Greetings all, I recently started to setup my first 9front hosting system. At the moment I'm having great issues with preparing my mail setup (like I expected). My server is already up and running auth/cpu/fs server (185.183.157.17) which I can rcpu into without issues. I'm not yet able to change my DNS entries, and as a result of that bound to testing most of the features via IP. (If that turns out to be the issue perhaps, I will be glad to risk it. I think smtp won't be testable like that? Correct me if I'm wrong) I followed the mail server configuration and maintenance from the FQA ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) . IMAP should work soley work with a proper tcp993, tls cert and of course my user (chris) (having a proper Inferno/POP secret (?) and groups): cpu% ls -l /sys/lib/tls/ --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key cpu% ls -l /mail/box/ d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda cpu% cat /adm/users -1:adm:adm:glenda,chris 0:none:adm: 1:tor:tor: 2:glenda:glenda: 3:chris:chris: 10000:sys::glenda,chris 10001:map:map: 10002:doc:: 10003:upas:upas:glenda,chris 10004:font:: cpu% cat /bin/service/tcp993 #!/bin/rc exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \ -r `{cat $3/remote} /bin/upas/imap4d -v -p \ >>[2]/sys/log/imap4d cpu% My tcp993 differs a bit, because the FQA version seemed faulty. (imap4d in /bin/upas instead of /bin/ip and no second -r option, aswell as some additional debug flags. I will fix that in the FQA if it turns out to be wrong) My TLS key is of course already in factotum and appended to it on every boot in my cpurc like so: cat /sys/lib/tls/key >> /mnt/factotum/ctl Error response on client: ; upas/fs -f /imaps/185.183.157.17/chris !Adding key: proto=cram server=185.183.157.17 user=chris password: ! upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax ; I also tried connecting via thunderbird on a linux machine. But no success. Log output server (either client): cpu% cat /sys/log/imap4d chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello version: 0303 random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d sid: <0> [ ] ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ] compressors: <1> [ 00 ] extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ] chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello version: 0303 random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8 sid: <0> [ ] cipher: cca8 compressor: 00 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange curve: 001d dh_Ys: nil sigalg: 0401 dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ] dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ] chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished 708eba2ee0ab671051ab3a11 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished 0ad8ef477b13c840feb6a93b chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open cpu% I know that I could just 9fs my mail, but I would like to get IMAP working anyways. Feel free to ask if further information is required. chris
urgh. Mail is a struggle. I suspect one of the more experienced developers might have an answer. But to clarify
for everyone. The mail server works and you can get and receive mail on the server just fine.
Problem you are having is restricted to imap only and you wish to receive mail from a client like thunderbird
or another 9front using imap4d etc...
I get the feeling you have it correct but maybe the key is wrong?
I think you use auth/rsagen... to create the key. Then you run auth/rsa2x509 to sign it so what's in factotum
should be the key and it might look in /sys/lib/tls for the pem or cert? I Usually get this mixed up
I also had to throw my key in /cfg/$sysname and echo to factotum at boot. Yea maybe not the best security but
it works
mkdir /cfg/$sysname
touch /cfg/$sysname/cpustart
echo 'cat /sys/lib/tls/smtp/key >>/mnt/factotum/ctl' >>/cfg/$sysname/cpustart
Maybe its not the best way but my Macbook mail client for work can get mail, my ios phone can't because of a recent change and my self signed service is violates apple BS as a contractor.
my logs are usualy
fail or devtls expcted etc.
oh and chmod 400 for the key?
Quoth chris@chrisfroeschl.de:
> Greetings all,
>
> I recently started to setup my first 9front hosting system. At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
>
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
>
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
>
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
>
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
>
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda
> cpu% cat /adm/users
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
>
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
>
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
>
> Error response on client:
>
> ; upas/fs -f /imaps/185.183.157.17/chris
>
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
>
> I also tried connecting via thunderbird on a linux machine. But no
> success.
>
> Log output server (either client):
>
> cpu% cat /sys/log/imap4d
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> version: 0303
> random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> sid: <0> [ ]
> ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> compressors: <1> [ 00 ]
> extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> version: 0303
> random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> sid: <0> [ ]
> cipher: cca8
> compressor: 00
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> curve: 001d
> dh_Ys: nil
> sigalg: 0401
> dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open
>
> cpu%
>
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways. Feel free to ask if further information is required.
>
> chris
>
chmod 600 for the key sorry
Quoth chris@chrisfroeschl.de:
> Greetings all,
>
> I recently started to setup my first 9front hosting system. At the
> moment I'm having great issues with preparing my mail setup (like I
> expected).
>
> My server is already up and running auth/cpu/fs server
> (185.183.157.17) which I can rcpu into without issues.
>
> I'm not yet able to change my DNS entries, and as a result of that
> bound to testing most of the features via IP. (If that turns out to be
> the issue perhaps, I will be glad to risk it. I think smtp won't
> be testable like that? Correct me if I'm wrong)
>
> I followed the mail server configuration and maintenance from the FQA
> ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) .
>
> IMAP should work soley work with a proper tcp993, tls cert and of
> course my user (chris) (having a proper Inferno/POP secret (?) and
> groups):
>
> cpu% ls -l /sys/lib/tls/
> --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README
> d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed
> --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert
> --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key
> cpu% ls -l /mail/box/
> d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris
> d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda
> cpu% cat /adm/users
> -1:adm:adm:glenda,chris
> 0:none:adm:
> 1:tor:tor:
> 2:glenda:glenda:
> 3:chris:chris:
> 10000:sys::glenda,chris
> 10001:map:map:
> 10002:doc::
> 10003:upas:upas:glenda,chris
> 10004:font::
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
>
> My TLS key is of course already in factotum and appended to it on
> every boot in my cpurc like so:
>
> cat /sys/lib/tls/key >> /mnt/factotum/ctl
>
> Error response on client:
>
> ; upas/fs -f /imaps/185.183.157.17/chris
>
> !Adding key: proto=cram server=185.183.157.17 user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> ;
>
> I also tried connecting via thunderbird on a linux machine. But no
> success.
>
> Log output server (either client):
>
> cpu% cat /sys/log/imap4d
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello
> version: 0303
> random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d
> sid: <0> [ ]
> ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ]
> compressors: <1> [ 00 ]
> extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello
> version: 0303
> random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8
> sid: <0> [ ]
> cipher: cca8
> compressor: 00
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate
> <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange
> curve: 001d
> dh_Ys: nil
> sigalg: 0401
> dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ]
> dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange
> key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ]
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished
> 708eba2ee0ab671051ab3a11
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished
> 0ad8ef477b13c840feb6a93b
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished
>
> chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open
>
> cpu%
>
> I know that I could just 9fs my mail, but I would like to get IMAP
> working anyways. Feel free to ask if further information is required.
>
> chris
>
> cpu% cat /bin/service/tcp993
> #!/bin/rc
> exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \
> -r `{cat $3/remote} /bin/upas/imap4d -v -p \
> >>[2]/sys/log/imap4d
> cpu%
>
> My tcp993 differs a bit, because the FQA version seemed faulty.
> (imap4d in /bin/upas instead of /bin/ip and no second -r option,
> aswell as some additional debug flags. I will fix that in the
> FQA if it turns out to be wrong)
thanks, /bin/ip/upas was a mistake. i've updated the example to read:
#!/bin/rc
exec tlssrv -c/sys/lib/tls/cert -limap4d \
-r`{cat $3/remote} /bin/upas/imap4d -p \
-r`{cat $3/remote} >>[2]/sys/log/imap4d
# tlssrv and imap4d both have -r flags.
# to use with listen1, change $3 to $net.
the duplicate -r flag wasn't really a duplicate, it's just a valid
flag for both tlssrv and imap4d. maybe pointless overkill, but we
try to capture all the logging and error output we can.
sl
Got a subdomain for testing now, but the error remains:
; upas/fs -f /imaps/test.chrisfroeschl.de/chris
!Adding key: proto=cram server=test.chrisfroeschl.de user=chris
password:
!
upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
> chmod 600 for the key sorry
I created a new TLS cert several times to avoid an error there.
These were my last creation steps: (from the FQA)
; ramfs -p
; cd /tmp
; auth/rsagen -t 'service=tls role=client owner=*' >key
; chmod 600 key
; cp key /sys/lib/tls/key
; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert
Permission should suffice therefore.
I really can't see what I'm doing wrong by now. Perhaps some ndb
stuff that is required but not mentioned? Some special user settings?
etc.
Will investigate further while testing smtp as soon as I get the chance.
chris
yea I don't know. Here is my ndb
ipnet=thinktankworkspaces.com ip=45.79.94.0 ipmask=255.255.255.0
ipgw=45.79.94.1
dns=173.230.145.5
authdom=maat
auth=maat
dnsdom=think
cpu=maat
fs=maat
smtp=thinktankworkspaces.com
mail=thinktankworkspaces.com
#smtp=45.79.94.76
#mail=45.79.94.76
before I moved the domain I did everything with IP address. But relay issues DKIM issues popped up from
time to time. But final version is with fully qualified domain
I did do some other mangling but abandoned it because I'm letting gandi handle dns. Its just easier
but I had this earlier on before I commented it all out.
#dom=thinktankworkspaces.com
# ns=ns1.thinktankworkspaces.com
# ns=ns2.thinktankworkspaces.com
# mx=maat.thinktankworkspaces.com pref=1
# mail=maat.thinktankworkspaces.com
do you have a new line after the command exec tlssrv in /rc/bin/service/tcp993
Some of these scripts break because you must have a blank line at the very end. I forget the rules.
Quoth chris@chrisfroeschl.de:
> Got a subdomain for testing now, but the error remains:
>
> ; upas/fs -f /imaps/test.chrisfroeschl.de/chris
>
> !Adding key: proto=cram server=test.chrisfroeschl.de user=chris
> password:
> !
> upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax
>
> > chmod 600 for the key sorry
>
> I created a new TLS cert several times to avoid an error there.
>
> These were my last creation steps: (from the FQA)
>
> ; ramfs -p
> ; cd /tmp
> ; auth/rsagen -t 'service=tls role=client owner=*' >key
> ; chmod 600 key
> ; cp key /sys/lib/tls/key
> ; auth/rsa2x509 'C=DE CN=test.chrisfroeschl.de' /sys/lib/tls/key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert
>
> Permission should suffice therefore.
>
> I really can't see what I'm doing wrong by now. Perhaps some ndb
> stuff that is required but not mentioned? Some special user settings?
> etc.
>
> Will investigate further while testing smtp as soon as I get the chance.
>
> chris
>
Huh it just worked on a linux machine using my old s-nail configuration. The logs showed: chrisfroeschl Aug 9 18:02:53 initkeyseed: no keyseed: '/adm/keyseed' does not exist chrisfroeschl Aug 9 18:02:53 keyfs starting warnings: 62f2852d 62f12a7d chrisfroeschl Aug 9 18:02:53 cram-ok chris 185.183.157.17 chrisfroeschl Aug 9 18:02:53 tr-ok chris@chris(185.183.157.17) -> chris@chris After that I tried it again on 9front and it just worked... Feels like a first crack in had to be done through another client (?) Anyways happy that it works. Sadly this doesn't feel like something I could append to the FQA, since I still don't know what was going on. I would be happy to hear, if someone sees an explanation for the problem in this log. Fighting with smtp now... I always receive the claim to be a liar. (only in smtp ofc) I know that the error is coming from /sys/src/cmd/upas/smtp/smtpd.c:475 , but I'm not competent enough to see my real issue behind that logic. (at least for now) cpu% cat /sys/log/smtpd chrisfroeschl Aug 9 19:30:01 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box chrisfroeschl Aug 9 19:30:03 Hung up on XXX.XXX.XXX.XXX; claimed to be cirno.fritz.box And from my s-nail setup with according error for example: chris@test.chrisfroeschl.de requires a password: s-nail: SMTP server: 554 5.7.0 Liar! /home/pi/dead.letter 10/246 s-nail: ... message not sent or my 9front client system smtpd log: cirno Aug 9 19:29:34 delivery at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) hello failed: connection closed unexpectedly by remote system after sending like so: ; echo $upasname # Changed other configs according to FQA aswell chris@test.chrisfroeschl.de ; echo 9test1 | mail -s '9test1' chris@chrisfroeschl.de My client factotum is filled with the smtp password like mentioned in the FQA. Since I can send this email, my 9front client smtp configs are working aswell (adjusting to subdomain for testing ofc). I probably messed up some smtp config. Debugging at the moment. Here is my current server status if someone is interested and spots something: cpu% cat /mail/lib/smtpd.conf defaultdomain test.chrisfroeschl.de norelay on verifysenderdom off saveblockedmsg off ourdomains test.chrisfroeschl.de cpu% cat /mail/lib/rewrite # case conversion for postmaster pOsTmAsTeR alias postmaster # local mail \l!(.*) alias \1 test.chrisfroeschl.de!(.*) alias \1 # translate local aliases from /mail/lib/namefiles # \"(.+)\" translate "/bin/upas/aliasmail '\1'" [^!@]+ translate "/bin/upas/aliasmail '&'" local!(.*) >> /mail/box/\1/mbox # convert source domain address to a chain a@b@c@d... @([^@!,]*):([^!@]*)@([^!]*) alias \2@\3@\1 @([^@!]*),@([^!@,]*):([^!@]*)@([^!]*) alias @\1:\3@\4@\2 # convert a chain a@b@c@d... to ...d!c!b!a ([^@]+)@([^@]+)@(.+) alias \2!\1@\3 ([^@]+)@([^@]+) alias \2!\1 # queue all mail for delivery ([^!]*)!(.*) | "/mail/lib/qmail '\s' 'net!\1'" "'\2'" cpu% cat /mail/lib/names.local # alias file, listed in /mail/lib/namefiles postmaster chris cpu% cat /mail/lib/remotemail #!/bin/rc shift sender=$1 shift addr=$1 shift fd=`{/bin/upas/aliasmail -f $sender} switch($fd){ case *.* ; case * fd=test.chrisfroeschl.de } exec /bin/upas/smtp -d -h $fd $addr $sender $* cpu% cat /bin/service/tcp587 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3 cpu% Btw my /lib/ndb/local : (no smtp or mail whatsoever, doesn't seem to be required) sys=chrisfroeschl fs=chrisfroeschl auth=chrisfroeschl ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.253.0 ipgw=185.183.156.1 dns=185.183.156.1 auth=chrisfroeschl authdom=chrisfroeschl.de
I tried to adjust my tcp587 like so: cpu% cat /bin/service/tcp587 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3 using the hidden E flag which allows me to skip the liar part ( /sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of a hack away for debugging or intended for use. Either way not mentioned in the manpage, but used by sirjofri in his setup http://sirjofri.de/changeblog/1594881674/ , while getting me at least away from the liar errors. Running from my client (all other configs adjusted ofc): ; echo $upasname chris@test.chrisfroeschl.de ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de There doesn't seem to happen a 'real' authentication. The next server logs show the attempt to use the queue of 'none': cpu% tail /sys/log/auth chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17 cpu% tail /sys/log/mail chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022 error+ from 'test.chrisfroeschl.de!chris' error+ to 'chrisfroeschl.de!chris' error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied error+ '. error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71. error+ error+ cpu% tail /sys/log/smtpd chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris' Not sure why there doesn't seem to be a proper auth attempt (although CRAM-MD5) is mentioned. Do I have to prepare some /mail/queue structure for 'chris' btw? I didn't do that by hand on my client if I remember correctly. Here is my whole server /mail structure: cpu% walk -exp /mail/ a-rw-rw---- /mail/box/glenda/mbox/1659696218.00 ... d-rwxrwxrwx /mail/box/glenda/mbox d-rwxrwxr-x /mail/box/glenda a-rw-rw---- /mail/box/chris/mbox/1659696500.00 ... d-rwxrwxrwx /mail/box/chris/mbox -lrw------- /mail/box/chris/mbox.idx -lrw------- /mail/box/chris/L.mbox --rwxrwxrwx /mail/box/chris/mbox.imp a-rw-r----- /mail/box/chris/Sent/1660061970.00 ... d-rwxr-xr-x /mail/box/chris/Sent -lrw------- /mail/box/chris/Sent.idx --rw-r--r-- /mail/box/chris/Sent.imp d-rwxr-xr-x /mail/box/chris -lrw------- /mail/box/chris.idx d-rwxrwxr-x /mail/box d-rwxrwxr-x /mail/faxoutqueue d-rwxrwxr-x /mail/faxqueue d-r-xr-xr-x /mail/fs d-rwxrwxr-x /mail/grey --rw-rw-r-- /mail/lib/blocked --rw-rw-r-- /mail/lib/classify.re --rwxrwxr-x /mail/lib/gone.fishing --rwxrwxr-x /mail/lib/justqmail --rwxrwxr-x /mail/lib/kickqueue --rwxrwxr-x /mail/lib/lazyqmail --rw-rw-r-- /mail/lib/namefiles --rw-rw-r-- /mail/lib/names.local --rw-rw-r-- /mail/lib/pipeto.bayes --rw-rw-r-- /mail/lib/prof.mbox --rw-rw-r-- /mail/lib/prof.spam --rwxrwxr-x /mail/lib/remotemail --rw-rw-r-- /mail/lib/rewrite.direct --rw-rw-r-- /mail/lib/rewrite.gateway --rwxrwxr-x /mail/lib/setup.bayes --rw-rw-r-- /mail/lib/smtpd.conf --rwxrwxr-x /mail/lib/validateaddress --rwxrwxr-x /mail/lib/validateattachment --rw-rw-r-- /mail/lib/white.starter --rw-rw-r-- /mail/lib/gone.msg --rw-rw-r-- /mail/lib/ignore --rwxrwxr-x /mail/lib/isspam.rc --rwxrwxr-x /mail/lib/mailnews --rwxrwxr-x /mail/lib/msgcat.rc --rw-rw-r-- /mail/lib/patterns --rw-rw-r-- /mail/lib/pipeto.lib --rwxrwxr-x /mail/lib/qmail --rw-rw-r-- /mail/lib/rewrite --rwxrwxr-x /mail/lib/spam.rc --rwxrwxr-x /mail/lib/unspam.rc d-rwxrwxr-x /mail/lib d-rwxrwxr-x /mail/queue d-rwxrwxrwx /mail/tmp d-rwxrwxr-x /mail cpu% My client shows following log after sending the mail: ; tail /sys/log/smtp.fail cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris' ; tail /sys/log/smtp cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de ; tail /sys/log/mail cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220 Can't test the whole thing from my s-nail client because it demands a cert that is not self signed. I could probably configure it to ignore it somehow, but I'm not really interested in running s-nail anyway. Am I going to run into issues if I use a self signed cert in communication with other smtp daemons? I would really like to avoid signing certs to be honest. Anyway, I don't see how the FQA information alone could work. Is this indeed the current configuration of the (9front.org|cat-v.org|...) mail server? Any updates or insights would be very helpful. chris
[-- Attachment #1: Type: text/plain, Size: 7095 bytes --] sorry i have not been able to devote more time to troubleshooting this with you. (typing on a phone here.) i connect to my server using imap clients on android, ios, and upas/fs -f /imaps. these are the relevant files: in cpustart: cat /sys/lib/tls/acmed/stanleylieber.com.key >>/mnt/factotum/ctl auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/ http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ gaff; walk -d -e xUGp /mail/queue d-rwxrwxr-x upas upas /mail/queue/upas d-rwxrwxrwx none upas /mail/queue/none d-rwxrwxr-x sl upas /mail/queue/sl d-rwxrwxrwx sl upas /mail/queue all my upas server programs run as user upas, but notably upas is hardcoded internally to become user none for some functions (this has never satisfactorily been sorted out and amended so it can be easily bypassed; upas auditing is still a bit of a work in progress). the queue files will be created automatically when upas tries to send mail, but your main problem here seems to be permissions on /mail/queue preventing /mail/queue/none from being created. as you can see from my own file permissions above, i’m generally dissatisfied with the current arrangement of how queue permissions are handled. there is a deficiency in the fqa’s description of setting up smtp and imap for remote users: - client side use against a 9front server is not described at all. - an “Inferno/POP secret” is used as the password for both smtp and imap, which must be configured *in addition to* the user’s regular auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 i’ll address this. sl > On Aug 11, 2022, at 8:38 AM, chris@chrisfroeschl.de wrote: > > I tried to adjust my tcp587 like so: > > cpu% cat /bin/service/tcp587 > #!/bin/rc > user=`{cat /dev/user} > exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3 > > using the hidden E flag which allows me to skip the liar part ( > /sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of > a hack away for debugging or intended for use. Either way not > mentioned in the manpage, but used by sirjofri in his setup > http://sirjofri.de/changeblog/1594881674/ , while getting me at > least away from the liar errors. > > Running from my client (all other configs adjusted ofc): > > ; echo $upasname > chris@test.chrisfroeschl.de > ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de > > There doesn't seem to happen a 'real' authentication. The next server > logs show the attempt to use the queue of 'none': > > cpu% tail /sys/log/auth > chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17 > cpu% tail /sys/log/mail > chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022 > error+ from 'test.chrisfroeschl.de!chris' > error+ to 'chrisfroeschl.de!chris' > error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied > error+ '. > error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71. > error+ > error+ > cpu% tail /sys/log/smtpd > chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box > chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box > chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box > chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box > chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris' > > Not sure why there doesn't seem to be a proper auth attempt (although > CRAM-MD5) is mentioned. > > Do I have to prepare some /mail/queue structure for 'chris' btw? I > didn't do that by hand on my client if I remember correctly. Here is > my whole server /mail structure: > > cpu% walk -exp /mail/ > a-rw-rw---- /mail/box/glenda/mbox/1659696218.00 > ... > d-rwxrwxrwx /mail/box/glenda/mbox > d-rwxrwxr-x /mail/box/glenda > a-rw-rw---- /mail/box/chris/mbox/1659696500.00 > ... > d-rwxrwxrwx /mail/box/chris/mbox > -lrw------- /mail/box/chris/mbox.idx > -lrw------- /mail/box/chris/L.mbox > --rwxrwxrwx /mail/box/chris/mbox.imp > a-rw-r----- /mail/box/chris/Sent/1660061970.00 > ... > d-rwxr-xr-x /mail/box/chris/Sent > -lrw------- /mail/box/chris/Sent.idx > --rw-r--r-- /mail/box/chris/Sent.imp > d-rwxr-xr-x /mail/box/chris > -lrw------- /mail/box/chris.idx > d-rwxrwxr-x /mail/box > d-rwxrwxr-x /mail/faxoutqueue > d-rwxrwxr-x /mail/faxqueue > d-r-xr-xr-x /mail/fs > d-rwxrwxr-x /mail/grey > --rw-rw-r-- /mail/lib/blocked > --rw-rw-r-- /mail/lib/classify.re > --rwxrwxr-x /mail/lib/gone.fishing > --rwxrwxr-x /mail/lib/justqmail > --rwxrwxr-x /mail/lib/kickqueue > --rwxrwxr-x /mail/lib/lazyqmail > --rw-rw-r-- /mail/lib/namefiles > --rw-rw-r-- /mail/lib/names.local > --rw-rw-r-- /mail/lib/pipeto.bayes > --rw-rw-r-- /mail/lib/prof.mbox > --rw-rw-r-- /mail/lib/prof.spam > --rwxrwxr-x /mail/lib/remotemail > --rw-rw-r-- /mail/lib/rewrite.direct > --rw-rw-r-- /mail/lib/rewrite.gateway > --rwxrwxr-x /mail/lib/setup.bayes > --rw-rw-r-- /mail/lib/smtpd.conf > --rwxrwxr-x /mail/lib/validateaddress > --rwxrwxr-x /mail/lib/validateattachment > --rw-rw-r-- /mail/lib/white.starter > --rw-rw-r-- /mail/lib/gone.msg > --rw-rw-r-- /mail/lib/ignore > --rwxrwxr-x /mail/lib/isspam.rc > --rwxrwxr-x /mail/lib/mailnews > --rwxrwxr-x /mail/lib/msgcat.rc > --rw-rw-r-- /mail/lib/patterns > --rw-rw-r-- /mail/lib/pipeto.lib > --rwxrwxr-x /mail/lib/qmail > --rw-rw-r-- /mail/lib/rewrite > --rwxrwxr-x /mail/lib/spam.rc > --rwxrwxr-x /mail/lib/unspam.rc > d-rwxrwxr-x /mail/lib > d-rwxrwxr-x /mail/queue > d-rwxrwxrwx /mail/tmp > d-rwxrwxr-x /mail > cpu% > > My client shows following log after sending the mail: > > ; tail /sys/log/smtp.fail > cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris' > ; tail /sys/log/smtp > cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de > ; tail /sys/log/mail > cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220 > > Can't test the whole thing from my s-nail client because it demands a > cert that is not self signed. I could probably configure it to ignore > it somehow, but I'm not really interested in running s-nail anyway. > > Am I going to run into issues if I use a self signed cert in > communication with other smtp daemons? I would really like to avoid > signing certs to be honest. > > Anyway, I don't see how the FQA information alone could work. Is this > indeed the current configuration of the (9front.org|cat-v.org|...) > mail server? Any updates or insights would be very helpful. > > chris > [-- Attachment #2: Type: text/html, Size: 10208 bytes --]
Hello sl, > sorry i have not been able to devote more time to troubleshooting > this with you. (typing on a phone here.) thank you for your message! No pressure regarding your help in troubleshooting. It's not like I'm paying anyone here to help me. Most ml messages had the function to document my current state for myself anyway. > http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/ > http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ Your links helped me very much. I always forget that you share almost all of your setup and didn't look into your /mail before. I got the e flag from your tcp587 script and changed the /mail/queue permissions like so: cpu% cat /bin/service/tcp587 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3 cpu% ls -ld /mail/queue/ d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue After applying these changes my /mail/queue was filled with a none directory and I am able to send mail. I would like to not dedicate a whole directory for services run by user upas for now. Just chmoding a directory seems to suffice for now. I got perhaps some more questions if you are already involved: (I will probably figure most of the stuff out myself (hopefully)) 1.) Could you tell me why so many flags (and especially MANDATORY flags) seem to be hidden in the src? Is the e flag intended for production use? Otherwise a manpage update would help. 2.) What is your highscore at https://www.mail-tester.com ? Mine is 7/10. I know DKIM is no option (-1). But I receive at least -2 on SpamAssassin regarding: -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org) https://pyzor.readthedocs.io/en/latest/ Please test a real content, test Newsletters will always be flagged by Pyzor Adjust your message or request whitelisting (https://www.pyzor.org) 0.001 SPF_HELO_PASS SPF: HELO matches SPF record 0.001 SPF_PASS SPF: sender matches SPF record Great! Your SPF is valid 3.) I don't seem to be able to send mail to myself with this setup (worked before). My smtpd logs when I try that: test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris 4.) Issues regarding receiving mails from my current mail server to the 9 smtp server seem to remain. Perhaps some MX record error from my side? I will debug this as good as I can the following days. Here is my obsd maillog: Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0] Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs" After cping my tcp587 to tcp25 I got (just to test if it only uses port 25): Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown" > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users: > > - client side use against a 9front server is not described at all. > > - an “Inferno/POP secret” is used as the password for both smtp and > imap, which must be configured *in addition to* the user’s regular > auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 > > i’ll address this. I intend to send a FQA patch the coming days (as soon as everything works) with some minor stuff I found besides the things you mentioned. I can try to add a first draft regarding your points. Feel free to edit it afterwards however you like. chris
I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier this year which was mostly messing around with dns. http://thinktankworkspaces.com/plan9/email-upas Just above troubleshooting section I have some DNS notes and some of my experience messing with spf dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I think you have most of this figured out. Quoth chris@chrisfroeschl.de: > Hello sl, > > > sorry i have not been able to devote more time to troubleshooting > > this with you. (typing on a phone here.) > > thank you for your message! No pressure regarding your help in > troubleshooting. It's not like I'm paying anyone here to help me. > > Most ml messages had the function to document my current state for > myself anyway. > > > http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/ > > http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ > > Your links helped me very much. I always forget that you share almost > all of your setup and didn't look into your /mail before. > I got the e flag from your tcp587 script and changed the /mail/queue > permissions like so: > > cpu% cat /bin/service/tcp587 > #!/bin/rc > user=`{cat /dev/user} > exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3 > cpu% ls -ld /mail/queue/ > d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue > > After applying these changes my /mail/queue was filled with a none > directory and I am able to send mail. > > I would like to not dedicate a whole directory for services run by > user upas for now. Just chmoding a directory seems to suffice for > now. > > I got perhaps some more questions if you are already involved: > (I will probably figure most of the stuff out myself (hopefully)) > > 1.) Could you tell me why so many flags (and especially MANDATORY > flags) seem to be hidden in the src? Is the e flag intended for > production use? Otherwise a manpage update would help. > > 2.) What is your highscore at https://www.mail-tester.com ? Mine is > 7/10. I know DKIM is no option (-1). But I receive at least -2 on > SpamAssassin regarding: > > -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe > -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org) > https://pyzor.readthedocs.io/en/latest/ > Please test a real content, test Newsletters will always be flagged by Pyzor > Adjust your message or request whitelisting (https://www.pyzor.org) > 0.001 SPF_HELO_PASS SPF: HELO matches SPF record > 0.001 SPF_PASS SPF: sender matches SPF record > Great! Your SPF is valid > > 3.) I don't seem to be able to send mail to myself with this setup > (worked before). My smtpd logs when I try that: > > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris > > 4.) Issues regarding receiving mails from my current mail server to > the 9 smtp server seem to remain. Perhaps some MX record error from > my side? I will debug this as good as I can the following days. Here > is my obsd maillog: > > Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0] > Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs" > > After cping my tcp587 to tcp25 I got (just to test if it only uses port 25): > > Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown" > > > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users: > > > > - client side use against a 9front server is not described at all. > > > > - an “Inferno/POP secret” is used as the password for both smtp and > > imap, which must be configured *in addition to* the user’s regular > > auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 > > > > i’ll address this. > > I intend to send a FQA patch the coming days (as soon as everything > works) with some minor stuff I found besides the things you mentioned. > I can try to add a first draft regarding your points. Feel free to > edit it afterwards however you like. > > chris >
11.08.2022 23:17:30 chris@chrisfroeschl.de: > 1.) Could you tell me why so many flags (and especially MANDATORY > flags) seem to be hidden in the src? Is the e flag intended for > production use? Otherwise a manpage update would help. Simple answer: because the man page sucks and modern mail sucks. Feel free to send patches for the man pages, people will like it. Also read the man pages carefully, the arguments are not as listed as in most linux man pages. > 2.) What is your highscore at https://www.mail-tester.com ? Mine is > 7/10. I know DKIM is no option (-1). But I receive at least -2 on > SpamAssassin regarding: > > -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe > -1.985 PYZOR_CHECK Similar message reported on Pyzor > (https://www.pyzor.org) > https://pyzor.readthedocs.io/en/latest/ > Please test a real content, test Newsletters will always be flagged by > Pyzor > Adjust your message or request whitelisting (https://www.pyzor.org) > 0.001 SPF_HELO_PASS SPF: HELO matches SPF record > 0.001 SPF_PASS SPF: sender matches SPF record > Great! Your SPF is valid The -2 by pyzor check tells everything. I guess you sent some kinda test mail with some test content? Try sending some real fake text, for example one of the short stories I wrote or whatever. > 3.) I don't seem to be able to send mail to myself with this setup > (worked before). My smtpd logs when I try that: > > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as > cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as > cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from > cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 Disallowed > test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked > name test.chrisfroeschl.de!chris That sounds like an error in /mail/lib files. See the rewrite file there and also the smtpd.conf file, I guess. I don't know the exact details, so have fun. > 4.) Issues regarding receiving mails from my current mail server to > the 9 smtp server seem to remain. Perhaps some MX record error from > my side? I will debug this as good as I can the following days. Here > is my obsd maillog: > > Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route > for > [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0] > Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta > delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> > to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" > relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network > error on destination MXs" > > After cping my tcp587 to tcp25 I got (just to test if it only uses port > 25): > > Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta > delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> > to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" > relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s > result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user > unknown" In my setup I have both tcp25 and tcp587. Tcp587 uses -a fpr authentication (use that for sending mail) while tcp25 is the incoming port without -a. In smtpd.conf there should be defaultdomain and ourdomains both be set to your domain. Iirc it didn't work properly if I only specified defaultdomain. >> there is a deficiency in the fqa’s description of setting up smtp and >> imap for remote users: >> >> - client side use against a 9front server is not described at all. >> >> - an “Inferno/POP secret” is used as the password for both smtp and >> imap, which must be configured *in addition to* the user’s regular >> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 >> >> i’ll address this. > > I intend to send a FQA patch the coming days (as soon as everything > works) with some minor stuff I found besides the things you mentioned. > I can try to add a first draft regarding your points. Feel free to > edit it afterwards however you like. Regarding patches, I don't remember if my smtp patch is already applied to front. It adds a new flag to smtp to skil the certificate check completely. Here it is if you're interested: http://sirjofri.de/oat/patches/smtp.patch Also, send patches. sirjofri
I also did a mail-tester test, but from my phone mail client using my server, so I don't know what headers are added. Results are 9/10, and the missing points are: No DKIM, no unsubscribe-header. sirjofri
that was ori. i’ve never messed with dkim or dmarc at all.
sl
> On Aug 12, 2022, at 2:24 AM, william@thinktankworkspaces.com wrote:
>
> I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
> this year which was mostly messing around with dns.
>
> http://thinktankworkspaces.com/plan9/email-upas
>
> Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
> dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
> think you have most of this figured out.
>
>
> Quoth chris@chrisfroeschl.de:
>> Hello sl,
>>
>>> sorry i have not been able to devote more time to troubleshooting
>>> this with you. (typing on a phone here.)
>>
>> thank you for your message! No pressure regarding your help in
>> troubleshooting. It's not like I'm paying anyone here to help me.
>>
>> Most ml messages had the function to document my current state for
>> myself anyway.
>>
>>> http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
>>> http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
>>
>> Your links helped me very much. I always forget that you share almost
>> all of your setup and didn't look into your /mail before.
>> I got the e flag from your tcp587 script and changed the /mail/queue
>> permissions like so:
>>
>> cpu% cat /bin/service/tcp587
>> #!/bin/rc
>> user=`{cat /dev/user}
>> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
>> cpu% ls -ld /mail/queue/
>> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>>
>> After applying these changes my /mail/queue was filled with a none
>> directory and I am able to send mail.
>>
>> I would like to not dedicate a whole directory for services run by
>> user upas for now. Just chmoding a directory seems to suffice for
>> now.
>>
>> I got perhaps some more questions if you are already involved:
>> (I will probably figure most of the stuff out myself (hopefully))
>>
>> 1.) Could you tell me why so many flags (and especially MANDATORY
>> flags) seem to be hidden in the src? Is the e flag intended for
>> production use? Otherwise a manpage update would help.
>>
>> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
>> 7/10. I know DKIM is no option (-1). But I receive at least -2 on
>> SpamAssassin regarding:
>>
>> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
>> -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org)
>> https://pyzor.readthedocs.io/en/latest/
>> Please test a real content, test Newsletters will always be flagged by Pyzor
>> Adjust your message or request whitelisting (https://www.pyzor.org)
>> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record
>> 0.001 SPF_PASS SPF: sender matches SPF record
>> Great! Your SPF is valid
>>
>> 3.) I don't seem to be able to send mail to myself with this setup
>> (worked before). My smtpd logs when I try that:
>>
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
>> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>>
>> 4.) Issues regarding receiving mails from my current mail server to
>> the 9 smtp server seem to remain. Perhaps some MX record error from
>> my side? I will debug this as good as I can the following days. Here
>> is my obsd maillog:
>>
>> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
>> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>>
>> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>>
>> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>>
>>> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
>>>
>>> - client side use against a 9front server is not described at all.
>>>
>>> - an “Inferno/POP secret” is used as the password for both smtp and
>>> imap, which must be configured *in addition to* the user’s regular
>>> auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
>>>
>>> i’ll address this.
>>
>> I intend to send a FQA patch the coming days (as soon as everything
>> works) with some minor stuff I found besides the things you mentioned.
>> I can try to add a first draft regarding your points. Feel free to
>> edit it afterwards however you like.
>>
>> chris
>>
>
>
> Results are 9/10, and the missing points are: No DKIM, no > unsubscribe-header. Indeed I got the same after sending a 'real' message. Nice! > That sounds like an error in /mail/lib files. See the rewrite file there > and also the smtpd.conf file, I guess. I don't know the exact details, so > have fun. Still struggeling with 3.) and 4.) . I'm certain they are the same problem. My server always responds to the client (9 client aswell as a linux client) after trying to send to chris@test.chrisfroeschl.de : cirno Aug 12 16:37:40 delivery chris@test.chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 550 5.1.1 test.chrisfroeschl.de!chris ... user unknown While logging on the server: test.chrisfroeschl.de Aug 12 16:38:13 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.20) to blocked name test.chrisfroeschl.de!chris This feels like a /mail/lib/rewrite issue. Resulting from a faulty upas/aliasmail or unmatched alias. From my understanding test.chrisfroeschl.de!chris should be resolved by \l!(.*) alias \1 to 'chris', followed by [^!@]+ translate "/bin/upas/aliasmail '&'" resulting in 'local!chris', and finally followed by local!(.*) >> /mail/box/\1/mbox appending the mail to /mail/box/chris/mbox . Or isn't the real rewrite input 'test.chrisfroeschl.de!chris'? I feel like I read every resource on those /mail/lib files a thousand times, but I'm not able to see anything by now. I tried plenty of stuff, but I will share (hopefully for the last time) my current updated configs in case someone can see a mistake: cpu% cat /mail/lib/rewrite # case conversion for postmaster pOsTmAsTeR alias postmaster \l!(.*) alias \1 \l\.test.chrisfroeschl.de!(.*) alias \1 (test.chrisfroeschl.de)!(.*) alias \2 # translate local aliases from /mail/lib/namefiles \"(.+)\" translate "/bin/upas/aliasmail '\1'" [^!@]+ translate "/bin/upas/aliasmail '&'" local!"(.+)" >> /mail/box/\1/mbox local!(.*) >> /mail/box/\1/mbox # convert source domain address to a chain a@b@c@d... @([^@!,]*):([^!@]*)@([^!]*) alias \2@\3@\1 @([^@!]*),@([^!@,]*):([^!@]*)@([^!]*) alias @\1:\3@\4@\2 # convert a chain a@b@c@d... to ...d!c!b!a ([^@]+)@([^@]+)@(.+) alias \2!\1@\3 ([^@]+)@([^@]+) alias \2!\1 # queue all mail for delivery ([^!]*)!(.*) | "/mail/lib/qmail '\s' 'net!\1'" "'\2'" cpu% cat /mail/lib/smtpd.conf defaultdomain test.chrisfroeschl.de norelay on verifysenderdom off saveblockedmsg off ournets 185.183.157.17/22 ourdomains test.chrisfroeschl.de cpu% walk -exp /mail/ a-rw-rw---- /mail/box/glenda/mbox/1659696218.00 a-rw-rw---- /mail/box/glenda/mbox/1659696248.00 a-rw-rw---- /mail/box/glenda/mbox/1659696323.00 d-rwxrwxrwx /mail/box/glenda/mbox d-rwxrwxr-x /mail/box/glenda a-rw-r----- /mail/box/chris/mbox/1660242093.00 a-rw-r----- /mail/box/chris/mbox/1660299006.00 d-rwxr-xr-x /mail/box/chris/mbox -lrw------- /mail/box/chris/mbox.idx -lrw------- /mail/box/chris/L.mbox --rwxr-xr-x /mail/box/chris/mbox.imp a-rw-r----- /mail/box/chris/Sent/1660226710.00 a-rw-r----- /mail/box/chris/Sent/1660309584.00 d-rwxr-xr-x /mail/box/chris/Sent -lrw------- /mail/box/chris/Sent.idx --rwxr-xr-x /mail/box/chris/Sent.imp --rw-r--r-- /mail/box/chris/imap.subscribed d-rwxr-xr-x /mail/box/chris/Trash -lrw------- /mail/box/chris/Trash.idx --rwxr-xr-x /mail/box/chris/Trash.imp a-rw-r----- /mail/box/chris/Drafts/1660309938.00 d-rwxr-xr-x /mail/box/chris/Drafts -lrw------- /mail/box/chris/Drafts.idx --rwxr-xr-x /mail/box/chris/Drafts.imp d-rwxr-xr-x /mail/box/chris d-rwxrwxr-x /mail/box d-rwxrwxr-x /mail/faxoutqueue d-rwxrwxr-x /mail/faxqueue d-r-xr-xr-x /mail/fs d-rwxrwxr-x /mail/grey --rw-rw-r-- /mail/lib/blocked --rw-rw-r-- /mail/lib/classify.re --rwxrwxr-x /mail/lib/gone.fishing --rwxrwxr-x /mail/lib/justqmail --rwxrwxr-x /mail/lib/kickqueue --rwxrwxr-x /mail/lib/lazyqmail --rw-rw-r-- /mail/lib/namefiles --rw-rw-r-- /mail/lib/names.local --rw-rw-r-- /mail/lib/pipeto.bayes --rw-rw-r-- /mail/lib/prof.mbox --rw-rw-r-- /mail/lib/prof.spam --rwxrwxr-x /mail/lib/remotemail --rw-rw-r-- /mail/lib/rewrite.direct --rw-rw-r-- /mail/lib/rewrite.gateway --rwxrwxr-x /mail/lib/setup.bayes --rw-rw-r-- /mail/lib/smtpd.conf --rwxrwxr-x /mail/lib/validateaddress --rwxrwxr-x /mail/lib/validateattachment --rw-rw-r-- /mail/lib/white.starter --rw-rw-r-- /mail/lib/gone.msg --rw-rw-r-- /mail/lib/ignore --rwxrwxr-x /mail/lib/isspam.rc --rwxrwxr-x /mail/lib/mailnews --rwxrwxr-x /mail/lib/msgcat.rc --rw-rw-r-- /mail/lib/patterns --rw-rw-r-- /mail/lib/pipeto.lib --rwxrwxr-x /mail/lib/qmail --rw-rw-r-- /mail/lib/rewrite --rwxrwxr-x /mail/lib/spam.rc --rwxrwxr-x /mail/lib/unspam.rc d-rwxrwxr-x /mail/lib -lrw-rw-rw- /mail/queue/none/L.mbox d-rwxrwxrwx /mail/queue/none d-rwxrwxrwx /mail/queue/none d-rwxrwxrwx /mail/queue d-rwxrwxrwx /mail/tmp d-rwxrwxr-x /mail cpu% cat /bin/service/tcp25 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -c /sys/lib/tls/cert -n $3 cpu% cat /bin/service/tcp587 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -a -d -e -c /sys/lib/tls/cert -n $3 cpu% cat /lib/ndb/local sys=test.chrisfroeschl.de fs=test.chrisfroeschl.de auth=test.chrisfroeschl.de smtp=test.chrisfroeschl.de mail=test.chrisfroeschl.de authdom=chrisfroeschl.de ether=76c4f3d364a1 ip=185.183.157.17 ipmask=255.255.252.0 ipgw=185.183.156.1 dns=185.183.156.1 cpu% I don't seem to get to remotemail or qmail (like expected because it should be a local mbox append inside rewrite, right?). That's why I don't mind them for now. I changed my sysname to the actual domain aswell as most other entries associated with it after having mail score issues with my previous one (chrisfroeschl). I hope that's not an issue. PS: Thanks william@thinktankworkspaces.com for the link. Got some more insights, but nothing final for now from it. chris
My advise is to also follow the functionality: For example, you get debug output/log messages. You can try finding the messages in the source and see what's happening there. This way you can figure out what's needed and understand why it happens. Also, have a look in the scripts. Iirc there's some program that essentially uses some input and the rewrite rules to figure out the real address. Use the same program (I don't remember the name) to see what's returned, and that can be totally wrong -> then your rewrite rules are wrong. Good luck sirjofri
Solved it. In the end it was all about permission problems. /mail/box/chris/... seems to be used as 'none' again. Requires read and write permissions for other. I will probably play a bit with auth/box and 'auth/as upas' to get sane permissions configuration. Thanks to all folks helping here. You did a great service to a desperate mail server pleb. chris
Quoth chris@chrisfroeschl.de:
> > Results are 9/10, and the missing points are: No DKIM, no
> > unsubscribe-header.
>
> Indeed I got the same after sending a 'real' message. Nice!
dkim is in an uncommitted patch; it works for outgoing
mail, but I'm not quite ready to commit; there are some
questions on how the keys get managed for senders.
create your mailbox with mail -c,
and your crontab using cron -c.
these tools ensure the created file has the correct ownership and permissions for the appropriate tool.
normally these are created by /sys/lib/newuser
plan9, don't ya just love it?
-Steve
> On 13 Aug 2022, at 12:28 am, ori@eigenstate.org wrote:
>
> Quoth chris@chrisfroeschl.de:
>>> Results are 9/10, and the missing points are: No DKIM, no
>>> unsubscribe-header.
>>
>> Indeed I got the same after sending a 'real' message. Nice!
>
> dkim is in an uncommitted patch; it works for outgoing
> mail, but I'm not quite ready to commit; there are some
> questions on how the keys get managed for senders.
>