Re: [9front] Mail server setup

[william@thinktankworkspaces.com]

I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
this year which was mostly messing around with dns.

http://thinktankworkspaces.com/plan9/email-upas

Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
think you have most of this figured out. 


Quoth chris@chrisfroeschl.de:
> Hello sl,
> 
> > sorry i have not been able to devote more time to troubleshooting
> > this with you.  (typing on a phone here.)
> 
> thank you for your message!  No pressure regarding your help in
> troubleshooting.  It's not like I'm paying anyone here to help me.
> 
> Most ml messages had the function to document my current state for
> myself anyway.
> 
> > http://plan9.stanleylieber.com/mail/service/        # /cfg/gaff/service.upas/
> > http://plan9.stanleylieber.com/mail/lib/        # /mail/lib/
> 
> Your links helped me very much.  I always forget that you share almost
> all of your setup and didn't look into your /mail before.
> I got the e flag from your tcp587 script and changed the /mail/queue
> permissions like so:
> 
> cpu% cat /bin/service/tcp587 
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
> cpu% ls -ld /mail/queue/
> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
> 
> After applying these changes my /mail/queue was filled with a none
> directory and I am able to send mail.
> 
> I would like to not dedicate a whole directory for services run by
> user upas for now.  Just chmoding a directory seems to suffice for
> now.
> 
> I got perhaps some more questions if you are already involved:
> (I will probably figure most of the stuff out myself (hopefully))
> 
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src?  Is the e flag intended for
> production use? Otherwise a manpage update would help.
> 
> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10.  I know DKIM is no option (-1).  But I receive at least -2 on
> SpamAssassin regarding:
> 
> -0.001	FSL_BULK_SIG	Bulk signature with no Unsubscribe
> -1.985	PYZOR_CHECK	Similar message reported on Pyzor (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001	SPF_HELO_PASS	SPF: HELO matches SPF record
> 0.001	SPF_PASS	SPF: sender matches SPF record
> Great! Your SPF is valid
> 
> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before).  My smtpd logs when I try that:
> 
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
> 
> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain.  Perhaps some MX record error from
> my side?  I will debug this as good as I can the following days.  Here
> is my obsd maillog:
> 
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
> 
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
> 
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
> 
> > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> > 
> > - client side use against a 9front server is not described at all.
> > 
> > - an “Inferno/POP secret” is used as the password for both smtp and
> > imap, which must be configured *in addition to* the user’s regular
> > auth password.  see: http://fqa.9front.org/fqa7.html#7.4.2
> > 
> > i’ll address this.
> 
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points.  Feel free to
> edit it afterwards however you like.
> 
> chris
>