Config advice

Discussion:

Config advice

Kaare Rasmussen

2014-09-23 21:24:39 UTC

Hi

I haven't touched my qpsmtpd setup for years, but I'm moving it and want
to upgrade now. So I seek advice for how to setup the current qpsmtpd.
What I want:

qpsmtpd receives all mail to my domains.
the local users will use qpsmtpd as a smtp server.

This means that the local users will log in with some flavor of auth,
probably vpopmail_sql. Currently I use flat_file for testing.

So far so good. It's the further processing where I'm in doubt. Mail
from outside mustn't be relayed, whereas my users of course have to send
to other hosts. Also, spam checking should only be for incoming mail,
not for my users.

In my existing setup I forward to postfix on another port. Not sure if
that is necessary or desirable any longer. I see there is a
postfix-queue plugin. It fails with permission errors when I try it, and
I want to check here before I spend too much time going in the wrong
direction.

Kaare Rasmussen

2014-09-24 10:48:08 UTC

Permalink

Hi Matt

Thanks for your reply, I really appreciate that.

Against, standard behavior is to accept authenticated local users on port 587.

I only have 25 to play with (without having to do a lot of reshuffling,
which I hope to avoid). But I guess that shoud be OK - it's been working
with qpsmtpd-0.40 for years.

When I try with swaks, it just works:

swaks -t -tls -p 25 --server smtp.host.tld -f ***@host.tld -t
***@another.place -ao --auth-user=***@host.tld

It authenticates and the message reaches the destination. But with
Thunderbird I get

23000 Accepted connection 0/15 from 62.61.159.141 /
PO4-0.155M.rc00-alb.aplus.dk
23000 Connection from PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 (connect) ident::geoip: DK
23000 (connect) fcrdns: fail, no PTR hosts have forward DNS
23000 (connect) earlytalker: pass, not spontaneous
23000 (connect) relay: skip, no match
23000 (connect) dnsbl: fail, NAUGHTY, zen.spamhaus.org
23000 220 li757-176 ESMTP qpsmtpd 0.93/v0.93 ready; send us your mail,
but not your spam.
23000 dispatching EHLO sender.domain.tlf
23000 (ehlo) helo: fail, no forward or reverse DNS match
23000 (ehlo) helo: fail, tolerated, no matching DNS
23000 250-li757-176 Hi PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 250-PIPELINING
23000 250-8BITMIME
23000 250 STARTTLS
23000 dispatching STARTTLS
23000 220 Go ahead with TLS
23000 (unrecognized_command) tls: TLS setup returning
23000 (post-connection) connection_time: 1.325 s.
22998 cleaning up after 23000

Seems it just bails out after tls. I've tried to increase loglevel, but
nothing seems to happen. I've tried to remove various plugins, but it
makes no difference.

In your config/plugins entry, add the option "relayclient skip" to the
spamassassin line like this: spamassassin relayclient skip and
authenticated users won't have their messages scanned.

Super, that's a neat trick. It's not a thing that works with other
plugins as well, e.g. dnsbl? I seem to share IP address with an infested
Windows somewhere.

Kaare Rasmussen

2014-09-25 17:35:58 UTC

Permalink

Hi List

Just for the records. I tried to install another ssl certificate, and
then it works. This means that Thunderbird doesn't like the self signed
certificate generated by plugins/tls_cert

I just would have wanted Thunderbird to tell about it. Instead it just
stopped very Microsoftish with an "unknown error" :-(

Post by Kaare Rasmussen
Hi Matt
Thanks for your reply, I really appreciate that.

Against, standard behavior is to accept authenticated local users on port 587.

I only have 25 to play with (without having to do a lot of
reshuffling, which I hope to avoid). But I guess that shoud be OK -
it's been working with qpsmtpd-0.40 for years.
It authenticates and the message reaches the destination. But with
Thunderbird I get
23000 Accepted connection 0/15 from 62.61.159.141 /
PO4-0.155M.rc00-alb.aplus.dk
23000 Connection from PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 (connect) ident::geoip: DK
23000 (connect) fcrdns: fail, no PTR hosts have forward DNS
23000 (connect) earlytalker: pass, not spontaneous
23000 (connect) relay: skip, no match
23000 (connect) dnsbl: fail, NAUGHTY, zen.spamhaus.org
23000 220 li757-176 ESMTP qpsmtpd 0.93/v0.93 ready; send us your mail,
but not your spam.
23000 dispatching EHLO sender.domain.tlf
23000 (ehlo) helo: fail, no forward or reverse DNS match
23000 (ehlo) helo: fail, tolerated, no matching DNS
23000 250-li757-176 Hi PO4-0.155M.rc00-alb.aplus.dk [62.61.159.141]
23000 250-PIPELINING
23000 250-8BITMIME
23000 250 STARTTLS
23000 dispatching STARTTLS
23000 220 Go ahead with TLS
23000 (unrecognized_command) tls: TLS setup returning
23000 (post-connection) connection_time: 1.325 s.
22998 cleaning up after 23000
Seems it just bails out after tls. I've tried to increase loglevel,
but nothing seems to happen. I've tried to remove various plugins, but
it makes no difference.

In your config/plugins entry, add the option "relayclient skip" to
the spamassassin line like this: spamassassin relayclient skip and
authenticated users won't have their messages scanned.

Super, that's a neat trick. It's not a thing that works with other
plugins as well, e.g. dnsbl? I seem to share IP address with an
infested Windows somewhere.