From: william@thinktankworkspaces.com
To: 9front@9front.org
Subject: Re: [9front] Mail server setup
Date: Thu, 11 Aug 2022 23:23:56 -0700 [thread overview]
Message-ID: <CC3839A659DF3E4FC42982DDE1B4F571@thinktankworkspaces.com> (raw)
In-Reply-To: <8DEB305517C488050E24D02130B7354A@chrisfroeschl.de>
I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier
this year which was mostly messing around with dns.
http://thinktankworkspaces.com/plan9/email-upas
Just above troubleshooting section I have some DNS notes and some of my experience messing with spf
dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I
think you have most of this figured out.
Quoth chris@chrisfroeschl.de:
> Hello sl,
>
> > sorry i have not been able to devote more time to troubleshooting
> > this with you. (typing on a phone here.)
>
> thank you for your message! No pressure regarding your help in
> troubleshooting. It's not like I'm paying anyone here to help me.
>
> Most ml messages had the function to document my current state for
> myself anyway.
>
> > http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/
> > http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/
>
> Your links helped me very much. I always forget that you share almost
> all of your setup and didn't look into your /mail before.
> I got the e flag from your tcp587 script and changed the /mail/queue
> permissions like so:
>
> cpu% cat /bin/service/tcp587
> #!/bin/rc
> user=`{cat /dev/user}
> exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3
> cpu% ls -ld /mail/queue/
> d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue
>
> After applying these changes my /mail/queue was filled with a none
> directory and I am able to send mail.
>
> I would like to not dedicate a whole directory for services run by
> user upas for now. Just chmoding a directory seems to suffice for
> now.
>
> I got perhaps some more questions if you are already involved:
> (I will probably figure most of the stuff out myself (hopefully))
>
> 1.) Could you tell me why so many flags (and especially MANDATORY
> flags) seem to be hidden in the src? Is the e flag intended for
> production use? Otherwise a manpage update would help.
>
> 2.) What is your highscore at https://www.mail-tester.com ? Mine is
> 7/10. I know DKIM is no option (-1). But I receive at least -2 on
> SpamAssassin regarding:
>
> -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe
> -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org)
> https://pyzor.readthedocs.io/en/latest/
> Please test a real content, test Newsletters will always be flagged by Pyzor
> Adjust your message or request whitelisting (https://www.pyzor.org)
> 0.001 SPF_HELO_PASS SPF: HELO matches SPF record
> 0.001 SPF_PASS SPF: sender matches SPF record
> Great! Your SPF is valid
>
> 3.) I don't seem to be able to send mail to myself with this setup
> (worked before). My smtpd logs when I try that:
>
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box
> test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris
>
> 4.) Issues regarding receiving mails from my current mail server to
> the 9 smtp server seem to remain. Perhaps some MX record error from
> my side? I will debug this as good as I can the following days. Here
> is my obsd maillog:
>
> Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0]
> Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs"
>
> After cping my tcp587 to tcp25 I got (just to test if it only uses port 25):
>
> Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from=<chris@chrisfroeschl.de> to=<chris@test.chrisfroeschl.de> rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown"
>
> > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users:
> >
> > - client side use against a 9front server is not described at all.
> >
> > - an “Inferno/POP secret” is used as the password for both smtp and
> > imap, which must be configured *in addition to* the user’s regular
> > auth password. see: http://fqa.9front.org/fqa7.html#7.4.2
> >
> > i’ll address this.
>
> I intend to send a FQA patch the coming days (as soon as everything
> works) with some minor stuff I found besides the things you mentioned.
> I can try to add a first draft regarding your points. Feel free to
> edit it afterwards however you like.
>
> chris
>
next prev parent reply other threads:[~2022-08-12 6:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-06 13:17 chris
2022-08-06 19:46 ` william
2022-08-06 19:47 ` william
2022-08-08 10:26 ` chris
2022-08-09 8:21 ` william
2022-08-09 18:09 ` chris
2022-08-11 12:37 ` chris
2022-08-11 14:29 ` Stanley Lieber
2022-08-11 21:17 ` chris
2022-08-12 6:23 ` william [this message]
2022-08-12 13:47 ` Stanley Lieber
2022-08-12 6:33 ` sirjofri
2022-08-12 7:10 ` sirjofri
2022-08-12 15:27 ` chris
2022-08-12 18:49 ` sirjofri
2022-08-12 20:53 ` chris
2022-08-12 22:25 ` ori
2022-08-13 9:56 ` Steve Simon
2022-08-07 0:56 ` sl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CC3839A659DF3E4FC42982DDE1B4F571@thinktankworkspaces.com \
--to=william@thinktankworkspaces.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).