From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 18593 invoked from network); 11 Aug 2022 12:39:13 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 11 Aug 2022 12:39:13 -0000 Received: from mail.chrisfroeschl.de ([5.252.227.212]) by 9front; Thu Aug 11 08:38:01 -0400 2022 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chrisfroeschl.de; s=20210522; t=1660221475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to; bh=6IsVHwdFt94OpsgTye8U4ifOhx3fXbGnPCpXQbaypPM=; b=WKXArhjp5q+OrH8eVTB+q/a0irDmMuoBGwheNaFEp0gyMSDXh2Jcdz/3iAPgorxnh625Cs rFRM+5euLX/+5OC0r4lrhfRb1rM1muLXVKDc3vj8P2TO+Pxqwks3X+swLFR9DvRXJdeWKg qj24/ZU4CDLawOEFg9rad33yeLl4wzI= Received: from cirno.fritz.box ( [82.207.245.23]) by chrisfroeschl.chrisfroeschl.de (OpenSMTPD) with ESMTPSA id 6bc54dee (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256:NO); Thu, 11 Aug 2022 14:37:55 +0200 (CEST) Message-ID: Date: Thu, 11 Aug 2022 14:37:22 +0200 From: chris@chrisfroeschl.de To: 9front@9front.org In-Reply-To: <14CB1CAB59F653E34676395E9100D074@chrisfroeschl.de> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: replication extension cloud Subject: Re: [9front] Mail server setup Reply-To: 9front@9front.org Precedence: bulk I tried to adjust my tcp587 like so: cpu% cat /bin/service/tcp587 #!/bin/rc user=`{cat /dev/user} exec /bin/upas/smtpd -E -c /sys/lib/tls/cert -n $3 using the hidden E flag which allows me to skip the liar part ( /sys/src/cmd/upas/smtp/smtpd.c:465 ). I'm not sure if that is more of a hack away for debugging or intended for use. Either way not mentioned in the manpage, but used by sirjofri in his setup http://sirjofri.de/changeblog/1594881674/ , while getting me at least away from the liar errors. Running from my client (all other configs adjusted ofc): ; echo $upasname chris@test.chrisfroeschl.de ; echo 9test24 | mail -s 9test24 chris@chrisfroeschl.de There doesn't seem to happen a 'real' authentication. The next server logs show the attempt to use the queue of 'none': cpu% tail /sys/log/auth chrisfroeschl Aug 11 11:46:10 cram-ok chris 185.183.157.17 cpu% tail /sys/log/mail chrisfroeschl Aug 11 11:46:10 error chrisfroeschl.de!chris From test.chrisfroeschl.de!chris Thu Aug 11 11:46:10 +0200 2022 error+ from 'test.chrisfroeschl.de!chris' error+ to 'chrisfroeschl.de!chris' error+ failed with error 'qer: creating data file /mail/queue/none/D.006462: '/mail/queue/none' permission denied error+ '. error+ The mailer `/mail/lib/qmail 'test.chrisfroeschl.de!chris' 'net!chrisfroeschl.de'' returned error status 71. error+ error+ cpu% tail /sys/log/smtpd chrisfroeschl Aug 11 11:46:06 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box chrisfroeschl Aug 11 11:46:08 started TLS with cirno.fritz.box chrisfroeschl Aug 11 11:46:08 ehlo from XXX.XXX.XXX.XXX as cirno.fritz.box chrisfroeschl Aug 11 11:46:10 auth(CRAM-MD5, (protected)) from cirno.fritz.box chrisfroeschl Aug 11 11:46:10 ++[cirno.fritz.box/XXX.XXX.XXX.XXX] blocked: mail refused: from 'test.chrisfroeschl.de!chris' Not sure why there doesn't seem to be a proper auth attempt (although CRAM-MD5) is mentioned. Do I have to prepare some /mail/queue structure for 'chris' btw? I didn't do that by hand on my client if I remember correctly. Here is my whole server /mail structure: cpu% walk -exp /mail/ a-rw-rw---- /mail/box/glenda/mbox/1659696218.00 ... d-rwxrwxrwx /mail/box/glenda/mbox d-rwxrwxr-x /mail/box/glenda a-rw-rw---- /mail/box/chris/mbox/1659696500.00 ... d-rwxrwxrwx /mail/box/chris/mbox -lrw------- /mail/box/chris/mbox.idx -lrw------- /mail/box/chris/L.mbox --rwxrwxrwx /mail/box/chris/mbox.imp a-rw-r----- /mail/box/chris/Sent/1660061970.00 ... d-rwxr-xr-x /mail/box/chris/Sent -lrw------- /mail/box/chris/Sent.idx --rw-r--r-- /mail/box/chris/Sent.imp d-rwxr-xr-x /mail/box/chris -lrw------- /mail/box/chris.idx d-rwxrwxr-x /mail/box d-rwxrwxr-x /mail/faxoutqueue d-rwxrwxr-x /mail/faxqueue d-r-xr-xr-x /mail/fs d-rwxrwxr-x /mail/grey --rw-rw-r-- /mail/lib/blocked --rw-rw-r-- /mail/lib/classify.re --rwxrwxr-x /mail/lib/gone.fishing --rwxrwxr-x /mail/lib/justqmail --rwxrwxr-x /mail/lib/kickqueue --rwxrwxr-x /mail/lib/lazyqmail --rw-rw-r-- /mail/lib/namefiles --rw-rw-r-- /mail/lib/names.local --rw-rw-r-- /mail/lib/pipeto.bayes --rw-rw-r-- /mail/lib/prof.mbox --rw-rw-r-- /mail/lib/prof.spam --rwxrwxr-x /mail/lib/remotemail --rw-rw-r-- /mail/lib/rewrite.direct --rw-rw-r-- /mail/lib/rewrite.gateway --rwxrwxr-x /mail/lib/setup.bayes --rw-rw-r-- /mail/lib/smtpd.conf --rwxrwxr-x /mail/lib/validateaddress --rwxrwxr-x /mail/lib/validateattachment --rw-rw-r-- /mail/lib/white.starter --rw-rw-r-- /mail/lib/gone.msg --rw-rw-r-- /mail/lib/ignore --rwxrwxr-x /mail/lib/isspam.rc --rwxrwxr-x /mail/lib/mailnews --rwxrwxr-x /mail/lib/msgcat.rc --rw-rw-r-- /mail/lib/patterns --rw-rw-r-- /mail/lib/pipeto.lib --rwxrwxr-x /mail/lib/qmail --rw-rw-r-- /mail/lib/rewrite --rwxrwxr-x /mail/lib/spam.rc --rwxrwxr-x /mail/lib/unspam.rc d-rwxrwxr-x /mail/lib d-rwxrwxr-x /mail/queue d-rwxrwxrwx /mail/tmp d-rwxrwxr-x /mail cpu% My client shows following log after sending the mail: ; tail /sys/log/smtp.fail cirno Aug 11 11:45:40 delivery chris@chrisfroeschl.de at tcp!test.chrisfroeschl.de!587 (test.chrisfroeschl.de:185.183.157.17) rcptto failed: 554 5.7.1 mail refused: from 'test.chrisfroeschl.de!chris' ; tail /sys/log/smtp cirno Aug 11 11:45:37 started TLS to test.chrisfroeschl.de ; tail /sys/log/mail cirno Aug 11 11:45:35 remote chrisfroeschl.de!chris From chris@test.chrisfroeschl.de Thu Aug 11 11:45:35 +0200 2022 (chris@chrisfroeschl.de) 220 Can't test the whole thing from my s-nail client because it demands a cert that is not self signed. I could probably configure it to ignore it somehow, but I'm not really interested in running s-nail anyway. Am I going to run into issues if I use a self signed cert in communication with other smtp daemons? I would really like to avoid signing certs to be honest. Anyway, I don't see how the FQA information alone could work. Is this indeed the current configuration of the (9front.org|cat-v.org|...) mail server? Any updates or insights would be very helpful. chris