From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15762 invoked from network); 12 Aug 2022 13:48:35 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 12 Aug 2022 13:48:35 -0000 Received: from gaff.inri.net ([168.235.71.243]) by 9front; Fri Aug 12 09:47:11 -0400 2022 Received: from smtpclient.apple ([104.59.85.219]) by gaff; Fri Aug 12 09:47:11 -0400 2022 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Stanley Lieber Mime-Version: 1.0 (1.0) Message-Id: <59E76914-CC03-4FE4-96E6-D0066BC24681@stanleylieber.com> References: In-Reply-To: To: 9front@9front.org Date: Fri, 12 Aug 2022 09:47:10 -0400 X-Mailer: iPhone Mail (19G71) List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: stateless extension-aware AJAX over SQL base strategy Subject: Re: [9front] Mail server setup Reply-To: 9front@9front.org Precedence: bulk that was ori. i=E2=80=99ve never messed with dkim or dmarc at all. sl > On Aug 12, 2022, at 2:24 AM, william@thinktankworkspaces.com wrote: >=20 > =EF=BB=BFI know 'sl' added more dkim features into 9front but i'm still us= ing what I implemented earlier > this year which was mostly messing around with dns. >=20 > http://thinktankworkspaces.com/plan9/email-upas >=20 > Just above troubleshooting section I have some DNS notes and some of my ex= perience messing with spf > dmarc and I managed to get 9/10 score. I don't know maybe some of it might= be helpful but I > think you have most of this figured out.=20 >=20 >=20 > Quoth chris@chrisfroeschl.de: >> Hello sl, >>=20 >>> sorry i have not been able to devote more time to troubleshooting >>> this with you. (typing on a phone here.) >>=20 >> thank you for your message! No pressure regarding your help in >> troubleshooting. It's not like I'm paying anyone here to help me. >>=20 >> Most ml messages had the function to document my current state for >> myself anyway. >>=20 >>> http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.= upas/ >>> http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ >>=20 >> Your links helped me very much. I always forget that you share almost >> all of your setup and didn't look into your /mail before. >> I got the e flag from your tcp587 script and changed the /mail/queue >> permissions like so: >>=20 >> cpu% cat /bin/service/tcp587=20 >> #!/bin/rc >> user=3D`{cat /dev/user} >> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3 >> cpu% ls -ld /mail/queue/ >> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue >>=20 >> After applying these changes my /mail/queue was filled with a none >> directory and I am able to send mail. >>=20 >> I would like to not dedicate a whole directory for services run by >> user upas for now. Just chmoding a directory seems to suffice for >> now. >>=20 >> I got perhaps some more questions if you are already involved: >> (I will probably figure most of the stuff out myself (hopefully)) >>=20 >> 1.) Could you tell me why so many flags (and especially MANDATORY >> flags) seem to be hidden in the src? Is the e flag intended for >> production use? Otherwise a manpage update would help. >>=20 >> 2.) What is your highscore at https://www.mail-tester.com ? Mine is >> 7/10. I know DKIM is no option (-1). But I receive at least -2 on >> SpamAssassin regarding: >>=20 >> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe >> -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.p= yzor.org) >> https://pyzor.readthedocs.io/en/latest/ >> Please test a real content, test Newsletters will always be flagged by Py= zor >> Adjust your message or request whitelisting (https://www.pyzor.org) >> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record >> 0.001 SPF_PASS SPF: sender matches SPF record >> Great! Your SPF is valid >>=20 >> 3.) I don't seem to be able to send mail to myself with this setup >> (worked before). My smtpd logs when I try that: >>=20 >> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fr= itz.box >> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box >> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fr= itz.box >> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from ci= rno.fritz.box >> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!ch= ris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!ch= ris >>=20 >> 4.) Issues regarding receiving mails from my current mail server to >> the 9 smtp server seem to remain. Perhaps some MX record error from >> my side? I will debug this as good as I can the following days. Here >> is my obsd maillog: >>=20 >> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [= connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=3Dmail.chrisfroesch= l.de],0x0] >> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery= evpid=3D3fb35f960656e8e3 from=3D to=3D rcpt=3D<-> source=3D"-" relay=3D"test.chrisfroeschl.de" del= ay=3D13s result=3D"TempFail" stat=3D"Network error on destination MXs" >>=20 >> After cping my tcp587 to tcp25 I got (just to test if it only uses port 2= 5): >>=20 >> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery= evpid=3D03d30d409a5ab8fd from=3D to=3D rcpt=3D<-> source=3D"5.252.227.212" relay=3D"185.183.157.17= (test.chrisfroeschl.de)" delay=3D0s result=3D"PermFail" stat=3D"550 5.1.1 t= est.chrisfroeschl.de!chris ... user unknown" >>=20 >>> there is a deficiency in the fqa=E2=80=99s description of setting up smt= p and imap for remote users: >>>=20 >>> - client side use against a 9front server is not described at all. >>>=20 >>> - an =E2=80=9CInferno/POP secret=E2=80=9D is used as the password for bo= th smtp and >>> imap, which must be configured *in addition to* the user=E2=80=99s regul= ar >>> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 >>>=20 >>> i=E2=80=99ll address this. >>=20 >> I intend to send a FQA patch the coming days (as soon as everything >> works) with some minor stuff I found besides the things you mentioned. >> I can try to add a first draft regarding your points. Feel free to >> edit it afterwards however you like. >>=20 >> chris >>=20 >=20 >=20