sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.)
i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files:
cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas
gaff; walk -d -e xUGp /mail/queue
d-rwxrwxr-x upas upas /mail/queue/upas
d-rwxrwxrwx none upas /mail/queue/none
d-rwxrwxr-x sl upas /mail/queue/sl
d-rwxrwxrwx sl upas /mail/queue
all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress).
the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created.
as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled.
there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
- client side use against a 9front server is not described at all.
- an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see:
http://fqa.9front.org/fqa7.html#7.4.2
i’ll address this.
I tried to adjust my tcp587 like so:
cpu% cat /bin/service/tcp587
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3
using the hidden E flag which allows me to skip the liar part (
/sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of
a hack away for debugging or intended for use. Either way not
mentioned in the manpage, but used by sirjofri in his setup
http://sirjofri.de/changeblog/1594881674/ , while getting me at
least away from the liar errors.
Running from my client (all other configs adjusted ofc):
; echo $upasname
chris@test.chrisfroeschl.de
; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de
There doesn't seem to happen a 'real' authentication. The next server
logs show the attempt to use the queue of 'none':
cpu% tail /sys/log/auth
chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
cpu% tail /sys/log/mail
chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
error+ from 'test.chrisfroeschl.de!chris'
error+ to 'chrisfroeschl.de!chris'
error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
error+ '.
error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
error+
error+
cpu% tail /sys/log/smtpd
chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris'
Not sure why there doesn't seem to be a proper auth attempt (although
CRAM-MD5) is mentioned.
Do I have to prepare some /mail/queue structure for 'chris' btw? I
didn't do that by hand on my client if I remember correctly. Here is
my whole server /mail structure:
cpu% walk -exp /mail/
a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
...
d-rwxrwxrwx /mail/box/glenda/mbox
d-rwxrwxr-x /mail/box/glenda
a-rw-rw---- /mail/box/chris/mbox/1659696500.00
...
d-rwxrwxrwx /mail/box/chris/mbox
-lrw------- /mail/box/chris/mbox.idx
-lrw------- /mail/box/chris/L.mbox
--rwxrwxrwx /mail/box/chris/mbox.imp
a-rw-r----- /mail/box/chris/Sent/1660061970.00
...
d-rwxr-xr-x /mail/box/chris/Sent
-lrw------- /mail/box/chris/Sent.idx
--rw-r--r-- /mail/box/chris/Sent.imp
d-rwxr-xr-x /mail/box/chris
-lrw------- /mail/box/chris.idx
d-rwxrwxr-x /mail/box
d-rwxrwxr-x /mail/faxoutqueue
d-rwxrwxr-x /mail/faxqueue
d-r-xr-xr-x /mail/fs
d-rwxrwxr-x /mail/grey
--rw-rw-r-- /mail/lib/blocked
--rw-rw-r-- /mail/lib/classify.re
--rwxrwxr-x /mail/lib/gone.fishing
--rwxrwxr-x /mail/lib/justqmail
--rwxrwxr-x /mail/lib/kickqueue
--rwxrwxr-x /mail/lib/lazyqmail
--rw-rw-r-- /mail/lib/namefiles
--rw-rw-r-- /mail/lib/names.local
--rw-rw-r-- /mail/lib/pipeto.bayes
--rw-rw-r-- /mail/lib/prof.mbox
--rw-rw-r-- /mail/lib/prof.spam
--rwxrwxr-x /mail/lib/remotemail
--rw-rw-r-- /mail/lib/rewrite.direct
--rw-rw-r-- /mail/lib/rewrite.gateway
--rwxrwxr-x /mail/lib/setup.bayes
--rw-rw-r-- /mail/lib/smtpd.conf
--rwxrwxr-x /mail/lib/validateaddress
--rwxrwxr-x /mail/lib/validateattachment
--rw-rw-r-- /mail/lib/white.starter
--rw-rw-r-- /mail/lib/gone.msg
--rw-rw-r-- /mail/lib/ignore
--rwxrwxr-x /mail/lib/isspam.rc
--rwxrwxr-x /mail/lib/mailnews
--rwxrwxr-x /mail/lib/msgcat.rc
--rw-rw-r-- /mail/lib/patterns
--rw-rw-r-- /mail/lib/pipeto.lib
--rwxrwxr-x /mail/lib/qmail
--rw-rw-r-- /mail/lib/rewrite
--rwxrwxr-x /mail/lib/spam.rc
--rwxrwxr-x /mail/lib/unspam.rc
d-rwxrwxr-x /mail/lib
d-rwxrwxr-x /mail/queue
d-rwxrwxrwx /mail/tmp
d-rwxrwxr-x /mail
cpu%
My client shows following log after sending the mail:
; tail /sys/log/smtp.fail
cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris'
; tail /sys/log/smtp
cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
; tail /sys/log/mail
cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220
Can't test the whole thing from my s-nail client because it demands a
cert that is not self signed. I could probably configure it to ignore
it somehow, but I'm not really interested in running s-nail anyway.
Am I going to run into issues if I use a self signed cert in
communication with other smtp daemons? I would really like to avoid
signing certs to be honest.
Anyway, I don't see how the FQA information alone could work. Is this
indeed the current configuration of the (9front.org|cat-v.org|...)
mail server? Any updates or insights would be very helpful.
chris