> Has been reported previously - > https://github.com/OpenSMTPD/OpenSMTPD/issues/1115
Thanks for the link, this did not come up in my searches. However, > The link also contains a workaround which may be useful for you. the only "workaround" I could find was to specify the internal IP instead of the hostname. I've tried this before and I've tried this just now, in both cases it does not work, because, as I said, the private IP is not part of the certificate and OpenSMTPd checks the certificate. Is there a way to disable cert checking? Log output: Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta connecting address=smtp+tls://192.168.158.1:25 host=uhura.hoffmann.computer Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta connected Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta ssl_check_name: no match for '192.168.158.1' in cert Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta error reason=SSL certificate check failed Sep 13 10:04:54 mx01 smtpd[25157]: smtp-out: Disabling route [] <-> 192.168.158.1 (uhura.hoffmann.computer) for 15s Sep 13 10:04:56 mx01 smtpd[25157]: smtp-out: No valid route for [connector:[]->[relay:192.168.158.1,port=25,smtp+tls,mx,heloname=mx01.klm.hoffbox.net],0x0] Thanks, Simon > > Best, > Aisha > > On 9/12/21 5:28 PM, Simon Hoffmann wrote: > > Hey yall, > > > > in my smtpd.conf file I have "relay smtps://host.domain.tld" > > > > host.domain.tld does resolve to a public IP, and this needs to be a public > > IP on > > public DNS. > > However, OpenSMTPd needs to relay to the local IP address of the smarthost. > > Since I have no DNS server running on that network, and i dont want to > > setup a DNS > > server only for OpenSMTPd, I added an enty to /etc/hosts, assigning the > > local IP to > > the FQDN. > > When i ping the FQDN it correctly resolves to the internal IP of the > > smarthost. > > However, OpenSMTPd ignores the entry in /etc/hosts and still tries to > > connect to the > > public IP of the host. > > > > Is this known that OpenSMTPd ingores /etc/hosts? Or is this a problem on > > Debian? > > Is there a workaround? Specifying "relay smtps://192.168.158.1" will not > > work, as the > > private IP is not part of the Cert. > > Can I force OpenSMTPd to use the internal IP? Can I disable Cert checking > > for the > > smarthost? > > > > Thanks! > > > > System details: > > > > root@mx01:~# lsb_release -a > > No LSB modules are available. > > Distributor ID: Debian > > Description: Debian GNU/Linux 11 (bullseye) > > Release: 11 > > Codename: bullseye > > root@mx01:~# smtpd -h > > version: OpenSMTPD 6.8.0p2 > > usage: smtpd [-dFhnv] [-D macro=value] [-f file] [-P system] [-T trace] > > > > root@mx01:~# cat /etc/network/interfaces > > # This file describes the network interfaces available on your system > > # and how to activate them. For more information, see interfaces(5). > > > > source /etc/network/interfaces.d/* > > > > # The loopback network interface > > auto lo > > iface lo inet loopback > > > > # The primary network interface > > allow-hotplug ens192 > > iface ens192 inet dhcp > > > > > > Any info else you need? > > > > Cheers, > > > > Simon >
signature.asc
Description: PGP signature
