sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.) i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files: in cpustart: cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/ http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ gaff; walk -d -e xUGp /mail/queue d-rwxrwxr-x upas upas /mail/queue/upas d-rwxrwxrwx none upas /mail/queue/none d-rwxrwxr-x sl upas /mail/queue/sl d-rwxrwxrwx sl upas /mail/queue all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress). the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created. as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled. there is a deficiency in the fqa’s description of setting up smtp and imap for remote users: - client side use against a 9front server is not described at all. - an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 i’ll address this. sl > On Aug 11, 2022, at 8:38 AM, chris@chrisfroeschl.de wrote: > > I tried to adjust my tcp587 like so: > > cpu% cat /bin/service/tcp587 > #!/bin/rc > user=`{cat /dev/user} > exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3 > > using the hidden E flag which allows me to skip the liar part ( > /sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of > a hack away for debugging or intended for use. Either way not > mentioned in the manpage, but used by sirjofri in his setup > http://sirjofri.de/changeblog/1594881674/ , while getting me at > least away from the liar errors. > > Running from my client (all other configs adjusted ofc): > > ; echo $upasname > chris@test.chrisfroeschl.de > ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de > > There doesn't seem to happen a 'real' authentication. The next server > logs show the attempt to use the queue of 'none': > > cpu% tail /sys/log/auth > chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17 > cpu% tail /sys/log/mail > chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022 > error+ from 'test.chrisfroeschl.de!chris' > error+ to 'chrisfroeschl.de!chris' > error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied > error+ '. > error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71. > error+ > error+ > cpu% tail /sys/log/smtpd > chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box > chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box > chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box > chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box > chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris' > > Not sure why there doesn't seem to be a proper auth attempt (although > CRAM-MD5) is mentioned. > > Do I have to prepare some /mail/queue structure for 'chris' btw? I > didn't do that by hand on my client if I remember correctly. Here is > my whole server /mail structure: > > cpu% walk -exp /mail/ > a-rw-rw---- /mail/box/glenda/mbox/1659696218.00 > ... > d-rwxrwxrwx /mail/box/glenda/mbox > d-rwxrwxr-x /mail/box/glenda > a-rw-rw---- /mail/box/chris/mbox/1659696500.00 > ... > d-rwxrwxrwx /mail/box/chris/mbox > -lrw------- /mail/box/chris/mbox.idx > -lrw------- /mail/box/chris/L.mbox > --rwxrwxrwx /mail/box/chris/mbox.imp > a-rw-r----- /mail/box/chris/Sent/1660061970.00 > ... > d-rwxr-xr-x /mail/box/chris/Sent > -lrw------- /mail/box/chris/Sent.idx > --rw-r--r-- /mail/box/chris/Sent.imp > d-rwxr-xr-x /mail/box/chris > -lrw------- /mail/box/chris.idx > d-rwxrwxr-x /mail/box > d-rwxrwxr-x /mail/faxoutqueue > d-rwxrwxr-x /mail/faxqueue > d-r-xr-xr-x /mail/fs > d-rwxrwxr-x /mail/grey > --rw-rw-r-- /mail/lib/blocked > --rw-rw-r-- /mail/lib/classify.re > --rwxrwxr-x /mail/lib/gone.fishing > --rwxrwxr-x /mail/lib/justqmail > --rwxrwxr-x /mail/lib/kickqueue > --rwxrwxr-x /mail/lib/lazyqmail > --rw-rw-r-- /mail/lib/namefiles > --rw-rw-r-- /mail/lib/names.local > --rw-rw-r-- /mail/lib/pipeto.bayes > --rw-rw-r-- /mail/lib/prof.mbox > --rw-rw-r-- /mail/lib/prof.spam > --rwxrwxr-x /mail/lib/remotemail > --rw-rw-r-- /mail/lib/rewrite.direct > --rw-rw-r-- /mail/lib/rewrite.gateway > --rwxrwxr-x /mail/lib/setup.bayes > --rw-rw-r-- /mail/lib/smtpd.conf > --rwxrwxr-x /mail/lib/validateaddress > --rwxrwxr-x /mail/lib/validateattachment > --rw-rw-r-- /mail/lib/white.starter > --rw-rw-r-- /mail/lib/gone.msg > --rw-rw-r-- /mail/lib/ignore > --rwxrwxr-x /mail/lib/isspam.rc > --rwxrwxr-x /mail/lib/mailnews > --rwxrwxr-x /mail/lib/msgcat.rc > --rw-rw-r-- /mail/lib/patterns > --rw-rw-r-- /mail/lib/pipeto.lib > --rwxrwxr-x /mail/lib/qmail > --rw-rw-r-- /mail/lib/rewrite > --rwxrwxr-x /mail/lib/spam.rc > --rwxrwxr-x /mail/lib/unspam.rc > d-rwxrwxr-x /mail/lib > d-rwxrwxr-x /mail/queue > d-rwxrwxrwx /mail/tmp > d-rwxrwxr-x /mail > cpu% > > My client shows following log after sending the mail: > > ; tail /sys/log/smtp.fail > cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris' > ; tail /sys/log/smtp > cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de > ; tail /sys/log/mail > cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220 > > Can't test the whole thing from my s-nail client because it demands a > cert that is not self signed. I could probably configure it to ignore > it somehow, but I'm not really interested in running s-nail anyway. > > Am I going to run into issues if I use a self signed cert in > communication with other smtp daemons? I would really like to avoid > signing certs to be honest. > > Anyway, I don't see how the FQA information alone could work. Is this > indeed the current configuration of the (9front.org|cat-v.org|...) > mail server? Any updates or insights would be very helpful. > > chris >