Re: [9front] Mail server setup

[chris@chrisfroeschl.de]

Hello sl,

> sorry i have not been able to devote more time to troubleshooting
> this with you.  (typing on a phone here.)

thank you for your message!  No pressure regarding your help in
troubleshooting.  It's not like I'm paying anyone here to help me.

Most ml messages had the function to document my current state for
myself anyway.

> http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
> http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/

Your links helped me very much.  I always forget that you share almost
all of your setup and didn't look into your /mail before.
I got the e flag from your tcp587 script and changed the /mail/queue
permissions like so:

cpu% cat /bin/service/tcp587 
#!/bin/rc
user=`{cat /dev/user}
exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
cpu% ls -ld /mail/queue/
d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue

After applying these changes my /mail/queue was filled with a none
directory and I am able to send mail.

I would like to not dedicate a whole directory for services run by
user upas for now.  Just chmoding a directory seems to suffice for
now.

I got perhaps some more questions if you are already involved:
(I will probably figure most of the stuff out myself (hopefully))

1.) Could you tell me why so many flags (and especially MANDATORY
flags) seem to be hidden in the src?  Is the e flag intended for
production use? Otherwise a manpage update would help.

2.) What is your highscore at https://www.mail-tester.com ? Mine is
7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
SpamAssassin regarding:

-0.001	FSL_BULK_SIG	Bulk signature with no Unsubscribe
-1.985	PYZOR_CHECK	Similar message reported on Pyzor (https://www.pyzor.org)
https://pyzor.readthedocs.io/en/latest/
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (https://www.pyzor.org)
0.001	SPF_HELO_PASS	SPF: HELO matches SPF record
0.001	SPF_PASS	SPF: sender matches SPF record
Great! Your SPF is valid

3.) I don't seem to be able to send mail to myself with this setup
(worked before).  My smtpd logs when I try that:

test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris

4.) Issues regarding receiving mails from my current mail server to
the 9 smtp server seem to remain.  Perhaps some MX record error from
my side?  I will debug this as good as I can the following days.  Here
is my obsd maillog:

Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"

After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):

Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"

> there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> 
> - client side use against a 9front server is not described at all.
> 
> - an “Inferno/POP secret” is used as the password for both smtp and
> imap, which must be configured *in addition to* the user’s regular
> auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
> 
> i’ll address this.

I intend to send a FQA patch the coming days (as soon as everything
works) with some minor stuff I found besides the things you mentioned.
I can try to add a first draft regarding your points.  Feel free to
edit it afterwards however you like.

chris