how to set properly the email system

[fstef]

hi, i need some help to configure the email system. i have 3 email accounts from the same provider, i can't figure out how to set smtpd(8) properly, according with this post http://daemonforums.org/showthread.php?t=8881 i need to use the 'relay' option but i don't understand how. for now i'm using mutt+msmtp+getmail but i want to stay with package already in the base system and this introduce my second problem: for get email what package i need to use? usually i use a POP3 connnection whit SSL, i don't need IMAP.
thank you to everyone for any help and sorry if i make mistake but this is the 4 time i try to send this post from elinks web browser, the only browser whit javascript support i can use in the loongson machine.
fstef

[TronDD]

Mutt will both send and receive mail directly from your POP and SMTP server. You don't need getmail or smtpd.

However, if you want to use smtpd for some reason, it's not hard to configure. My home system is set up for it so I can't get the exact syntax where I am now.

You need add your passwords to a secrets file and then you can relay with something like:
accept from local relay via smtps+auth://label_from_secrets@whatever auth <secrets>

The example is in the smtpd.conf man page.

Tim.

[scottro]

I don't know how to use OpenBSD's smtp, but you can always, if you have to, add more than one account to msmtp. (I prefer using it to mutt's builtin, because it's more flexible.)

I have a page on mutt that goes through setting up msmtp for multiple accounts if you need it--I get the impression that you're already familiar with doing that, but what the heck, let me spam my page.....

http://srobb.net/mutt.html

[TronDD]

Multiple accounts is easy in smptd using the 'from <sender>' filter and in mutt, set up a way to change the sender address. I used folder hooks and each account had it's own inbox folder.

Tim.

[jggimi]

MTAs can be public-facing. Configuration errors or omissions can lead to external harm, such as becoming a vector for dissemination of spam, trojan horse virii, or even targetted phishing attacks.

If an admin is uncertain about MTA deployment, the first question to ask is whether an MTA is needed. From the information posted, it isn't clear to me that one is needed.

[shep]

Quote:

Originally Posted by fstef

for now i'm using mutt+msmtp+getmail

Quote:

Originally Posted by jggimi

MTAs can be public-facing. Configuration errors or omissions can lead to external harm, such as becoming a vector for dissemination of spam, trojan horse virii, or even targetted phishing attacks.

If an admin is uncertain about MTA deployment, the first question to ask is whether an MTA is needed. From the information posted, it isn't clear to me that one is needed.

I use mutt+getmail and added nmh so my local email would be stored in mh format. Mutt 1.5.23 can retrieve from pop3 accounts, send via smtp and uses mbox format by default.

If your goal is to stay within the base install, it should be possible with mail/smtpd although it is not as user friendly.

[Oko]

Quote:

Originally Posted by shep

added nmh

The only radically new and ingenious e-mail client ever to be written after Berkeley mailx. Truly remarkable peace of software which came out of RAND corporation but unfortunately it is a pain in the b*** to install on all machines I am using so I stick with mailx from the base.

[fstef]

hi guys and sorry, the post is not clear (english is not my native language). i need to setup the email system in my yeeloong laptop, only for my personal use. i already know how to set msmtp with multiple accounts and i know i can use mutt without an external MTA but i want to stay with packages already in the base system, because i want to study my OS of choise.
i go to re-read the man pages and the try and error way
thank you for the help
fstef

[TronDD]

The problem with the base system is that there is no way to get mail from an external server. You'll probably have to stick with getmail which I think works well enough for POP accounts.

To configure smtp, it's simply lines like this:
accept from local sender "user1@account.com" for any relay via secure+auth://label1@smtp.account.com:465 auth <secrets>
accept from local sender "user2@account.net" for any relay via secure+auth://label2@smtp.account.net:465 auth <secrets>

Set the correct smtp servers, ports and protocols. Set up your label username:password in the secrets file.

Mail just recently got the -r switch to set the from address.

I tried sticking with only the base system, too but I have an IMAP email account which is much harder. I like mailx so I just started using mail/s-nail to get the modern capabilities with the mailx interface.

Tim.

[fstef]

@TronDD, thanks. sending mail fails. in the maillog the sender is user@hostname of my laptop, not the user1@account.com, is normal or maybe my provider don't know who is this "user"?
usually sending mails whit my provider in the MTA config file i need to specify the ca.crt file path, maybe in the smtpd.conf file i need to specify the pki hostname and the ca.crt file path?
i'm lost ...
BTW: in your example the "label1" is literally and recall a label1 user1@account.com:mypassworld in the secrets file, right?
what i'm missing?
fstef

[TronDD]

How are you sending mail?
What's the exact error?
Smtpd reads the ca.crt file that comes with OBSD. Does it not contain the CA you need?

Keep reading the man pages. You can add 'as username@domain.com' to the end of the smtpd.conf lines to set the sender.

Secrets format is 'label user:password' And you have to run 'makemap secrets' and make sure the file permissions are correct and safe.

Tim.

[fstef]

Quote:

Originally Posted by TronDD

How are you sending mail?

mail -s "test mail" myfriend@provider.org
this is a test mail
^D

Quote:

Originally Posted by TronDD

What's the exact error?

i have no error in maillog, and no info. i have some info only if i shutdown the internet connection and obviously the error is relating to 'Failed to resolve MX for [relay:myprovider.org]

Quote:

Originally Posted by TronDD

Smtpd reads the ca.crt file that comes with OBSD. Does it not contain the CA you need?

yes, my provider have a self signed CA so i think i need to set the pki hostname and provide the ca.crt file path

Quote:

Originally Posted by TronDD

Keep reading the man pages. You can add 'as username@domain.com' to the end of the smtpd.conf lines to set the sender.

i'm reading the man pages. if i adding the as username@domain.com at the end of the smtpd.conf lines when i try to send a mail i get
> send-mail: command failed: 550 Invalid recipient

Quote:

Originally Posted by TronDD

Secrets format is 'label userassword' And you have to run 'makemap secrets' and make sure the file permissions are correct and safe.

Tim.

i have make this according the man pages so it is correct

i really appreciate your help

fstef

[TronDD]

Are you running 5.6-release or -current? If -current, try using -r with the mail command.

Can you paste your smtpd.conf file?

Also to help debugging, run 'smtpctl monitor' to see the mail queue and if there were temporary or permanent failures (though they should be in the log, too).

[fstef]

i'm running 5.6-release, i think i'm not ready to run -current

but now in the maillog file i'ave a lot of info:

--------- maillog ---------------
smtp-out: Connecting to smtp+tls://178.255.144.35:25 (contumacia.investici.org) on session 116xxx...
smtp-out: Connected on session 116xxx...
smtp-out: Connecting to smtp+tls://IPv6:2002:b2ff:9023::1:25 (contumacia.investici.org) on session 116xxx...
smtp-out: Error on session 116xxx: Connection failed: No route to host
smtp-out: Disabling route [] <-> IPv6:2002:b2ff:9023::1 (contumacia.investici.org) for 800s
smtp-out: Connecting to smtp+tls://82.94.294.234:25 (latitanza.investici.org) on session 116yyy...
smtp-out: Connected on session 116yyy
smtp-out: Connecting to smtp+tls://IPv6:2001:888:2000:56::19:25 (latitanza.investici.org) on session 116yyy...
smtp-out: Error on session 116yyy: Connection failed: No route to host
smtp-out: Disabling route [] <-> IPv6:2001:888:2000:56::19 (latitanza.investici.org) for 800s
smtp-out: Started TLS on session 116xxx: version=TLSv1/SSLv3, cypher=ECDHE-RSA-AES256-GCM-SHA384, bits=256
smtp-out: Started TLS on session 116yyy: version=TLSv1/SSLv3, cypher=ECDHE-RSA*AES256-GCM-SHA384, bits=256
smtp-out: Server certificate verification failed on session 116xxx
smtp-out: Server certificate verification failed on session 116yyy
smtp-out: Closing session 116yyy: 0 message sent.
relay: TempFail for fc14d11xyz: session=116xxx, from=<$USER@$HOSTNAME>, to=<myfriend@autistici.org>, rcpt=<->, source=192.168.1.101, relay=178.255.144.35 (contumacia.investici.org), delay=1h46m52s, stat=450 4.1.8 <$USER@$HOSTNAME>: Sender address rejected: Domain not found
smtp-out: Closing session 116xxx

--------------- smtpd.conf -----------------------------
listen on lo0

table aliases db:/etc/mail/aliases.db
table secrets db:/etc/mail/secrets.db

accept for local alias <aliases> deliver to mbox
accept from local for any relay
accept from local sender "myuserID@inventati.org" for any relay via secure+auth://label@smtp.autistici.org:587 auth <secrets> al myuserID@inventati.org

------ # smtpctl monitor ------
curr 0
conn 2
disc 2
----- envelope ----
curr 4
enq 6
deq 2
------- relay/delivery -----
ok 2
tmpfail 9
prmfail 0
loop 0
------- misc ------
expire 0
remove 0
bounce 1

[TronDD]

Ah. Rules are matched in order. Move 'accept from local for any relay' to the bottom or just comment it out.

[fstef]

if i comment out the string when i try to send a mail i get
send-mail: command failed: 550 Invalid recipient
if i put this string to the bottom the maillog file is the same whit i think two errors:
1) Server certificate verification failed: my provider use a self-signed ca certificate. the smtpd.conf(5) man pages only refers to create a certificate and a key for my mail server, i think, the same as the starttls(8) man pages and i can find nothing referring to add a external mail provider self-signed ca certificate. BTW: where i'm living google is blocked, yahoo search engine is very useless, so i can't find nothing about this question in the net;
2) Sender address rejected: Domain not found: smtpd think the sender is $USER@$HOSTNAME and adding the 'as myuserID@myprovider.org' string don't change the problem. according the smtpd.conf(5) man pages
sender [!] <senders> If specified, the rule will only be matched if the sender email address is found in the table senders....
this means in my smtpd.conf file i need to set something like
table senders db:/etc/mail/senders.db
and in /etc/mail/ directory have the senders file whit in 'sender1 myuserID@myprovider.org' and run the makemap command?
i'm getting frustrating
thank you for help me to understand
fstef

[fstef]

Solved!
i've stripped the 'from local sender "myuserID@myprovider.org" string and finally i can send messages using mail+smtpd.
but, this way i only can use 1 account and smtpd failed the server certificate verification because don't know where is the ca certificate
fstef

ps: what i need to do for write a 'solved' in the title?

[TronDD]

I use multiple accounts using the "sender" filter you had to remove but you need to be on -current to get the -r switch in mailx to set the sender address.

Append your CA cert to /etc/ssl/cert.pem (careful not to mess this file up and break SSL negotiation for everything).

[fstef]

thank you TronDD, i very appreciate your helps