* [9front] Mail server setup
@ 2022-08-06 13:17 chris
2022-08-06 19:46 ` william
` (2 more replies)
0 siblings, 3 replies; 19+ messages in thread
From: chris @ 2022-08-06 13:17 UTC (permalink / raw)
To: 9front
Greetings all,
I recently started to setup my first 9front hosting system. At the
moment I'm having great issues with preparing my mail setup (like I
expected).
My server is already up and running auth/cpu/fs server
(185.183.157.17) which I can rcpu into without issues.
I'm not yet able to change my DNS entries, and as a result of that
bound to testing most of the features via IP. (If that turns out to be
the issue perhaps, I will be glad to risk it. I think smtp won't
be testable like that? Correct me if I'm wrong)
I followed the mail server configuration and maintenance from the FQA
( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
IMAP should work soley work with a proper tcp993, tls cert and of
course my user (chris) (having a proper Inferno/POP secret (?) and
groups):
cpu% ls -l /sys/lib/tls/
--rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README
d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed
--rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert
--rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key
cpu% ls -l /mail/box/
d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris
d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda
cpu% cat /adm/users
-1:adm:adm:glenda,chris
0:none:adm:
1:tor:tor:
2:glenda:glenda:
3:chris:chris:
10000:sys::glenda,chris
10001:map:map:
10002:doc::
10003:upas:upas:glenda,chris
10004:font::
cpu% cat /bin/service/tcp993
#!/bin/rc
exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
-r `{cat $3/remote} /bin/upas/imap4d -v -p \
>>[2]/sys/log/imap4d
cpu%
My tcp993 differs a bit, because the FQA version seemed faulty.
(imap4d in /bin/upas instead of /bin/ip and no second -r option,
aswell as some additional debug flags. I will fix that in the
FQA if it turns out to be wrong)
My TLS key is of course already in factotum and appended to it on
every boot in my cpurc like so:
cat /sys/lib/tls/key >> /mnt/factotum/ctl
Error response on client:
; upas/fs -f /imaps/185.183.157.17/chris
!Adding key: proto=cram server=185.183.157.17 user=chris
password:
!
upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
;
I also tried connecting via thunderbird on a linux machine. But no
success.
Log output server (either client):
cpu% cat /sys/log/imap4d
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
version: 0303
random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
sid: <0> [ ]
ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
compressors: <1> [ 00 ]
extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
version: 0303
random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
sid: <0> [ ]
cipher: cca8
compressor: 00
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate
<717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
curve: 001d
dh_Ys: nil
sigalg: 0401
dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
708eba2ee0ab671051ab3a11
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished
0ad8ef477b13c840feb6a93b
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished
chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open
cpu%
I know that I could just 9fs my mail, but I would like to get IMAP
working anyways. Feel free to ask if further information is required.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-06 13:17 [9front] Mail server setup chris
@ 2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-07 0:56 ` sl
2 siblings, 0 replies; 19+ messages in thread
From: william @ 2022-08-06 19:46 UTC (permalink / raw)
To: 9front
urgh. Mail is a struggle. I suspect one of the more experienced developers might have an answer. But to clarify
for everyone. The mail server works and you can get and receive mail on the server just fine.
Problem you are having is restricted to imap only and you wish to receive mail from a client like thunderbird
or another 9front using imap4d etc...
I get the feeling you have it correct but maybe the key is wrong?
I think you use auth/rsagen... to create the key. Then you run auth/rsa2x509 to sign it so what's in factotum
should be the key and it might look in /sys/lib/tls for the pem or cert? I Usually get this mixed up
I also had to throw my key in /cfg/$sysname and echo to factotum at boot. Yea maybe not the best security but
it works
mkdir /cfg/$sysname
touch /cfg/$sysname/cpustart
echo 'cat /sys/lib/tls/smtp/key >>/mnt/factotum/ctl' >>/cfg/$sysname/cpustart
Maybe its not the best way but my Macbook mail client for work can get mail, my ios phone can't because of a recent change and my self signed service is violates apple BS as a contractor.
my logs are usualy
fail or devtls expcted etc.
oh and chmod 400 for the key?
Quoth chris@chrisfroeschl.de:
> Greetings all,
>
> I recently started to setup my first 9front hosting system. At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
>
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
>
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
>
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
>
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
>
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda
> cpu% cat /adm/users
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
>
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
>
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
>
> Error response on client:
>
> ; upas/fs -f /imaps/185.183.157.17/chris
>
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
>
> I also tried connecting via thunderbird on a linux machine. But no
> success.
>
> Log output server (either client):
>
> cpu% cat /sys/log/imap4d
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> version: 0303
> random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> sid: <0> [ ]
> ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> compressors: <1> [ 00 ]
> extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> version: 0303
> random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> sid: <0> [ ]
> cipher: cca8
> compressor: 00
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> curve: 001d
> dh_Ys: nil
> sigalg: 0401
> dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open
>
> cpu%
>
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways. Feel free to ask if further information is required.
>
> chris
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-06 13:17 [9front] Mail server setup chris
2022-08-06 19:46 ` william
@ 2022-08-06 19:47 ` william
2022-08-08 10:26 ` chris
2022-08-07 0:56 ` sl
2 siblings, 1 reply; 19+ messages in thread
From: william @ 2022-08-06 19:47 UTC (permalink / raw)
To: 9front
chmod 600 for the key sorry
Quoth chris@chrisfroeschl.de:
> Greetings all,
>
> I recently started to setup my first 9front hosting system. At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
>
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
>
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
>
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
>
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
>
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda
> cpu% cat /adm/users
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
>
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
>
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
>
> Error response on client:
>
> ; upas/fs -f /imaps/185.183.157.17/chris
>
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
>
> I also tried connecting via thunderbird on a linux machine. But no
> success.
>
> Log output server (either client):
>
> cpu% cat /sys/log/imap4d
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> version: 0303
> random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> sid: <0> [ ]
> ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> compressors: <1> [ 00 ]
> extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> version: 0303
> random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> sid: <0> [ ]
> cipher: cca8
> compressor: 00
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> curve: 001d
> dh_Ys: nil
> sigalg: 0401
> dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open
>
> cpu%
>
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways. Feel free to ask if further information is required.
>
> chris
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-06 13:17 [9front] Mail server setup chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
@ 2022-08-07 0:56 ` sl
2 siblings, 0 replies; 19+ messages in thread
From: sl @ 2022-08-07 0:56 UTC (permalink / raw)
To: 9front
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
thanks, /bin/ip/upas was a mistake. i've updated the example to read:
#!/bin/rc
exec tlssrv -c/sys/lib/tls/cert -limap4d \
-r`{cat $3/remote} /bin/upas/imap4d -p \
-r`{cat $3/remote} >>[2]/sys/log/imap4d
# tlssrv and imap4d both have -r flags.
# to use with listen1, change $3 to $net.
the duplicate -r flag wasn't really a duplicate, it's just a valid
flag for both tlssrv and imap4d. maybe pointless overkill, but we
try to capture all the logging and error output we can.
sl
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-06 19:47 ` william
@ 2022-08-08 10:26 ` chris
2022-08-09 8:21 ` william
0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-08 10:26 UTC (permalink / raw)
To: 9front
Got a subdomain for testing now, but the error remains:
; upas/fs -f /imaps/test.chrisfroeschl.de/chris
!Adding key: proto=cram server=test.chrisfroeschl.de user=chris
password:
!
upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> chmod 600 for the key sorry
I created a new TLS cert several times to avoid an error there.
These were my last creation steps: (from the FQA)
; ramfs -p
; cd /tmp
; auth/rsagen -t 'service=tls role=client owner=*' >key
; chmod 600 key
; cp key /sys/lib/tls/key
; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert
Permission should suffice therefore.
I really can't see what I'm doing wrong by now. Perhaps some ndb
stuff that is required but not mentioned? Some special user settings?
etc.
Will investigate further while testing smtp as soon as I get the chance.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-08 10:26 ` chris
@ 2022-08-09 8:21 ` william
2022-08-09 18:09 ` chris
0 siblings, 1 reply; 19+ messages in thread
From: william @ 2022-08-09 8:21 UTC (permalink / raw)
To: 9front
yea I don't know. Here is my ndb
ipnet=thinktankworkspaces.com ip=45.79.94.0 ipmask=255.255.255.0
ipgw=45.79.94.1
dns=173.230.145.5
authdom=maat
auth=maat
dnsdom=think
cpu=maat
fs=maat
smtp=thinktankworkspaces.com
mail=thinktankworkspaces.com
#smtp=45.79.94.76
#mail=45.79.94.76
before I moved the domain I did everything with IP address. But relay issues DKIM issues popped up from
time to time. But final version is with fully qualified domain
I did do some other mangling but abandoned it because I'm letting gandi handle dns. Its just easier
but I had this earlier on before I commented it all out.
#dom=thinktankworkspaces.com
# ns=ns1.thinktankworkspaces.com
# ns=ns2.thinktankworkspaces.com
# mx=maat.thinktankworkspaces.com pref=1
# mail=maat.thinktankworkspaces.com
do you have a new line after the command exec tlssrv in /rc/bin/service/tcp993
Some of these scripts break because you must have a blank line at the very end. I forget the rules.
Quoth chris@chrisfroeschl.de:
> Got a subdomain for testing now, but the error remains:
>
> ; upas/fs -f /imaps/test.chrisfroeschl.de/chris
>
> !Adding key: proto=cram server=test.chrisfroeschl.de user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
>
> > chmod 600 for the key sorry
>
> I created a new TLS cert several times to avoid an error there.
>
> These were my last creation steps: (from the FQA)
>
> ; ramfs -p
> ; cd /tmp
> ; auth/rsagen -t 'service=tls role=client owner=*' >key
> ; chmod 600 key
> ; cp key /sys/lib/tls/key
> ; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert
>
> Permission should suffice therefore.
>
> I really can't see what I'm doing wrong by now. Perhaps some ndb
> stuff that is required but not mentioned? Some special user settings?
> etc.
>
> Will investigate further while testing smtp as soon as I get the chance.
>
> chris
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-09 8:21 ` william
@ 2022-08-09 18:09 ` chris
2022-08-11 12:37 ` chris
0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-09 18:09 UTC (permalink / raw)
To: 9front
Huh it just worked on a linux machine using my old s-nail configuration.
The logs showed:
chrisfroeschl Aug 9 18:02:53 initkeyseed: no keyseed: '/adm/keyseed' does not exist
chrisfroeschl Aug 9 18:02:53 keyfs starting warnings: 62f2852d 62f12a7d
chrisfroeschl Aug 9 18:02:53 cram-ok chris 185.183.157.17
chrisfroeschl Aug 9 18:02:53 tr-ok chris@chris(185.183.157.17) -> chris@chris
After that I tried it again on 9front and it just worked...
Feels like a first crack in had to be done through another client (?)
Anyways happy that it works. Sadly this doesn't feel like something I
could append to the FQA, since I still don't know what was going on.
I would be happy to hear, if someone sees an explanation for the
problem in this log.
Fighting with smtp now...
I always receive the claim to be a liar. (only in smtp ofc)
I know that the error is coming from /sys/src/cmd/upas/smtp/smtpd.c:475 ,
but I'm not competent enough to see my real issue behind that logic.
(at least for now)
cpu% cat /sys/log/smtpd
chrisfroeschl Aug 9 19:30:01 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 9 19:30:03 Hung up on XXX.XXX.XXX.XXX; claimed to be cirno.fritz.box
And from my s-nail setup with according error for example:
chris@test.chrisfroeschl.de requires a password:
s-nail: SMTP server: 554 5.7.0 Liar!
/home/pi/dead.letter 10/246
s-nail: ... message not sent
or my 9front client system smtpd log:
cirno Aug 9 19:29:34 delivery at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) hello failed: connection closed unexpectedly by remote system
after sending like so:
; echo $upasname # Changed other configs according to FQA aswell
chris@test.chrisfroeschl.de
; echo 9test1 | mail -s '9test1' chris@chrisfroeschl.de
My client factotum is filled with the smtp password like mentioned in
the FQA. Since I can send this email, my 9front client smtp configs
are working aswell (adjusting to subdomain for testing ofc).
I probably messed up some smtp config. Debugging at the moment.
Here is my current server status if someone is interested and
spots something:
cpu% cat /mail/lib/smtpd.conf
defaultdomain test.chrisfroeschl.de
norelay on
verifysenderdom off
saveblockedmsg off
ourdomains test.chrisfroeschl.de
cpu% cat /mail/lib/rewrite
# case conversion for postmaster
pOsTmAsTeR alias postmaster
# local mail
\l!(.*) alias \1
test.chrisfroeschl.de!(.*) alias \1
# translate local aliases from /mail/lib/namefiles
# \"(.+)\" translate "/bin/upas/aliasmail '\1'"
[^!@]+ translate "/bin/upas/aliasmail '&'"
local!(.*) >> /mail/box/\1/mbox
# convert source domain address to a chain a@b@c@d...
@([^@!,]*):([^!@]*)@([^!]*) alias \2@\3@\1
@([^@!]*),@([^!@,]*):([^!@]*)@([^!]*) alias @\1:\3@\4@\2
# convert a chain a@b@c@d... to ...d!c!b!a
([^@]+)@([^@]+)@(.+) alias \2!\1@\3
([^@]+)@([^@]+) alias \2!\1
# queue all mail for delivery
([^!]*)!(.*) | "/mail/lib/qmail '\s' 'net!\1'" "'\2'"
cpu% cat /mail/lib/names.local
# alias file, listed in /mail/lib/namefiles
postmaster chris
cpu% cat /mail/lib/remotemail
#!/bin/rc
shift
sender=$1
shift
addr=$1
shift
fd=`{/bin/upas/aliasmail -f $sender}
switch($fd){
case *.*
;
case *
fd=test.chrisfroeschl.de
}
exec /bin/upas/smtp -d -h $fd $addr $sender $*
cpu% cat /bin/service/tcp587
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3
cpu%
Btw my /lib/ndb/local :
(no smtp or mail whatsoever, doesn't seem to be required)
sys=chrisfroeschl fs=chrisfroeschl auth=chrisfroeschl ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.253.0 ipgw=185.183.156.1
dns=185.183.156.1
auth=chrisfroeschl authdom=chrisfroeschl.de
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-09 18:09 ` chris
@ 2022-08-11 12:37 ` chris
2022-08-11 14:29 ` Stanley Lieber
0 siblings, 1 reply; 19+ messages in thread
From: chris @ 2022-08-11 12:37 UTC (permalink / raw)
To: 9front
I tried to adjust my tcp587 like so:
cpu% cat /bin/service/tcp587
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3
using the hidden E flag which allows me to skip the liar part (
/sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of
a hack away for debugging or intended for use. Either way not
mentioned in the manpage, but used by sirjofri in his setup
http://sirjofri.de/changeblog/1594881674/ , while getting me at
least away from the liar errors.
Running from my client (all other configs adjusted ofc):
; echo $upasname
chris@test.chrisfroeschl.de
; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de
There doesn't seem to happen a 'real' authentication. The next server
logs show the attempt to use the queue of 'none':
cpu% tail /sys/log/auth
chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
cpu% tail /sys/log/mail
chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
error+ from 'test.chrisfroeschl.de!chris'
error+ to 'chrisfroeschl.de!chris'
error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
error+ '.
error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
error+
error+
cpu% tail /sys/log/smtpd
chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris'
Not sure why there doesn't seem to be a proper auth attempt (although
CRAM-MD5) is mentioned.
Do I have to prepare some /mail/queue structure for 'chris' btw? I
didn't do that by hand on my client if I remember correctly. Here is
my whole server /mail structure:
cpu% walk -exp /mail/
a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
...
d-rwxrwxrwx /mail/box/glenda/mbox
d-rwxrwxr-x /mail/box/glenda
a-rw-rw---- /mail/box/chris/mbox/1659696500.00
...
d-rwxrwxrwx /mail/box/chris/mbox
-lrw------- /mail/box/chris/mbox.idx
-lrw------- /mail/box/chris/L.mbox
--rwxrwxrwx /mail/box/chris/mbox.imp
a-rw-r----- /mail/box/chris/Sent/1660061970.00
...
d-rwxr-xr-x /mail/box/chris/Sent
-lrw------- /mail/box/chris/Sent.idx
--rw-r--r-- /mail/box/chris/Sent.imp
d-rwxr-xr-x /mail/box/chris
-lrw------- /mail/box/chris.idx
d-rwxrwxr-x /mail/box
d-rwxrwxr-x /mail/faxoutqueue
d-rwxrwxr-x /mail/faxqueue
d-r-xr-xr-x /mail/fs
d-rwxrwxr-x /mail/grey
--rw-rw-r-- /mail/lib/blocked
--rw-rw-r-- /mail/lib/classify.re
--rwxrwxr-x /mail/lib/gone.fishing
--rwxrwxr-x /mail/lib/justqmail
--rwxrwxr-x /mail/lib/kickqueue
--rwxrwxr-x /mail/lib/lazyqmail
--rw-rw-r-- /mail/lib/namefiles
--rw-rw-r-- /mail/lib/names.local
--rw-rw-r-- /mail/lib/pipeto.bayes
--rw-rw-r-- /mail/lib/prof.mbox
--rw-rw-r-- /mail/lib/prof.spam
--rwxrwxr-x /mail/lib/remotemail
--rw-rw-r-- /mail/lib/rewrite.direct
--rw-rw-r-- /mail/lib/rewrite.gateway
--rwxrwxr-x /mail/lib/setup.bayes
--rw-rw-r-- /mail/lib/smtpd.conf
--rwxrwxr-x /mail/lib/validateaddress
--rwxrwxr-x /mail/lib/validateattachment
--rw-rw-r-- /mail/lib/white.starter
--rw-rw-r-- /mail/lib/gone.msg
--rw-rw-r-- /mail/lib/ignore
--rwxrwxr-x /mail/lib/isspam.rc
--rwxrwxr-x /mail/lib/mailnews
--rwxrwxr-x /mail/lib/msgcat.rc
--rw-rw-r-- /mail/lib/patterns
--rw-rw-r-- /mail/lib/pipeto.lib
--rwxrwxr-x /mail/lib/qmail
--rw-rw-r-- /mail/lib/rewrite
--rwxrwxr-x /mail/lib/spam.rc
--rwxrwxr-x /mail/lib/unspam.rc
d-rwxrwxr-x /mail/lib
d-rwxrwxr-x /mail/queue
d-rwxrwxrwx /mail/tmp
d-rwxrwxr-x /mail
cpu%
My client shows following log after sending the mail:
; tail /sys/log/smtp.fail
cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris'
; tail /sys/log/smtp
cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
; tail /sys/log/mail
cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220
Can't test the whole thing from my s-nail client because it demands a
cert that is not self signed. I could probably configure it to ignore
it somehow, but I'm not really interested in running s-nail anyway.
Am I going to run into issues if I use a self signed cert in
communication with other smtp daemons? I would really like to avoid
signing certs to be honest.
Anyway, I don't see how the FQA information alone could work. Is this
indeed the current configuration of the (9front.org|cat-v.org|...)
mail server? Any updates or insights would be very helpful.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-11 12:37 ` chris
@ 2022-08-11 14:29 ` Stanley Lieber
2022-08-11 21:17 ` chris
0 siblings, 1 reply; 19+ messages in thread
From: Stanley Lieber @ 2022-08-11 14:29 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 7095 bytes --]
sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.)
i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files:
in cpustart:
cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas
http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
gaff; walk -d -e xUGp /mail/queue
d-rwxrwxr-x upas upas /mail/queue/upas
d-rwxrwxrwx none upas /mail/queue/none
d-rwxrwxr-x sl upas /mail/queue/sl
d-rwxrwxrwx sl upas /mail/queue
all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress).
the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created.
as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled.
there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
- client side use against a 9front server is not described at all.
- an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
i’ll address this.
sl
> On Aug 11, 2022, at 8:38 AM, chris@chrisfroeschl.de wrote:
>
> I tried to adjust my tcp587 like so:
>
> cpu% cat /bin/service/tcp587
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3
>
> using the hidden E flag which allows me to skip the liar part (
> /sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of
> a hack away for debugging or intended for use. Either way not
> mentioned in the manpage, but used by sirjofri in his setup
> http://sirjofri.de/changeblog/1594881674/ , while getting me at
> least away from the liar errors.
>
> Running from my client (all other configs adjusted ofc):
>
> ; echo $upasname
> chris@test.chrisfroeschl.de
> ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de
>
> There doesn't seem to happen a 'real' authentication. The next server
> logs show the attempt to use the queue of 'none':
>
> cpu% tail /sys/log/auth
> chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17
> cpu% tail /sys/log/mail
> chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022
> error+ from 'test.chrisfroeschl.de!chris'
> error+ to 'chrisfroeschl.de!chris'
> error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied
> error+ '.
> error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71.
> error+
> error+
> cpu% tail /sys/log/smtpd
> chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box
> chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris'
>
> Not sure why there doesn't seem to be a proper auth attempt (although
> CRAM-MD5) is mentioned.
>
> Do I have to prepare some /mail/queue structure for 'chris' btw? I
> didn't do that by hand on my client if I remember correctly. Here is
> my whole server /mail structure:
>
> cpu% walk -exp /mail/
> a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
> ...
> d-rwxrwxrwx /mail/box/glenda/mbox
> d-rwxrwxr-x /mail/box/glenda
> a-rw-rw---- /mail/box/chris/mbox/1659696500.00
> ...
> d-rwxrwxrwx /mail/box/chris/mbox
> -lrw------- /mail/box/chris/mbox.idx
> -lrw------- /mail/box/chris/L.mbox
> --rwxrwxrwx /mail/box/chris/mbox.imp
> a-rw-r----- /mail/box/chris/Sent/1660061970.00
> ...
> d-rwxr-xr-x /mail/box/chris/Sent
> -lrw------- /mail/box/chris/Sent.idx
> --rw-r--r-- /mail/box/chris/Sent.imp
> d-rwxr-xr-x /mail/box/chris
> -lrw------- /mail/box/chris.idx
> d-rwxrwxr-x /mail/box
> d-rwxrwxr-x /mail/faxoutqueue
> d-rwxrwxr-x /mail/faxqueue
> d-r-xr-xr-x /mail/fs
> d-rwxrwxr-x /mail/grey
> --rw-rw-r-- /mail/lib/blocked
> --rw-rw-r-- /mail/lib/classify.re
> --rwxrwxr-x /mail/lib/gone.fishing
> --rwxrwxr-x /mail/lib/justqmail
> --rwxrwxr-x /mail/lib/kickqueue
> --rwxrwxr-x /mail/lib/lazyqmail
> --rw-rw-r-- /mail/lib/namefiles
> --rw-rw-r-- /mail/lib/names.local
> --rw-rw-r-- /mail/lib/pipeto.bayes
> --rw-rw-r-- /mail/lib/prof.mbox
> --rw-rw-r-- /mail/lib/prof.spam
> --rwxrwxr-x /mail/lib/remotemail
> --rw-rw-r-- /mail/lib/rewrite.direct
> --rw-rw-r-- /mail/lib/rewrite.gateway
> --rwxrwxr-x /mail/lib/setup.bayes
> --rw-rw-r-- /mail/lib/smtpd.conf
> --rwxrwxr-x /mail/lib/validateaddress
> --rwxrwxr-x /mail/lib/validateattachment
> --rw-rw-r-- /mail/lib/white.starter
> --rw-rw-r-- /mail/lib/gone.msg
> --rw-rw-r-- /mail/lib/ignore
> --rwxrwxr-x /mail/lib/isspam.rc
> --rwxrwxr-x /mail/lib/mailnews
> --rwxrwxr-x /mail/lib/msgcat.rc
> --rw-rw-r-- /mail/lib/patterns
> --rw-rw-r-- /mail/lib/pipeto.lib
> --rwxrwxr-x /mail/lib/qmail
> --rw-rw-r-- /mail/lib/rewrite
> --rwxrwxr-x /mail/lib/spam.rc
> --rwxrwxr-x /mail/lib/unspam.rc
> d-rwxrwxr-x /mail/lib
> d-rwxrwxr-x /mail/queue
> d-rwxrwxrwx /mail/tmp
> d-rwxrwxr-x /mail
> cpu%
>
> My client shows following log after sending the mail:
>
> ; tail /sys/log/smtp.fail
> cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris'
> ; tail /sys/log/smtp
> cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de
> ; tail /sys/log/mail
> cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220
>
> Can't test the whole thing from my s-nail client because it demands a
> cert that is not self signed. I could probably configure it to ignore
> it somehow, but I'm not really interested in running s-nail anyway.
>
> Am I going to run into issues if I use a self signed cert in
> communication with other smtp daemons? I would really like to avoid
> signing certs to be honest.
>
> Anyway, I don't see how the FQA information alone could work. Is this
> indeed the current configuration of the (9front.org|cat-v.org|...)
> mail server? Any updates or insights would be very helpful.
>
> chris
>
[-- Attachment #2: Type: text/html, Size: 10208 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-11 14:29 ` Stanley Lieber
@ 2022-08-11 21:17 ` chris
2022-08-12 6:23 ` william
2022-08-12 6:33 ` sirjofri
0 siblings, 2 replies; 19+ messages in thread
From: chris @ 2022-08-11 21:17 UTC (permalink / raw)
To: 9front
Hello sl,
> sorry i have not been able to devote more time to troubleshooting
> this with you. (typing on a phone here.)
thank you for your message! No pressure regarding your help in
troubleshooting. It's not like I'm paying anyone here to help me.
Most ml messages had the function to document my current state for
myself anyway.
> http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
> http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
Your links helped me very much. I always forget that you share almost
all of your setup and didn't look into your /mail before.
I got the e flag from your tcp587 script and changed the /mail/queue
permissions like so:
cpu% cat /bin/service/tcp587
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
cpu% ls -ld /mail/queue/
d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
After applying these changes my /mail/queue was filled with a none
directory and I am able to send mail.
I would like to not dedicate a whole directory for services run by
user upas for now. Just chmoding a directory seems to suffice for
now.
I got perhaps some more questions if you are already involved:
(I will probably figure most of the stuff out myself (hopefully))
1.) Could you tell me why so many flags (and especially MANDATORY
flags) seem to be hidden in the src? Is the e flag intended for
production use? Otherwise a manpage update would help.
2.) What is your highscore at https://www.mail-tester.com ? Mine is
7/10. I know DKIM is no option (-1). But I receive at least -2 on
SpamAssassin regarding:
-0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
-1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org)
https://pyzor.readthedocs.io/en/latest/
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (https://www.pyzor.org)
0.001 SPF_HELO_PASS SPF: HELO matches SPF record
0.001 SPF_PASS SPF: sender matches SPF record
Great! Your SPF is valid
3.) I don't seem to be able to send mail to myself with this setup
(worked before). My smtpd logs when I try that:
test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
4.) Issues regarding receiving mails from my current mail server to
the 9 smtp server seem to remain. Perhaps some MX record error from
my side? I will debug this as good as I can the following days. Here
is my obsd maillog:
Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
>
> - client side use against a 9front server is not described at all.
>
> - an “Inferno/POP secret” is used as the password for both smtp and
> imap, which must be configured *in addition to* the user’s regular
> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
>
> i’ll address this.
I intend to send a FQA patch the coming days (as soon as everything
works) with some minor stuff I found besides the things you mentioned.
I can try to add a first draft regarding your points. Feel free to
edit it afterwards however you like.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-11 21:17 ` chris
@ 2022-08-12 6:23 ` william
2022-08-12 13:47 ` Stanley Lieber
2022-08-12 6:33 ` sirjofri
1 sibling, 1 reply; 19+ messages in thread
From: william @ 2022-08-12 6:23 UTC (permalink / raw)
To: 9front
I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
this year which was mostly messing around with dns.
http://thinktankworkspaces.com/plan9/email-upas
Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
think you have most of this figured out.
Quoth chris@chrisfroeschl.de:
> Hello sl,
>
> > sorry i have not been able to devote more time to troubleshooting
> > this with you. (typing on a phone here.)
>
> thank you for your message! No pressure regarding your help in
> troubleshooting. It's not like I'm paying anyone here to help me.
>
> Most ml messages had the function to document my current state for
> myself anyway.
>
> > http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
> > http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
>
> Your links helped me very much. I always forget that you share almost
> all of your setup and didn't look into your /mail before.
> I got the e flag from your tcp587 script and changed the /mail/queue
> permissions like so:
>
> cpu% cat /bin/service/tcp587
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
> cpu% ls -ld /mail/queue/
> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>
> After applying these changes my /mail/queue was filled with a none
> directory and I am able to send mail.
>
> I would like to not dedicate a whole directory for services run by
> user upas for now. Just chmoding a directory seems to suffice for
> now.
>
> I got perhaps some more questions if you are already involved:
> (I will probably figure most of the stuff out myself (hopefully))
>
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src? Is the e flag intended for
> production use? Otherwise a manpage update would help.
>
> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10. I know DKIM is no option (-1). But I receive at least -2 on
> SpamAssassin regarding:
>
> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
> -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record
> 0.001 SPF_PASS SPF: sender matches SPF record
> Great! Your SPF is valid
>
> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before). My smtpd logs when I try that:
>
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>
> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain. Perhaps some MX record error from
> my side? I will debug this as good as I can the following days. Here
> is my obsd maillog:
>
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>
> > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> >
> > - client side use against a 9front server is not described at all.
> >
> > - an “Inferno/POP secret” is used as the password for both smtp and
> > imap, which must be configured *in addition to* the user’s regular
> > auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
> >
> > i’ll address this.
>
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points. Feel free to
> edit it afterwards however you like.
>
> chris
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-11 21:17 ` chris
2022-08-12 6:23 ` william
@ 2022-08-12 6:33 ` sirjofri
2022-08-12 7:10 ` sirjofri
1 sibling, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12 6:33 UTC (permalink / raw)
To: 9front
11.08.2022 23:17:30 chris@chrisfroeschl.de:
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src? Is the e flag intended for
> production use? Otherwise a manpage update would help.
Simple answer: because the man page sucks and modern mail sucks. Feel
free to send patches for the man pages, people will like it. Also read
the man pages carefully, the arguments are not as listed as in most linux
man pages.
> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10. I know DKIM is no option (-1). But I receive at least -2 on
> SpamAssassin regarding:
>
> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
> -1.985 PYZOR_CHECK Similar message reported on Pyzor
> (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by
> Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record
> 0.001 SPF_PASS SPF: sender matches SPF record
> Great! Your SPF is valid
The -2 by pyzor check tells everything. I guess you sent some kinda test
mail with some test content? Try sending some real fake text, for example
one of the short stories I wrote or whatever.
> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before). My smtpd logs when I try that:
>
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from
> cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed
> test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked
> name test.chrisfroeschl.de!chris
That sounds like an error in /mail/lib files. See the rewrite file there
and also the smtpd.conf file, I guess. I don't know the exact details, so
have fun.
> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain. Perhaps some MX record error from
> my side? I will debug this as good as I can the following days. Here
> is my obsd maillog:
>
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route
> for
> [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta
> delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de>
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-"
> relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network
> error on destination MXs"
>
> After cping my tcp587 to tcp25 I got (just to test if it only uses port
> 25):
>
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta
> delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de>
> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212"
> relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s
> result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user
> unknown"
In my setup I have both tcp25 and tcp587. Tcp587 uses -a fpr
authentication (use that for sending mail) while tcp25 is the incoming
port without -a.
In smtpd.conf there should be defaultdomain and ourdomains both be set to
your domain. Iirc it didn't work properly if I only specified
defaultdomain.
>> there is a deficiency in the fqa’s description of setting up smtp and
>> imap for remote users:
>>
>> - client side use against a 9front server is not described at all.
>>
>> - an “Inferno/POP secret” is used as the password for both smtp and
>> imap, which must be configured *in addition to* the user’s regular
>> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
>>
>> i’ll address this.
>
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points. Feel free to
> edit it afterwards however you like.
Regarding patches, I don't remember if my smtp patch is already applied
to front. It adds a new flag to smtp to skil the certificate check
completely. Here it is if you're interested:
http://sirjofri.de/oat/patches/smtp.patch
Also, send patches.
sirjofri
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 6:33 ` sirjofri
@ 2022-08-12 7:10 ` sirjofri
2022-08-12 15:27 ` chris
0 siblings, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12 7:10 UTC (permalink / raw)
To: 9front
I also did a mail-tester test, but from my phone mail client using my
server, so I don't know what headers are added.
Results are 9/10, and the missing points are: No DKIM, no
unsubscribe-header.
sirjofri
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 6:23 ` william
@ 2022-08-12 13:47 ` Stanley Lieber
0 siblings, 0 replies; 19+ messages in thread
From: Stanley Lieber @ 2022-08-12 13:47 UTC (permalink / raw)
To: 9front
that was ori. i’ve never messed with dkim or dmarc at all.
sl
> On Aug 12, 2022, at 2:24 AM, william@thinktankworkspaces.com wrote:
>
> I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
> this year which was mostly messing around with dns.
>
> http://thinktankworkspaces.com/plan9/email-upas
>
> Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
> dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
> think you have most of this figured out.
>
>
> Quoth chris@chrisfroeschl.de:
>> Hello sl,
>>
>>> sorry i have not been able to devote more time to troubleshooting
>>> this with you. (typing on a phone here.)
>>
>> thank you for your message! No pressure regarding your help in
>> troubleshooting. It's not like I'm paying anyone here to help me.
>>
>> Most ml messages had the function to document my current state for
>> myself anyway.
>>
>>> http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
>>> http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
>>
>> Your links helped me very much. I always forget that you share almost
>> all of your setup and didn't look into your /mail before.
>> I got the e flag from your tcp587 script and changed the /mail/queue
>> permissions like so:
>>
>> cpu% cat /bin/service/tcp587
>> #!/bin/rc
>> user=`{cat /dev/user}
>> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
>> cpu% ls -ld /mail/queue/
>> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>>
>> After applying these changes my /mail/queue was filled with a none
>> directory and I am able to send mail.
>>
>> I would like to not dedicate a whole directory for services run by
>> user upas for now. Just chmoding a directory seems to suffice for
>> now.
>>
>> I got perhaps some more questions if you are already involved:
>> (I will probably figure most of the stuff out myself (hopefully))
>>
>> 1.) Could you tell me why so many flags (and especially MANDATORY
>> flags) seem to be hidden in the src? Is the e flag intended for
>> production use? Otherwise a manpage update would help.
>>
>> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
>> 7/10. I know DKIM is no option (-1). But I receive at least -2 on
>> SpamAssassin regarding:
>>
>> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
>> -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org)
>> https://pyzor.readthedocs.io/en/latest/
>> Please test a real content, test Newsletters will always be flagged by Pyzor
>> Adjust your message or request whitelisting (https://www.pyzor.org)
>> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record
>> 0.001 SPF_PASS SPF: sender matches SPF record
>> Great! Your SPF is valid
>>
>> 3.) I don't seem to be able to send mail to myself with this setup
>> (worked before). My smtpd logs when I try that:
>>
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>>
>> 4.) Issues regarding receiving mails from my current mail server to
>> the 9 smtp server seem to remain. Perhaps some MX record error from
>> my side? I will debug this as good as I can the following days. Here
>> is my obsd maillog:
>>
>> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
>> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>>
>> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>>
>> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>>
>>> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
>>>
>>> - client side use against a 9front server is not described at all.
>>>
>>> - an “Inferno/POP secret” is used as the password for both smtp and
>>> imap, which must be configured *in addition to* the user’s regular
>>> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
>>>
>>> i’ll address this.
>>
>> I intend to send a FQA patch the coming days (as soon as everything
>> works) with some minor stuff I found besides the things you mentioned.
>> I can try to add a first draft regarding your points. Feel free to
>> edit it afterwards however you like.
>>
>> chris
>>
>
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 7:10 ` sirjofri
@ 2022-08-12 15:27 ` chris
2022-08-12 18:49 ` sirjofri
2022-08-12 22:25 ` ori
0 siblings, 2 replies; 19+ messages in thread
From: chris @ 2022-08-12 15:27 UTC (permalink / raw)
To: 9front
> Results are 9/10, and the missing points are: No DKIM, no
> unsubscribe-header.
Indeed I got the same after sending a 'real' message. Nice!
> That sounds like an error in /mail/lib files. See the rewrite file there
> and also the smtpd.conf file, I guess. I don't know the exact details, so
> have fun.
Still struggeling with 3.) and 4.) . I'm certain they are the same
problem. My server always responds to the client (9 client aswell as
a linux client) after trying to send to chris@test.chrisfroeschl.de :
cirno Aug 12 16:37:40 delivery chris@test.chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 550 5.1.1 test.chrisfroeschl.de!chris ... user unknown
While logging on the server:
test.chrisfroeschl.de Aug 12 16:38:13 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.20) to blocked name test.chrisfroeschl.de!chris
This feels like a /mail/lib/rewrite issue. Resulting from a faulty
upas/aliasmail or unmatched alias.
From my understanding test.chrisfroeschl.de!chris should be resolved by
\l!(.*) alias \1
to 'chris', followed by
[^!@]+ translate "/bin/upas/aliasmail '&'"
resulting in 'local!chris', and finally followed by
local!(.*) >> /mail/box/\1/mbox
appending the mail to /mail/box/chris/mbox .
Or isn't the real rewrite input 'test.chrisfroeschl.de!chris'?
I feel like I read every resource on those /mail/lib files a thousand
times, but I'm not able to see anything by now. I tried plenty of
stuff, but I will share (hopefully for the last time) my current updated
configs in case someone can see a mistake:
cpu% cat /mail/lib/rewrite
# case conversion for postmaster
pOsTmAsTeR alias postmaster
\l!(.*) alias \1
\l\.test.chrisfroeschl.de!(.*) alias \1
(test.chrisfroeschl.de)!(.*) alias \2
# translate local aliases from /mail/lib/namefiles
\"(.+)\" translate "/bin/upas/aliasmail '\1'"
[^!@]+ translate "/bin/upas/aliasmail '&'"
local!"(.+)" >> /mail/box/\1/mbox
local!(.*) >> /mail/box/\1/mbox
# convert source domain address to a chain a@b@c@d...
@([^@!,]*):([^!@]*)@([^!]*) alias \2@\3@\1
@([^@!]*),@([^!@,]*):([^!@]*)@([^!]*) alias @\1:\3@\4@\2
# convert a chain a@b@c@d... to ...d!c!b!a
([^@]+)@([^@]+)@(.+) alias \2!\1@\3
([^@]+)@([^@]+) alias \2!\1
# queue all mail for delivery
([^!]*)!(.*) | "/mail/lib/qmail '\s' 'net!\1'" "'\2'"
cpu% cat /mail/lib/smtpd.conf
defaultdomain test.chrisfroeschl.de
norelay on
verifysenderdom off
saveblockedmsg off
ournets 185.183.157.17/22
ourdomains test.chrisfroeschl.de
cpu% walk -exp /mail/
a-rw-rw---- /mail/box/glenda/mbox/1659696218.00
a-rw-rw---- /mail/box/glenda/mbox/1659696248.00
a-rw-rw---- /mail/box/glenda/mbox/1659696323.00
d-rwxrwxrwx /mail/box/glenda/mbox
d-rwxrwxr-x /mail/box/glenda
a-rw-r----- /mail/box/chris/mbox/1660242093.00
a-rw-r----- /mail/box/chris/mbox/1660299006.00
d-rwxr-xr-x /mail/box/chris/mbox
-lrw------- /mail/box/chris/mbox.idx
-lrw------- /mail/box/chris/L.mbox
--rwxr-xr-x /mail/box/chris/mbox.imp
a-rw-r----- /mail/box/chris/Sent/1660226710.00
a-rw-r----- /mail/box/chris/Sent/1660309584.00
d-rwxr-xr-x /mail/box/chris/Sent
-lrw------- /mail/box/chris/Sent.idx
--rwxr-xr-x /mail/box/chris/Sent.imp
--rw-r--r-- /mail/box/chris/imap.subscribed
d-rwxr-xr-x /mail/box/chris/Trash
-lrw------- /mail/box/chris/Trash.idx
--rwxr-xr-x /mail/box/chris/Trash.imp
a-rw-r----- /mail/box/chris/Drafts/1660309938.00
d-rwxr-xr-x /mail/box/chris/Drafts
-lrw------- /mail/box/chris/Drafts.idx
--rwxr-xr-x /mail/box/chris/Drafts.imp
d-rwxr-xr-x /mail/box/chris
d-rwxrwxr-x /mail/box
d-rwxrwxr-x /mail/faxoutqueue
d-rwxrwxr-x /mail/faxqueue
d-r-xr-xr-x /mail/fs
d-rwxrwxr-x /mail/grey
--rw-rw-r-- /mail/lib/blocked
--rw-rw-r-- /mail/lib/classify.re
--rwxrwxr-x /mail/lib/gone.fishing
--rwxrwxr-x /mail/lib/justqmail
--rwxrwxr-x /mail/lib/kickqueue
--rwxrwxr-x /mail/lib/lazyqmail
--rw-rw-r-- /mail/lib/namefiles
--rw-rw-r-- /mail/lib/names.local
--rw-rw-r-- /mail/lib/pipeto.bayes
--rw-rw-r-- /mail/lib/prof.mbox
--rw-rw-r-- /mail/lib/prof.spam
--rwxrwxr-x /mail/lib/remotemail
--rw-rw-r-- /mail/lib/rewrite.direct
--rw-rw-r-- /mail/lib/rewrite.gateway
--rwxrwxr-x /mail/lib/setup.bayes
--rw-rw-r-- /mail/lib/smtpd.conf
--rwxrwxr-x /mail/lib/validateaddress
--rwxrwxr-x /mail/lib/validateattachment
--rw-rw-r-- /mail/lib/white.starter
--rw-rw-r-- /mail/lib/gone.msg
--rw-rw-r-- /mail/lib/ignore
--rwxrwxr-x /mail/lib/isspam.rc
--rwxrwxr-x /mail/lib/mailnews
--rwxrwxr-x /mail/lib/msgcat.rc
--rw-rw-r-- /mail/lib/patterns
--rw-rw-r-- /mail/lib/pipeto.lib
--rwxrwxr-x /mail/lib/qmail
--rw-rw-r-- /mail/lib/rewrite
--rwxrwxr-x /mail/lib/spam.rc
--rwxrwxr-x /mail/lib/unspam.rc
d-rwxrwxr-x /mail/lib
-lrw-rw-rw- /mail/queue/none/L.mbox
d-rwxrwxrwx /mail/queue/none
d-rwxrwxrwx /mail/queue/none
d-rwxrwxrwx /mail/queue
d-rwxrwxrwx /mail/tmp
d-rwxrwxr-x /mail
cpu% cat /bin/service/tcp25
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3
cpu% cat /bin/service/tcp587
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -a -d -e -c /sys/lib/tls/cert -n $3
cpu% cat /lib/ndb/local
sys=test.chrisfroeschl.de fs=test.chrisfroeschl.de auth=test.chrisfroeschl.de smtp=test.chrisfroeschl.de mail=test.chrisfroeschl.de authdom=chrisfroeschl.de ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.252.0 ipgw=185.183.156.1
dns=185.183.156.1
cpu%
I don't seem to get to remotemail or qmail (like expected because it
should be a local mbox append inside rewrite, right?). That's why I
don't mind them for now.
I changed my sysname to the actual domain aswell as most other entries
associated with it after having mail score issues with my previous one
(chrisfroeschl). I hope that's not an issue.
PS: Thanks william@thinktankworkspaces.com for the link. Got some
more insights, but nothing final for now from it.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 15:27 ` chris
@ 2022-08-12 18:49 ` sirjofri
2022-08-12 20:53 ` chris
2022-08-12 22:25 ` ori
1 sibling, 1 reply; 19+ messages in thread
From: sirjofri @ 2022-08-12 18:49 UTC (permalink / raw)
To: 9front
My advise is to also follow the functionality:
For example, you get debug output/log messages. You can try finding the
messages in the source and see what's happening there. This way you can
figure out what's needed and understand why it happens.
Also, have a look in the scripts. Iirc there's some program that
essentially uses some input and the rewrite rules to figure out the real
address. Use the same program (I don't remember the name) to see what's
returned, and that can be totally wrong -> then your rewrite rules are
wrong.
Good luck
sirjofri
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 18:49 ` sirjofri
@ 2022-08-12 20:53 ` chris
0 siblings, 0 replies; 19+ messages in thread
From: chris @ 2022-08-12 20:53 UTC (permalink / raw)
To: 9front
Solved it. In the end it was all about permission problems.
/mail/box/chris/... seems to be used as 'none' again. Requires
read and write permissions for other.
I will probably play a bit with auth/box and 'auth/as upas' to
get sane permissions configuration.
Thanks to all folks helping here. You did a great service to a
desperate mail server pleb.
chris
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 15:27 ` chris
2022-08-12 18:49 ` sirjofri
@ 2022-08-12 22:25 ` ori
2022-08-13 9:56 ` Steve Simon
1 sibling, 1 reply; 19+ messages in thread
From: ori @ 2022-08-12 22:25 UTC (permalink / raw)
To: 9front
Quoth chris@chrisfroeschl.de:
> > Results are 9/10, and the missing points are: No DKIM, no
> > unsubscribe-header.
>
> Indeed I got the same after sending a 'real' message. Nice!
dkim is in an uncommitted patch; it works for outgoing
mail, but I'm not quite ready to commit; there are some
questions on how the keys get managed for senders.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [9front] Mail server setup
2022-08-12 22:25 ` ori
@ 2022-08-13 9:56 ` Steve Simon
0 siblings, 0 replies; 19+ messages in thread
From: Steve Simon @ 2022-08-13 9:56 UTC (permalink / raw)
To: 9front
create your mailbox with mail -c,
and your crontab using cron -c.
these tools ensure the created file has the correct ownership and permissions for the appropriate tool.
normally these are created by /sys/lib/newuser
plan9, don't ya just love it?
-Steve
> On 13 Aug 2022, at 12:28 am, ori@eigenstate.org wrote:
>
> Quoth chris@chrisfroeschl.de:
>>> Results are 9/10, and the missing points are: No DKIM, no
>>> unsubscribe-header.
>>
>> Indeed I got the same after sending a 'real' message. Nice!
>
> dkim is in an uncommitted patch; it works for outgoing
> mail, but I'm not quite ready to commit; there are some
> questions on how the keys get managed for senders.
>
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2022-08-13 9:58 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-06 13:17 [9front] Mail server setup chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-08 10:26 ` chris
2022-08-09 8:21 ` william
2022-08-09 18:09 ` chris
2022-08-11 12:37 ` chris
2022-08-11 14:29 ` Stanley Lieber
2022-08-11 21:17 ` chris
2022-08-12 6:23 ` william
2022-08-12 13:47 ` Stanley Lieber
2022-08-12 6:33 ` sirjofri
2022-08-12 7:10 ` sirjofri
2022-08-12 15:27 ` chris
2022-08-12 18:49 ` sirjofri
2022-08-12 20:53 ` chris
2022-08-12 22:25 ` ori
2022-08-13 9:56 ` Steve Simon
2022-08-07 0:56 ` sl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).