smtpd configuration issues

[rdikarlus]

Hi all,

trying to configure smtpd on OpenBSD current. The server was sending mails using gmail smtp with no problem till gmail stopped using the less secure applications facility... now I am trying to configure with my company mail configuration. Basically I want the servers to send periodically system information. Here's my configuration;

/etc/mail/smtpd.conf

table aliases file:/etc/mail/aliases
table secrets file:/etc/mail/secrets

listen on lo0

action "local" mbox alias <aliases>
action "relay" relay host smtp+tls://LABEL@smtp.XXXXX.com:587 auth <secrets>
match for local action "local"
match for any action "relay"


And /etc/screts

LABEL mymail@XXXXX.com:mypasswd


smtpd is not sending mails anymore... the same configuration was working using a gmail account... any idea where's the problem ?


I appreciate your help,

[jggimi]

I don't see any obvious logic errors.

There's always the possibility that smtp.XXXXX.com is not resolvable, or that the remote server is rejecting mail from your server.

Review the contents of /var/log/maillog. If there's nothing obvious there, you can stop run the smtpd(8) daemon and then run it manually from a shell with `-dv` to get a great deal of console output while mail is being processed.

You might want to change your "local" action to some other action name that is not a reserved word -- the example in the smtpd.conf(5) man page, the author used "local_mail". In my own configurations I use the action name "deliver" for mail delivered on the local system.

[rdikarlus]

Thanks for your help.

after Checking /var/log/maillog , this seems to be the error:

25169039c23384d6 mta error reason=IO Error: certificate verification failed: error number 1

Any idea how to solve this?

Thanks,

[frcc]

Gmail stopped me all of a sudden getting and sending mail.
Gmail is not now, or will not soon, allow what they consider less secure aps connect to gmail server without following their new guidelines. In my case it was neomutt and getmail. if this "might" be a similar issue there was a discussion here where the last entry by me was the correct one. I am probably way off the mark but figure i'd throw my 2 cents in.

[J65nko]

Quote:

25169039c23384d6 mta error reason=IO Error: certificate verification failed: error number 1,

What kind of certificate are you using?

[jggimi]

You are connecting to the remote server with "smtp+tls" -- this is a mandatory TLS connection. The issue is either:

• The remote server's certificate is not accepted by your local server.
• The remote server requires a valid certificate from your local server.

As a next step, I would run smtpd(8) with -dv to try to obtain further clarity as to which is the case. If the results from that are unclear, then I recommend contacting your remote server's technical support team. For example, using "tls no-verify" might be a temporary solution but you would want to determine if there is a protocol or cipher issue between the two mail servers.

[rdikarlus]

Hi all,

thanks for your replies and comments but it seems that my mail server does not like smtpd, so that I downloaded, compiled and installed the simple MTA ssmtp - https://github.com/ajwans/sSMTP - and my server is sending mails again. Despite this software is not in the OpneBSD ports tree it compliles straightaway. In case you are interested I configured my server as follows: I stopped the smtpd daemon - #rcctl stop smtpd - and did #rcctl disable smtpd in order not to start it when the server boots again. I also changed the file /etc/mailer.conf like this:

# $OpenBSD: mailer.conf,v 1.7 2015/12/07 12:32:06 sunil Exp $
#
# Execute the "real" sendmail program, which is now smtpd by default
#
#sendmail /usr/sbin/smtpctl
#send-mail /usr/sbin/smtpctl
#mailq /usr/sbin/smtpctl
#makemap /usr/sbin/smtpctl
#newaliases /usr/sbin/smtpctl


sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
makemap /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp


Basically you must tell the server to use ssmtp instead of smtpctl.

Thanks again for you help!

[jggimi]

Quote:

Originally Posted by rdikarlus

...it seems that my mail server does not like smtpd

It could be the other way around instead. Perhaps smtpd does not like your remote mail server.

Quote:

Thanks again for you help!

Uh ... ... we didn't. You found a circumvention without us.

Congratulations on establishing your mail server connection!