From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 25643 invoked from network); 12 Aug 2022 06:25:20 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 12 Aug 2022 06:25:20 -0000 Received: from maat.thinktankworkspaces.com ([45.79.94.76]) by 9front; Fri Aug 12 02:23:58 -0400 2022 Message-ID: To: 9front@9front.org Date: Thu, 11 Aug 2022 23:23:56 -0700 From: william@thinktankworkspaces.com In-Reply-To: <8DEB305517C488050E24D02130B7354A@chrisfroeschl.de> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: proven agile app scripting high-performance backend Subject: Re: [9front] Mail server setup Reply-To: 9front@9front.org Precedence: bulk I know 'sl' added more dkim features into 9front but i'm still using what I implemented earlier this year which was mostly messing around with dns. http://thinktankworkspaces.com/plan9/email-upas Just above troubleshooting section I have some DNS notes and some of my experience messing with spf dmarc and I managed to get 9/10 score. I don't know maybe some of it might be helpful but I think you have most of this figured out. Quoth chris@chrisfroeschl.de: > Hello sl, > > > sorry i have not been able to devote more time to troubleshooting > > this with you. (typing on a phone here.) > > thank you for your message! No pressure regarding your help in > troubleshooting. It's not like I'm paying anyone here to help me. > > Most ml messages had the function to document my current state for > myself anyway. > > > http://plan9.stanleylieber.com/mail/service/ # /cfg/gaff/service.upas/ > > http://plan9.stanleylieber.com/mail/lib/ # /mail/lib/ > > Your links helped me very much. I always forget that you share almost > all of your setup and didn't look into your /mail before. > I got the e flag from your tcp587 script and changed the /mail/queue > permissions like so: > > cpu% cat /bin/service/tcp587 > #!/bin/rc > user=`{cat /dev/user} > exec /bin/upas/smtpd -e -c /sys/lib/tls/cert -n $3 > cpu% ls -ld /mail/queue/ > d-rwxrwxrwx M 65 upas upas 0 Aug 11 21:03 /mail/queue > > After applying these changes my /mail/queue was filled with a none > directory and I am able to send mail. > > I would like to not dedicate a whole directory for services run by > user upas for now. Just chmoding a directory seems to suffice for > now. > > I got perhaps some more questions if you are already involved: > (I will probably figure most of the stuff out myself (hopefully)) > > 1.) Could you tell me why so many flags (and especially MANDATORY > flags) seem to be hidden in the src? Is the e flag intended for > production use? Otherwise a manpage update would help. > > 2.) What is your highscore at https://www.mail-tester.com ? Mine is > 7/10. I know DKIM is no option (-1). But I receive at least -2 on > SpamAssassin regarding: > > -0.001 FSL_BULK_SIG Bulk signature with no Unsubscribe > -1.985 PYZOR_CHECK Similar message reported on Pyzor (https://www.pyzor.org) > https://pyzor.readthedocs.io/en/latest/ > Please test a real content, test Newsletters will always be flagged by Pyzor > Adjust your message or request whitelisting (https://www.pyzor.org) > 0.001 SPF_HELO_PASS SPF: HELO matches SPF record > 0.001 SPF_PASS SPF: sender matches SPF record > Great! Your SPF is valid > > 3.) I don't seem to be able to send mail to myself with this setup > (worked before). My smtpd logs when I try that: > > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 started TLS with cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 ehlo from 82.207.245.23 as cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 auth(CRAM-MD5, (protected)) from cirno.fritz.box > test.chrisfroeschl.de Aug 11 22:31:03 Disallowed test.chrisfroeschl.de!chris (cirno.fritz.box/82.207.245.23) to blocked name test.chrisfroeschl.de!chris > > 4.) Issues regarding receiving mails from my current mail server to > the 9 smtp server seem to remain. Perhaps some MX record error from > my side? I will debug this as good as I can the following days. Here > is my obsd maillog: > > Aug 11 22:58:02 chrisfroeschl smtpd[47164]: smtp-out: No valid route for [connector:[]->[relay:test.chrisfroeschl.de,smtp,heloname=mail.chrisfroeschl.de],0x0] > Aug 11 22:58:12 chrisfroeschl smtpd[47164]: 0000000000000000 mta delivery evpid=3fb35f960656e8e3 from= to= rcpt=<-> source="-" relay="test.chrisfroeschl.de" delay=13s result="TempFail" stat="Network error on destination MXs" > > After cping my tcp587 to tcp25 I got (just to test if it only uses port 25): > > Aug 11 23:12:46 chrisfroeschl smtpd[47164]: 745c82d65e770f66 mta delivery evpid=03d30d409a5ab8fd from= to= rcpt=<-> source="5.252.227.212" relay="185.183.157.17 (test.chrisfroeschl.de)" delay=0s result="PermFail" stat="550 5.1.1 test.chrisfroeschl.de!chris ... user unknown" > > > there is a deficiency in the fqa’s description of setting up smtp and imap for remote users: > > > > - client side use against a 9front server is not described at all. > > > > - an “Inferno/POP secret” is used as the password for both smtp and > > imap, which must be configured *in addition to* the user’s regular > > auth password. see: http://fqa.9front.org/fqa7.html#7.4.2 > > > > i’ll address this. > > I intend to send a FQA patch the coming days (as soon as everything > works) with some minor stuff I found besides the things you mentioned. > I can try to add a first draft regarding your points. Feel free to > edit it afterwards however you like. > > chris >