9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
Subject: Re: [9front] Mail server setup
Date: Fri, 12 Aug 2022 09:47:10 -0400	[thread overview]
Message-ID: <59E76914-CC03-4FE4-96E6-D0066BC24681@stanleylieber.com> (raw)
In-Reply-To: <CC3839A659DF3E4FC42982DDE1B4F571@thinktankworkspaces.com>

that was ori. i’ve never messed with dkim or dmarc at all.

sl


> On Aug 12, 2022, at 2:24 AM, william@thinktankworkspaces.com wrote:
> 
> I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
> this year which was mostly messing around with dns.
> 
> http://thinktankworkspaces.com/plan9/email-upas
> 
> Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
> dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
> think you have most of this figured out. 
> 
> 
> Quoth chris@chrisfroeschl.de:
>> Hello sl,
>> 
>>> sorry i have not been able to devote more time to troubleshooting
>>> this with you.  (typing on a phone here.)
>> 
>> thank you for your message!  No pressure regarding your help in
>> troubleshooting.  It's not like I'm paying anyone here to help me.
>> 
>> Most ml messages had the function to document my current state for
>> myself anyway.
>> 
>>> http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
>>> http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/
>> 
>> Your links helped me very much.  I always forget that you share almost
>> all of your setup and didn't look into your /mail before.
>> I got the e flag from your tcp587 script and changed the /mail/queue
>> permissions like so:
>> 
>> cpu% cat /bin/service/tcp587 
>> #!/bin/rc
>> user=`{cat /dev/user}
>> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
>> cpu% ls -ld /mail/queue/
>> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>> 
>> After applying these changes my /mail/queue was filled with a none
>> directory and I am able to send mail.
>> 
>> I would like to not dedicate a whole directory for services run by
>> user upas for now.  Just chmoding a directory seems to suffice for
>> now.
>> 
>> I got perhaps some more questions if you are already involved:
>> (I will probably figure most of the stuff out myself (hopefully))
>> 
>> 1.) Could you tell me why so many flags (and especially MANDATORY
>> flags) seem to be hidden in the src?  Is the e flag intended for
>> production use? Otherwise a manpage update would help.
>> 
>> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
>> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
>> SpamAssassin regarding:
>> 
>> -0.001    FSL_BULK_SIG    Bulk signature with no Unsubscribe
>> -1.985    PYZOR_CHECK    Similar message reported on Pyzor (https://www.pyzor.org)
>> https://pyzor.readthedocs.io/en/latest/
>> Please test a real content, test Newsletters will always be flagged by Pyzor
>> Adjust your message or request whitelisting (https://www.pyzor.org)
>> 0.001    SPF_HELO_PASS    SPF: HELO matches SPF record
>> 0.001    SPF_PASS    SPF: sender matches SPF record
>> Great! Your SPF is valid
>> 
>> 3.) I don't seem to be able to send mail to myself with this setup
>> (worked before).  My smtpd logs when I try that:
>> 
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>> 
>> 4.) Issues regarding receiving mails from my current mail server to
>> the 9 smtp server seem to remain.  Perhaps some MX record error from
>> my side?  I will debug this as good as I can the following days.  Here
>> is my obsd maillog:
>> 
>> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
>> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>> 
>> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>> 
>> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>> 
>>> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
>>> 
>>> - client side use against a 9front server is not described at all.
>>> 
>>> - an “Inferno/POP secret” is used as the password for both smtp and
>>> imap, which must be configured *in addition to* the user’s regular
>>> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
>>> 
>>> i’ll address this.
>> 
>> I intend to send a FQA patch the coming days (as soon as everything
>> works) with some minor stuff I found besides the things you mentioned.
>> I can try to add a first draft regarding your points.  Feel free to
>> edit it afterwards however you like.
>> 
>> chris
>> 
> 
> 


  reply	other threads:[~2022-08-12 13:48 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-06 13:17 chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-08 10:26   ` chris
2022-08-09  8:21     ` william
2022-08-09 18:09       ` chris
2022-08-11 12:37         ` chris
2022-08-11 14:29           ` Stanley Lieber
2022-08-11 21:17             ` chris
2022-08-12  6:23               ` william
2022-08-12 13:47                 ` Stanley Lieber [this message]
2022-08-12  6:33               ` sirjofri
2022-08-12  7:10                 ` sirjofri
2022-08-12 15:27                   ` chris
2022-08-12 18:49                     ` sirjofri
2022-08-12 20:53                       ` chris
2022-08-12 22:25                     ` ori
2022-08-13  9:56                       ` Steve Simon
2022-08-07  0:56 ` sl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=59E76914-CC03-4FE4-96E6-D0066BC24681@stanleylieber.com \
    --to=sl@stanleylieber.com \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).