From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 1498 invoked from network); 6 Aug 2022 19:50:17 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 6 Aug 2022 19:50:17 -0000 Received: from maat.thinktankworkspaces.com ([45.79.94.76]) by 9front; Sat Aug 6 15:47:34 -0400 2022 Message-ID: <5DB133F4076ADA8FFA563E41DA7707C1@thinktankworkspaces.com> To: 9front@9front.org Date: Sat, 06 Aug 2022 12:47:33 -0700 From: william@thinktankworkspaces.com In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: core-based component HTML over SVG strategy hardware Subject: Re: [9front] Mail server setup Reply-To: 9front@9front.org Precedence: bulk chmod 600 for the key sorry Quoth chris@chrisfroeschl.de: > Greetings all, > > I recently started to setup my first 9front hosting system. At the > moment I'm having great issues with preparing my mail setup (like I > expected). > > My server is already up and running auth/cpu/fs server > (185.183.157.17) which I can rcpu into without issues. > > I'm not yet able to change my DNS entries, and as a result of that > bound to testing most of the features via IP. (If that turns out to be > the issue perhaps, I will be glad to risk it. I think smtp won't > be testable like that? Correct me if I'm wrong) > > I followed the mail server configuration and maintenance from the FQA > ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) . > > IMAP should work soley work with a proper tcp993, tls cert and of > course my user (chris) (having a proper Inferno/POP secret (?) and > groups): > > cpu% ls -l /sys/lib/tls/ > --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README > d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed > --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert > --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key > cpu% ls -l /mail/box/ > d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris > d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda > cpu% cat /adm/users > -1:adm:adm:glenda,chris > 0:none:adm: > 1:tor:tor: > 2:glenda:glenda: > 3:chris:chris: > 10000:sys::glenda,chris > 10001:map:map: > 10002:doc:: > 10003:upas:upas:glenda,chris > 10004:font:: > cpu% cat /bin/service/tcp993 > #!/bin/rc > exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \ > -r `{cat $3/remote} /bin/upas/imap4d -v -p \ > >>[2]/sys/log/imap4d > cpu% > > My tcp993 differs a bit, because the FQA version seemed faulty. > (imap4d in /bin/upas instead of /bin/ip and no second -r option, > aswell as some additional debug flags. I will fix that in the > FQA if it turns out to be wrong) > > My TLS key is of course already in factotum and appended to it on > every boot in my cpurc like so: > > cat /sys/lib/tls/key >> /mnt/factotum/ctl > > Error response on client: > > ; upas/fs -f /imaps/185.183.157.17/chris > > !Adding key: proto=cram server=185.183.157.17 user=chris > password: > ! > upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax > ; > > I also tried connecting via thunderbird on a linux machine. But no > success. > > Log output server (either client): > > cpu% cat /sys/log/imap4d > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2 > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello > version: 0303 > random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d > sid: <0> [ ] > ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ] > compressors: <1> [ 00 ] > extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ] > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303 > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0 > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello > version: 0303 > random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8 > sid: <0> [ ] > cipher: cca8 > compressor: 00 > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate > <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9 > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange > curve: 001d > dh_Ys: nil > sigalg: 0401 > dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ] > dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange > key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ] > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished > 708eba2ee0ab671051ab3a11 > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished > 0ad8ef477b13c840feb6a93b > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished > > chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open > > cpu% > > I know that I could just 9fs my mail, but I would like to get IMAP > working anyways. Feel free to ask if further information is required. > > chris >