9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
Subject: Re: [9front] Mail server setup
Date: Thu, 11 Aug 2022 10:29:41 -0400	[thread overview]
Message-ID: <0C166AE0-FF57-4905-90DA-ED25AE710C5D@stanleylieber.com> (raw)
In-Reply-To: <FFD81696065588F5600039815A71C2C7@chrisfroeschl.de>

[-- Attachment #1: Type: text/plain, Size: 7095 bytes --]

sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.)

i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files:

in cpustart:

cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas

http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/

gaff; walk -d -e xUGp /mail/queue
d-rwxrwxr-x upas upas /mail/queue/upas
d-rwxrwxrwx none upas /mail/queue/none
d-rwxrwxr-x sl upas /mail/queue/sl
d-rwxrwxrwx sl upas /mail/queue

all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress).

the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created.

as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled.

there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:

- client side use against a 9front server is not described at all.

- an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see: http://fqa.9front.org/fqa7.html#7.4.2

i’ll address this.

sl

> On Aug 11, 2022, at 8:38 AM, chris@chrisfroeschl.de wrote:
> 
> I tried to adjust my tcp587 like so:
> 
> cpu% cat /bin/service/tcp587 
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3
> 
> using the hidden E flag which allows me to skip the liar part (
> /sys/src/cmd/upas/smtp/smtpd.c:465 ).  I'm not sure if that is more of
> a hack away for debugging or intended for use.  Either way not
> mentioned in the manpage, but used by sirjofri in his setup
> http://sirjofri.de/changeblog/1594881674/ , while getting me at
> least away from the liar errors.
> 
> Running from my client (all other configs adjusted ofc):
> 
> ; echo $upasname
> chris@test.chrisfroeschl.de
> ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de
> 
> There doesn't seem to happen a 'real' authentication.  The next server
> logs show the attempt to use the queue of 'none':
> 
> cpu% tail /sys/log/auth
> chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
> cpu% tail /sys/log/mail
> chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
> error+  from 'test.chrisfroeschl.de!chris'
> error+ to 'chrisfroeschl.de!chris'
> error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
> error+ '.
> error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
> error+ 
> error+
> cpu% tail /sys/log/smtpd
> chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused:  from 'test.chrisfroeschl.de!chris'
> 
> Not sure why there doesn't seem to be a proper auth attempt (although
> CRAM-MD5) is mentioned.
> 
> Do I have to prepare some /mail/queue structure for 'chris' btw?  I
> didn't do that by hand on my client if I remember correctly.  Here is
> my whole server /mail structure:
> 
> cpu% walk -exp /mail/
> a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
> ...
> d-rwxrwxrwx /mail/box/glenda/mbox
> d-rwxrwxr-x /mail/box/glenda
> a-rw-rw---- /mail/box/chris/mbox/1659696500.00
> ...
> d-rwxrwxrwx /mail/box/chris/mbox
> -lrw------- /mail/box/chris/mbox.idx
> -lrw------- /mail/box/chris/L.mbox
> --rwxrwxrwx /mail/box/chris/mbox.imp
> a-rw-r----- /mail/box/chris/Sent/1660061970.00
> ...
> d-rwxr-xr-x /mail/box/chris/Sent
> -lrw------- /mail/box/chris/Sent.idx
> --rw-r--r-- /mail/box/chris/Sent.imp
> d-rwxr-xr-x /mail/box/chris
> -lrw------- /mail/box/chris.idx
> d-rwxrwxr-x /mail/box
> d-rwxrwxr-x /mail/faxoutqueue
> d-rwxrwxr-x /mail/faxqueue
> d-r-xr-xr-x /mail/fs
> d-rwxrwxr-x /mail/grey
> --rw-rw-r-- /mail/lib/blocked
> --rw-rw-r-- /mail/lib/classify.re
> --rwxrwxr-x /mail/lib/gone.fishing
> --rwxrwxr-x /mail/lib/justqmail
> --rwxrwxr-x /mail/lib/kickqueue
> --rwxrwxr-x /mail/lib/lazyqmail
> --rw-rw-r-- /mail/lib/namefiles
> --rw-rw-r-- /mail/lib/names.local
> --rw-rw-r-- /mail/lib/pipeto.bayes
> --rw-rw-r-- /mail/lib/prof.mbox
> --rw-rw-r-- /mail/lib/prof.spam
> --rwxrwxr-x /mail/lib/remotemail
> --rw-rw-r-- /mail/lib/rewrite.direct
> --rw-rw-r-- /mail/lib/rewrite.gateway
> --rwxrwxr-x /mail/lib/setup.bayes
> --rw-rw-r-- /mail/lib/smtpd.conf
> --rwxrwxr-x /mail/lib/validateaddress
> --rwxrwxr-x /mail/lib/validateattachment
> --rw-rw-r-- /mail/lib/white.starter
> --rw-rw-r-- /mail/lib/gone.msg
> --rw-rw-r-- /mail/lib/ignore
> --rwxrwxr-x /mail/lib/isspam.rc
> --rwxrwxr-x /mail/lib/mailnews
> --rwxrwxr-x /mail/lib/msgcat.rc
> --rw-rw-r-- /mail/lib/patterns
> --rw-rw-r-- /mail/lib/pipeto.lib
> --rwxrwxr-x /mail/lib/qmail
> --rw-rw-r-- /mail/lib/rewrite
> --rwxrwxr-x /mail/lib/spam.rc
> --rwxrwxr-x /mail/lib/unspam.rc
> d-rwxrwxr-x /mail/lib
> d-rwxrwxr-x /mail/queue
> d-rwxrwxrwx /mail/tmp
> d-rwxrwxr-x /mail
> cpu% 
> 
> My client shows following log after sending the mail:
> 
> ; tail /sys/log/smtp.fail 
> cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de  at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused:  from 'test.chrisfroeschl.de!chris'
> ; tail /sys/log/smtp
> cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
> ; tail /sys/log/mail
> cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220
> 
> Can't test the whole thing from my s-nail client because it demands a
> cert that is not self signed.  I could probably configure it to ignore
> it somehow, but I'm not really interested in running s-nail anyway.
> 
> Am I going to run into issues if I use a self signed cert in
> communication with other smtp daemons?  I would really like to avoid
> signing certs to be honest.
> 
> Anyway, I don't see how the FQA information alone could work.  Is this
> indeed the current configuration of the (9front.org|cat-v.org|...)
> mail server?  Any updates or insights would be very helpful.
> 
> chris
> 

[-- Attachment #2: Type: text/html, Size: 10208 bytes --]

  reply	other threads:[~2022-08-11 14:31 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-06 13:17 chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-08 10:26   ` chris
2022-08-09  8:21     ` william
2022-08-09 18:09       ` chris
2022-08-11 12:37         ` chris
2022-08-11 14:29           ` Stanley Lieber [this message]
2022-08-11 21:17             ` chris
2022-08-12  6:23               ` william
2022-08-12 13:47                 ` Stanley Lieber
2022-08-12  6:33               ` sirjofri
2022-08-12  7:10                 ` sirjofri
2022-08-12 15:27                   ` chris
2022-08-12 18:49                     ` sirjofri
2022-08-12 20:53                       ` chris
2022-08-12 22:25                     ` ori
2022-08-13  9:56                       ` Steve Simon
2022-08-07  0:56 ` sl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0C166AE0-FF57-4905-90DA-ED25AE710C5D@stanleylieber.com \
    --to=sl@stanleylieber.com \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).