Re: [9front] Mail server setup

[william@thinktankworkspaces.com]

urgh. Mail is a struggle. I suspect one of the more experienced developers might have an answer. But to clarify
for everyone. The mail server works and you can get and receive mail on the server just fine. 

Problem you are having is restricted to imap only and you wish to receive mail from a client like thunderbird
or another 9front using imap4d etc...

I get the feeling you have it correct but maybe the key is wrong?

I think you use auth/rsagen... to create the key. Then you run auth/rsa2x509 to sign it so what's in factotum
should be the key and it might look in /sys/lib/tls for the pem or cert? I Usually get this mixed up

I also had to throw my key in /cfg/$sysname and echo to factotum at boot. Yea maybe not the best security but 
it works

 mkdir /cfg/$sysname
 touch /cfg/$sysname/cpustart
 echo 'cat /sys/lib/tls/smtp/key >>/mnt/factotum/ctl' >>/cfg/$sysname/cpustart

Maybe its not the best way but my Macbook mail client for work can get mail, my ios phone can't because of a recent change and my self signed service is violates apple BS as a contractor.

my logs are usualy 
fail or devtls expcted etc. 

oh and chmod 400 for the key?



Quoth chris@chrisfroeschl.de:
> Greetings all,
> 
> I recently started to setup my first 9front hosting system.  At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
> 
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
> 
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
> 
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
> 
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
> 
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys   sys  412 Oct  5  2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys   sys    0 Apr  3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug  6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug  5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris  chris  0 Aug  5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug  3 15:29 /mail/box/glenda
> cpu% cat /adm/users 
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993 
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu% 
> 
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
> 
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
> 
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
> 
> Error response on client:
> 
> ; upas/fs -f /imaps/185.183.157.17/chris 
> 
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password: 
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
> 
> I also tried connecting via thunderbird on a linux machine.  But no
> success.
> 
> Log output server (either client):
> 
> cpu% cat /sys/log/imap4d
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> 	version: 0303
> 	random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> 	sid: <0> [ ]
> 	ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> 	compressors: <1> [ 00 ]
> 	extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports   cipher cca8, compressor 0
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> 	version: 0303
> 	random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> 	sid: <0> [ ]
> 	cipher: cca8
> 	compressor: 00
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> 	<717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> 	curve: 001d
> 	dh_Ys: nil
> 	sigalg: 0401
> 	dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> 	dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> 	key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls secrets
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports tls finished
> 
> chrisfroeschl Aug  6 13:10:28 82.207.245.22!17211 tls reports open
> 
> cpu%
> 
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways.  Feel free to ask if further information is required.
> 
> chris
>