From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 16200 invoked from network); 6 Aug 2022 13:19:36 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 6 Aug 2022 13:19:36 -0000 Received: from mail.chrisfroeschl.de ([5.252.227.212]) by 9front; Sat Aug 6 09:17:57 -0400 2022 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chrisfroeschl.de; s=20210522; t=1659791873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Co7PAywBcBfE3FMyESMTKiSWtd9/9dk6g1bOE+LOTas=; b=V2wqDeHC3V09J/i/JNqvFGr2RU0Bkyss/n/E/ONISpwwi8rlgYcn9Bp96LEsXrrmENeGwN /Uq55gFTX/K6p/hmP9feHD83ZMDnrgtg0nXSnWrOq7tAEhxuZyup2HvisQQjcRLtvReMPC ByLracEVuUEDW/meI+lCISDPaz+3Fsw= Received: from cirno.fritz.box ( [82.207.245.22]) by chrisfroeschl.chrisfroeschl.de (OpenSMTPD) with ESMTPSA id a875ae0b (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256:NO); Sat, 6 Aug 2022 15:17:53 +0200 (CEST) Message-ID: Date: Sat, 06 Aug 2022 15:17:26 +0200 From: chris@chrisfroeschl.de To: 9front@9front.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: extensible asynchronous API app pipelining package framework Subject: [9front] Mail server setup Reply-To: 9front@9front.org Precedence: bulk Greetings all, I recently started to setup my first 9front hosting system. At the moment I'm having great issues with preparing my mail setup (like I expected). My server is already up and running auth/cpu/fs server (185.183.157.17) which I can rcpu into without issues. I'm not yet able to change my DNS entries, and as a result of that bound to testing most of the features via IP. (If that turns out to be the issue perhaps, I will be glad to risk it. I think smtp won't be testable like that? Correct me if I'm wrong) I followed the mail server configuration and maintenance from the FQA ( https://fqa.9front.org/fqa6.html#7.7 ) stopping at 7.7.6 (for now) . IMAP should work soley work with a proper tcp993, tls cert and of course my user (chris) (having a proper Inferno/POP secret (?) and groups): cpu% ls -l /sys/lib/tls/ --rw-rw-r-- M 192 sys sys 412 Oct 5 2019 /sys/lib/tls/README d-rwxrwxr-x M 192 sys sys 0 Apr 3 17:52 /sys/lib/tls/acmed --rw-rw-r-- M 192 chris sys 1025 Aug 6 12:20 /sys/lib/tls/cert --rw------- M 192 chris sys 2399 Aug 5 15:24 /sys/lib/tls/key cpu% ls -l /mail/box/ d-rwxr-xr-x M 192 chris chris 0 Aug 5 20:21 /mail/box/chris d-rwxrwxr-x M 192 glenda glenda 0 Aug 3 15:29 /mail/box/glenda cpu% cat /adm/users -1:adm:adm:glenda,chris 0:none:adm: 1:tor:tor: 2:glenda:glenda: 3:chris:chris: 10000:sys::glenda,chris 10001:map:map: 10002:doc:: 10003:upas:upas:glenda,chris 10004:font:: cpu% cat /bin/service/tcp993 #!/bin/rc exec tlssrv -D -c /sys/lib/tls/cert -l imap4d \ -r `{cat $3/remote} /bin/upas/imap4d -v -p \ >>[2]/sys/log/imap4d cpu% My tcp993 differs a bit, because the FQA version seemed faulty. (imap4d in /bin/upas instead of /bin/ip and no second -r option, aswell as some additional debug flags. I will fix that in the FQA if it turns out to be wrong) My TLS key is of course already in factotum and appended to it on every boot in my cpurc like so: cat /sys/lib/tls/key >> /mnt/factotum/ctl Error response on client: ; upas/fs -f /imaps/185.183.157.17/chris !Adding key: proto=cram server=185.183.157.17 user=chris password: ! upas/fs: imap: unexpected line: y2hyaxmgndq4ntu2mze4zthhmznlmtjhmjhiymu4nmu3mwqxmdu= bad no command: bad syntax ; I also tried connecting via thunderbird on a linux machine. But no success. Log output server (either client): cpu% cat /sys/log/imap4d chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tlsServer2 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv ClientHello version: 0303 random: 6f8a42cf7918652cb3ba482fe512329c5474a9553f2938a01a25dd974e7a0b5d sid: <0> [ ] ciphers: [ cca9 cc14 c02b c023 cca8 cc13 c02f c027 c013 c014 ccaa cc15 9e 67 33 39 16 9c 3c 3d 2f 35 a ] compressors: <1> [ 00 ] extensions: <63> [ 00 00 00 13 00 11 00 00 0e 31 38 35 2e 31 38 33 2e 31 35 37 2e 31 37 00 0a 00 08 00 06 00 1d 00 17 00 18 00 0b 00 02 01 00 00 0d 00 12 00 10 06 03 05 03 04 03 02 03 06 01 05 01 04 01 02 01 ] chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports ClientHello version 303 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports cipher cca8, compressor 0 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHello version: 0303 random: 41cb6711fd2199bceaedc53ddfede41e735dc52d1216c712ae833fa53d08eff8 sid: <0> [ ] cipher: cca8 compressor: 00 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send Certificate <717> [ 30 82 02 c9 30 82 01 b1 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 1e 17 0d 32 32 30 38 30 36 31 30 32 30 30 38 5a 17 0d 32 35 30 38 30 38 31 30 32 30 30 38 5a 30 28 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 19 30 17 06 03 55 04 03 13 10 63 68 72 69 73 66 72 6f 65 73 63 68 6c 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ad bb 68 ee d4 e8 52 98 96 28 e8 a7 c5 a5 ca d0 16 a3 1f 33 58 3c 49 b0 40 c1 a2 54 59 2a e1 b4 3d 86 12 84 1d 3b 99 7c 95 32 16 c2 e7 ca 29 d7 1f 74 e4 1c 84 2a 36 89 bf 3d 6f e8 4d 8a 07 f9 40 3f 42 98 08 69 23 74 35 5e 90 65 05 b6 8e 3e c6 62 ee e1 6d 53 4e 17 df 25 15 1f 14 0f 28 dd 4d 73 67 27 be 08 31 bd c8 a7 82 09 fa ca 72 52 ce 68 d7 51 b2 8f da af 3d 12 9c c3 a9 43 4b 1d 24 8d 21 9 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HServerKeyExchange curve: 001d dh_Ys: nil sigalg: 0401 dh_parameters: <36> [ 03 00 1d 20 4f 79 b7 cc 4a 44 20 ad 0f 6a 05 6e 6f ad d3 a4 8c cd ed 2b 34 0a 84 9b b9 a1 9a 5a 50 22 9a 7e ] dh_signature: <256> [ 00 d3 93 06 ef f1 df 7a a8 c0 ef 52 86 29 85 d6 71 cd 2d f8 a3 65 b4 9a 79 e5 b5 0f bc 2b 20 4e a3 59 6f bf db 1f bd ae a0 84 79 ae 01 c5 66 1e ef ef f9 04 52 75 07 42 6f b7 d9 ea 0e 6c 6f 44 be 94 f1 ba b3 49 e8 c8 fc 2d 4a 1c be 18 3f 63 80 c8 68 4c 0e b5 84 f5 8c 51 6f 4f c7 47 30 3f 11 01 70 cd ac 5c 1b 5e c0 62 ca 54 c4 0e 21 70 30 21 f1 fc 1e de c8 66 32 e0 ab a4 85 6f f4 2a e9 e2 c1 9a 85 d8 7a 86 ad 61 1f e8 9b 5c 69 f1 28 5a c1 a5 ce b2 5b 05 5b d9 64 16 01 97 30 6e 98 88 2a 24 89 d4 70 a1 fe 5c a4 a0 48 b3 ee 39 3c 91 7d e2 02 36 50 ce 47 50 de 11 a3 42 62 16 b3 e4 97 59 f4 45 90 2f 3f 52 6d 5a 65 63 e9 04 a2 f3 78 1c aa 68 c5 3c 3a e3 44 2e 39 d8 23 eb b7 72 24 61 69 71 19 c9 f2 32 8e 98 ff 9a aa 56 4a 95 94 1e 58 19 f0 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send ServerHelloDone chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HClientKeyExchange key: <32> [ c3 16 8d e7 da 62 03 4e 57 4e 28 63 0d a3 5f 5b e7 a5 46 8b 89 51 ae 71 6a 20 ea 24 8e c9 2c a7 ] chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls secrets chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports recv HFinished 708eba2ee0ab671051ab3a11 chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports send HFinished 0ad8ef477b13c840feb6a93b chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports tls finished chrisfroeschl Aug 6 13:10:28 82.207.245.22!17211 tls reports open cpu% I know that I could just 9fs my mail, but I would like to get IMAP working anyways. Feel free to ask if further information is required. chris