On Thu, 2013-02-14 at 15:49 +0100, Gilles Chehade wrote: > On Thu, Feb 14, 2013 at 03:34:24PM +0100, Martijn van Duren wrote: > > On Thu, 2013-02-14 at 13:48 +0100, Gilles Chehade wrote: > > > On Thu, Feb 14, 2013 at 01:41:45PM +0100, Martijn van Duren wrote: > > > > > > [...] > > > > > > world. To do so I set up a listen on interface with tls and enable > > > > > > auth. > > > > > > This works when I try to send emails from my client to other > > > > > > domains, > > > > > > but when I try to send an email to my domain I get an recipient > > > > > > rejected. When doing some manual smtp testing I found out that I > > > > > > had to > > > > > > be logged in before I could do local deliveries. Is there a way to > > > > > > leave > > > > > > smtp open for local delivery and login-protected for relaying (so no > > > > > > different ruleset based upon ip-address)? > > > > > > > > > > > > > > ext_if = "vr0" > > > > > > > > hostname "domainname.nl" > > > > > > > > listen on lo0 > > > > listen on $ext_if tls certificate domainname enable auth > > > > > > > > > > on OpenBSD, you can use interface groups: > > > > > > listen on egress tls certificate domainname enable auth > > > > > > > I'm not familiar with this type of groups. Can you tell me something > > more about it? (or point me to the proper man, since apropos doesn't > > give me anything) > > ifconfig(8), search for "groups" > > It will solve this: > > ext_if = "vr0" > listen on $ext_if [...] > > in a much better way
thanks for the pointer > > > > > > map aliases source db "/etc/mail/aliases.db" > > > > > > > > accept from all for local alias aliases deliver to mbox > > > > accept from all for domain domainname.nl alias aliases deliver to mbox > > > > accept for all relay > > > > > > > > > > This sounds correct, can you provide the output of 'smtpd -dv' as you > > > reproduce the issue ? > > > > > > > Even after a couple of /etc/rc.d/smtpd restarts the problem persevered, > > but when I stopped the service and started it with smtpd -dv I could > > actually receive email. So I guess there were some caching issues > > somehow, although I can't be sure. I just know that it works after > > starting it in debug mode. > > > > Thanks for the quick response. > > > > You still did not show output of smtpd -dv as you reproduce the issue. > > There is no caching and absolutely nothing that would allow a mail to > be accepted with -dv and rejected without, but without output I can't > help you troubleshoot > Since the problem resolved itself, I reckoned the output wouldn't be relevant (since everything does seem to work now). But my output was: martijn@fulla:~$ sudo smtpd -dv no CA found in /etc/mail/certs/domainname.ca no DH parameters found in /etc/mail/certs/domainname.dh using built-in DH parameters using "fs" queue backend using "ramqueue" scheduler backend startup [debug mode] parent_send_config: configuring smtp scheduler_ramqueue: init parent_send_config_client_certs: configuring smtp scheduler_ramqueue: load parent_send_config_ruleset: reloading rules and maps scheduler_ramqueue: queue loading in progress parent_send_config_ruleset: reloading rules and maps scheduler_ramqueue: insert ramqueue: loading interrupted scheduler_ramqueue: next scheduler_ramqueue: next: found scheduler_ramqueue: load scheduler_ramqueue: queue loading in progress ramqueue: loading over scheduler_ramqueue: next scheduler_ramqueue: next: found smtp: listen on IPv6:fe80::21b:fcff:fe99:fc1e%vr0 port 25 flags 0x5 cert "domainname" ssl_setup: ssl setup finished for listener: 0x87139000 smtp: listen on 192.168.153.3 port 25 flags 0x5 cert "domainname" ssl_setup: ssl setup finished for listener: 0x8383a800 smtp: listen on 127.0.0.1 port 25 flags 0x0 cert "lo0" smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x0 cert "lo0" smtp: listen on IPv6:::1 port 25 flags 0x0 cert "lo0" smtp: will accept at most 245 clients smtpd: scanning offline queue... smtpd: offline scanning done smtp: new client on listener: 0x8383a800 session_start_ssl: switching to SSL aliases_exist: 'martijn' exists with 1 expansion nodes aliases_get: returned 1 aliases
