling, 1 reply; 19+ messages in thread
From: ori @ 2022-08-12 22:25 UTC (permalink / raw)
  To: 9front

Quoth chris@chrisfroeschl.de:
> > Results are 9/10, and the missing points are: No DKIM, no 
> > unsubscribe-header.
> 
> Indeed I got the same after sending a 'real' message. Nice!

dkim is in an uncommitted patch; it works for outgoing
mail, but I'm not quite ready to commit; there are some
questions on how the keys get managed for senders.


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: [9front] Mail server setup
  2022-08-12 22:25                     ` ori
@ 2022-08-13  9:56                       ` Steve Simon
  0 siblings, 0 replies; 19+ messages in thread
From: Steve Simon @ 2022-08-13  9:56 UTC (permalink / raw)
  To: 9front

create your mailbox with mail -c,
and your crontab using cron -c.

these tools ensure the created file has the correct ownership and permissions for the appropriate tool.

normally these are created by /sys/lib/newuser

plan9, don't ya just love it?

-Steve


> On 13 Aug 2022, at 12:28 am, ori@eigenstate.org wrote:
> 
> Quoth chris@chrisfroeschl.de:
>>> Results are 9/10, and the missing points are: No DKIM, no 
>>> unsubscribe-header.
>> 
>> Indeed I got the same after sending a 'real' message. Nice!
> 
> dkim is in an uncommitted patch; it works for outgoing
> mail, but I'm not quite ready to commit; there are some
> questions on how the keys get managed for senders.
> 

^ permalink raw reply	[flat|nested] 19+ messages in thread

end of thread, other threads:[~2022-08-13  9:58 UTC | newest]

Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-06 13:17 [9front] Mail server setup chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-08 10:26   ` chris
2022-08-09  8:21     ` william
2022-08-09 18:09       ` chris
2022-08-11 12:37         ` chris
2022-08-11 14:29           ` Stanley Lieber
2022-08-11 21:17             ` chris
2022-08-12  6:23               ` william
2022-08-12 13:47                 ` Stanley Lieber
2022-08-12  6:33               ` sirjofri
2022-08-12  7:10                 ` sirjofri
2022-08-12 15:27                   ` chris
2022-08-12 18:49                     ` sirjofri
2022-08-12 20:53                       ` chris
2022-08-12 22:25                     ` ori
2022-08-13  9:56                       ` Steve Simon
2022-08-07  0:56 ` sl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).