Trouble with Courier-authlib - won't connect to MySQL/MariaDB (X-post to misc from ports)
Hi. I'm rather new to OpenBSD, but I've hit a wall while doing a 'dry-run' to work out the bugs (and get familiar with OpenBSD) and build a new mail server on OpenBSD with Postfix, MySQL/MariaDB, and Courier-authlib. Any assistance would be greatly appreciated. I've been following this tutorial, and while dated, I've found it closely matches the features I want in a mail server: http://www.kernel-panic.it/openbsd/mail/ This is OpenBSD 5.8 on i386 in a VMware partition. In short, I can't seem to authenticate through Courier-authlib. The messages I get consistently are: Jan 2 19:31:18 mail pop3d-ssl: LOGIN FAILED, user=open...@hottub.ca, ip=[:::10.0.1.162] Jan 2 19:31:18 mail pop3d-ssl: authentication error: Input/output error Jan 2 19:31:18 mail authdaemond: stopping authdaemond children Jan 2 19:31:18 mail authdaemond: restarting authdaemond children Jan 2 19:31:18 mail authdaemond: modules="authmysql", daemons=10 Jan 2 19:31:18 mail authdaemond: Uninstalling authmysql Jan 2 19:31:18 mail authdaemond: Installing libauthmysql Jan 2 19:31:18 mail authdaemond: Installation complete: authmysql My best guess is that authdaemond can't connect to MySQL/MariaDB, despite the fact that I've triple-checked the configuration files, tested the connectivity from the command line, etc. I found one article that documented similar output, but I'm not advanced enough to recompile the entire build tree (it ran for an hour, errored out, and didn't want to head down that bottomless hole). My second guess relates to the fact that I'm storing the passwords as MD5 hashes in the database table, but that it's expecting something else. Here's the article: https://serverfault.com/questions/638245/courier-imap-pop3d-auth-over-mysql So, I'm going to try and add as much detail as I can think of: Here are the running processes: # Courier root 8986 0.0 0.1 252 716 ?? I 3:56PM0:00.00 /usr/local/sbin/courierlogger -pid=/var/run/courier/pop3d.pid -start -name=pop3d /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 27307 0.0 0.1 348 1140 ?? I 3:56PM0:00.01 /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 110 /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 23006 0.0 0.3 428 2784 ?? I 6:06PM0:00.54 /usr/local/libexec/courier-authlib/authdaemond root 31281 0.0 0.1 384 868 ?? I 6:06PM0:00.01 /usr/local/sbin/courierlogger -pid=/var/run/courier-auth/pid -start /usr/local/libexec/courier-authlib/authdaemond root 14519 0.0 0.1 388 860 ?? I 6:06PM0:00.01 /usr/local/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/local/bin/couriertls -server -tcpd /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 18844 0.0 0.1 336 1160 ?? I 6:06PM0:00.03 /usr/local/libexec/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /usr/local/bin/couriertls -server -tcpd /usr/local/sbin/pop3login /usr/local/bin/pop3d Maildir root 10725 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 27621 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 5037 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 1429 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 21358 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 25048 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 26293 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 24357 0.0 0.0 428 324 ?? I 7:37PM0:00.01 /usr/local/libexec/courier-authlib/authdaemond root 3976 0.0 0.0 428 324 ?? I 7:37PM0:00.00 /usr/local/libexec/courier-authlib/authdaemond root 32228 0.0 0.0 428 324 ?? I 7:37PM0:00.00 /usr/local/libexec/courier-authlib/authdaemond #MySQL/MariaDB root 2410 0.0 0.1 688 728 00- I 3:44PM0:00.04 /bin/sh /usr/local/bin/mysqld_safe _mysql 24080 0.0 4.6 326968 48612 00- I 3:44PM0:03.94 /usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/mysql --plugin-dir=/usr/local/lib/mysql/plugin --user=_mysql --log-error=/var/mysql/mail.hottub.ca.err --pid-file=mail.hottub.ca.pid --socket=/var/run/mysql/mysql.sock --port=3306 #Postfix root 30588 0.0 0.2 744 2128 ?? Is 3:44PM0:00.15 /usr/local/libexec/postfix/master -w There are the relevant courier config fi
Streamlining disklabel...
Hi. I'm trying to add a 'block storage' disk to a an OpenBSD 6.1 VM in the cloud. I was able to use fdisk to write an MBR, but I can't seem to get disklabel to simply allocate the entire disk (regardless of it's size) to one partition without going through the editor. I checked /etc/disktype as per the man pages, but it only seems to have very specific / arcane definitions, and I'd like a 'catch all' solution that simply allocates all storage to one partition. I simply want to create a single partition encompassing all of the available space. I've searched the web, plus read searched the last 11k+ messages on misc@ -- but I can't seem to find any examples of defining a disk with disklabel non-interactively. Can someone please provide some examples of a disklabel command that creates a partition non-interactively? (For bonus points, a list of examples of the -w command would be great for future searchers / readers.) Thanks. For the record, I options like: > # disklabel -w sd1 ffs > disklabel: unknown disk type: ffs > # disklabel -w sd1 floppy > disklabel: ioctl DIOCWDINFO: Open partition would move or shrink > # disklabel -w sd1 hd > disklabel: unknown disk type: hd > # disklabel -w sd1 sd > disklabel: unknown disk type: sd > # disklabel -w sd1 SCSI > disklabel: unknown disk type: SCSI > # disklabel -w sd1 'disk' > disklabel: unknown disk type: disk > # disklabel -w sd1 0xA6 > disklabel: unknown disk type: 0xA6 > # disklabel -w sd1 A6 > disklabel: unknown disk type: A6 >
Re: Streamlining disklabel...
> On Nov 4, 2017, at 9:39 AM, Tom Rosso wrote: > > On 2017-11-04 09:28, Implausibility wrote: >> I simply want to create a single partition encompassing all of the >> available space. >> I've searched the web, plus read searched the last 11k+ messages on >> misc@ -- but I can't seem to find any examples of defining a disk with >> disklabel non-interactively. >>> # disklabel -w sd1 'disk' >>> disklabel: unknown disk type: disk > > You need to create an entry in /etc/disktab for the disk type "disk", which > defines all of the variables that go into the disklabel that will be created. > man 5 disktab > > It's easier to create a disklabel interactively. > The snag here is that I want this to work for any size disk that I connect to an OpenBSD instance. It seems like the definitions in disktab are rather inflexible (the man page only mentions numeric sizes, not percentages or wildcards). It seems weird that something so common critical (adding storage) is so cryptic. I don't have to create a termcap entry for every new user, so it seems weird to have to create a similar record for every disk I want to format on the command line for OpenBSD.
Re: Streamlining disklabel...
Again, the interactive editor is way too many steps, too many opportunities for screw-ups, and does nothing to streamline the process of adding a new disk for me. So this is what I've come up with... fdisk -i sd1 echo "/disk21M-* 100%" >/tmp/disktab.new disklabel -w -dv -A -T /tmp/disktab.new sd1 && rm /tmp/disktab.new newfs /dev/rsd1a mkdir /disk2 mount /dev/sd1a /disk2 This seems kludgy, but it is more automated / flexible, and best of all, it works. I'm still curious to know if this is really the most efficient way of doing this. Thanks. > On Nov 4, 2017, at 11:16 AM, Otto Moerbeek wrote: > > On Sat, Nov 04, 2017 at 10:51:59AM -0400, Implausibility wrote: > >> >>> On Nov 4, 2017, at 9:39 AM, Tom Rosso wrote: >>> >>> On 2017-11-04 09:28, Implausibility wrote: >>>> I simply want to create a single partition encompassing all of the >>>> available space. >>>> I've searched the web, plus read searched the last 11k+ messages on >>>> misc@ -- but I can't seem to find any examples of defining a disk with >>>> disklabel non-interactively. >>>>> # disklabel -w sd1 'disk' >>>>> disklabel: unknown disk type: disk >>> >>> You need to create an entry in /etc/disktab for the disk type "disk", which >>> defines all of the variables that go into the disklabel that will be >>> created. man 5 disktab >>> >>> It's easier to create a disklabel interactively. >>> >> >> The snag here is that I want this to work for any size disk that I connect >> to an OpenBSD instance. It seems like the definitions in disktab are rather >> inflexible (the man page only mentions numeric sizes, not percentages or >> wildcards). >> >> It seems weird that something so common critical (adding storage) is so >> cryptic. I don't have to create a termcap entry for every new user, so it >> seems weird to have to create a similar record for every disk I want to >> format on the command line for OpenBSD. > > The interactive editor does support percentages: > > Quantities are rounded to the nearest cylinder when units are specified > for sizes (or offsets). At prompts that request a size, `*' may be > entered to indicate the rest of the available space, `%' for percentage > of total, and `&' for percentage free. > > Default is to use the whole disk anyway. There is also a section > called AUTOMATIC DISK ALLOCATION that can use a templkate file. > > -Otto >
Trouble with OpenSMTPD - always getting 550 Invalid recipient
Hi. I'm trying to build an OpenSMPTD mail server for the first time to replace my aging Postfix box. No matter who I address inbound eMails to (local users or aliases), I always get 550: Invalid recipient in response on the sending server and in /var/log/maillog. I've tried more than a dozen configs, and I can't get past this problem. Domain anonymized for my comfort, but DNS is configured correctly. I've tried to comment everything possible -- if my comment and configs don't match, please let me know where I've gone astray! Here's my entire smtpd.conf file: # Random global options queue compression # Compress data in the queue max-message-size 25M expire 7d # Cryptographic Keys and Certificates pki mydomain.email certificate "/etc/ssl/mydomain.crt" pki mydomain.email key "/etc/ssl/private/mydomain.key" pki mydomain.email dhe auto # Define tables table blacklist file:/etc/mail/blacklist # Blacklist of irritating IPs table whitelist file:/etc/mail/whitelist # Whitelist for misconfigured IPs table aliases file:/etc/mail/aliases# Aliases accepted for delivery table account file:/etc/mail/account# Virtual mail accounts table domains file:/etc/mail/domains# Domains to accept mail for table users file:/etc/mail/users # User names with their own mailboxes table password file:/etc/mail/password # Passwords for users # Allow specific users to send messages as specific eMail addresses #table senders file:/etc/mail/senders # Configure interface & standards - add 'verify' to tls-require in the future. listen on egress tls-require hostname mydomain.email listen on egress smtps hostname mydomain.email listen on egress port submission tls-require auth # Reject troublemakers reject from source # Add other filters here? # Accept from "whitelisted" IPs that are slightly misconfigured accept from source # Receive eMails to addresses in the aliases table. accept from any for domain alias deliver to mbox # Receive eMails to addresses in the virtual account table. accept from any for domain virtual deliver to mbox # Receive eMails for local users accept from any for local deliver to mbox # Forward incoming eMails (from authenticated users) to their destination. accept for any relay The messages from my existing postfix server: Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: to=, relay=mydomain.email[98.76.54.32]:25, delay=2, delays=0.01/0.06/1.9/0.05, dsn=5.0.0, status=bounced (host mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO command)) Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: to=, relay=mydomain.email[98.76.54.32]:25, delay=2, delays=0.01/0.06/1.9/0.06, dsn=5.0.0, status=bounced (host mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO command)) And the messages from /var/log/maillog: Apr 19 03:31:06 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=connected address=12.34.56.78 host=olddomain.com Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=starttls address=12.34.56.78 host=olddomain.com ciphers="version=TLSv1, cipher=DHE-RSA-AES256-SHA, bits=256" Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command address=12.34.56.78 host=olddomain.com command="RCPT TO: ORCPT=rfc822;user1@mydomain.email" result="550 Invalid recipient" Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command address=12.34.56.78 host=olddomain.com command="RCPT TO: ORCPT=rfc822;webmaster@mydomain.email" result="550 Invalid recipient" Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=closed address=12.34.56.78 host=olddomain.com reason=quit Any assistance and insight would be greatly appreciated, as well as some information on how OpenSMTPD treats local users different from aliases and virtual accounts. Thanks.
Installing OpenBSD amd64 on UTM on Intel Mac?
Hi. Since there's some uncertainty around the future of VMware Fusion on the Mac, I've decided to switch to UTM (with QEMU under the covers) -- but I can't seem to get OpenBSD .isos (7.3 or 7.4) to boot -- instead, I get dumped into the UEFI shell, which is a dead end. I've done a number of searches (on the mailing list and the web in general), and all of the results are for running the ARM64 port on the M-series Macs -- but my target machine has an Intel CPU. Can anyone provide some insight into running OpenBSD under UTM on a Mac? Thanks.
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
I'd like to second the idea that IBM would be better served by simply donating to the OpenBSD Foundation. The pieces that benefit IBM the most are the open source software (OpenSSH, which ships on almost every single server they sell) that is the result of hard work by the OpenBSD developers. I'd appeal more to the 'social good' for the industry that OpenBSD is doing, rather than starting from the position that supporting OpenBSD will help them sell more servers, because I can't see that materializing. Alternately, I'd position it that OpenBSD on Power8 is another way of flushing out bugs in code that's used almost everywhere, and ensuring consistency and correctness and adherence to standards, in much the same way the aging VAX architecture was supported for the benefits of ensuring that the code base was universally correct. As a further alternative, IBM offers access to hardware on a free basis through their POWER Development Cloud where you got access to Power system for the purposes of compiling, porting, developing, testing, or demo-ing. There may be a way to leverage that existing infrastructure in such a way that developers get access to the hardware (and KVM and Remote power switch) without IBM sending out expensive hardware, or developers paying the (substantial) costs for electricity/cooling. Good luck! > On Oct 18, 2016, at 12:35 PM, Mikael wrote: > > Hi everyone, > > I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for > adding support for this arch. After 6 months this got all the way to their > Director of the Power(8) Ecosystem & Alliances, that is the highest > executive for the whole arch. Just right now, she's asking for a motivation > for IBM to donate - she asks: > > > "It would be helpful to know where you are seeing requests for OpenBSD on > Power and what applications on top of OpenBSD are being requested. We have > not seen any requests as of yet from our target clients. " > > > Can you please collect answers to this question and post them here in this > thread, or PM them to me. I'll forward your responses and they'll decide > whether to donate Power8 devices to OpenBSD, based on them. > > ** Please tell the next 6-7 days! > > Thanks! > Mikael
Wanted: OpenBSD Help / Tutoring / Mentoring in Montreal or Toronto
Hi. I'm not exactly new to OpenBSD, but there are a few things that I need some help with, and fighting through learning them on my own isn't appealing. I'm looking for some help with: pf, OpenVPN, web hosting, building a robust mail server ... and would expect to pay you for your time. Drop me an eMail off-list if you're interested, with your expectations for your hourly rate. I'm frequently near Atwater Market in Montréal, or King St. West in Toronto, but we can meet anywhere near those locations. -JD.
Getting started with an OpenBSD Desktop...
Hi. I have a few old ThinkPads here, and I'd like to explore getting OpenBSD running as a lightweight desktop computer. I don't need a lot, I spend most of my time at a shell prompt, but I'm thinking I need a better window manager, possibly Firefox (or a recommended lightweight alternative) and any invaluable X-based utilities. I've had trouble getting the laptop connected to my local WiFi network, despite having compatible cards and a straightforward security config (WPA2), despite having followed the documentation. If there's a network-connection-manager GUI available, that would be nice, but isn't essential. I know how to install things via the ports, but traversing the directory structure to find useful packages is painful. If there's a more friendly way to search for and discover new/interesting ports packages, I'd appreciate a link. Thanks.
Re: Getting started with an OpenBSD Desktop...
Thanks to everyone for their comments! I'm going to put a fresh install of OpenBSD 5.9 on my laptop, and I'll try all of your recommendations. Take care. > On Apr 13, 2016, at 5:37 AM, Mike Burns wrote: > > On 2016-04-13 10.42.28 +0200, Erling Westenvik wrote: >> On Tue, Apr 12, 2016 at 08:34:16PM -0400, Implausibility wrote: >> Various attempts on creating "generic" wifi network connection manager >> scripts have been made. None with a true GUI AFAIK. > > I hooked some shell scripts up with zenity to make a GUI.
Re: Hardware recommendation for small form factor, noiseless, server
For various values of 'fully supports', I have multiple odroid HC4 units, and they all run very well. I've booted them with OpenBSD to play with it, but inevitably switched back to Linux. No built-in WiFi, but it has a single USB socket that you could plug in a WiFi/Bluetooth dongle. -JD. > On May 6, 2024, at 4:03 PM, James Johnson wrote: > > Hi all, > > can anyone please advise on what computer I can purchase with the following > requirements: > > - fully supports OpenBSD > - no noise > - good quality wifi > - small form factor preferably > - processor does not need to be fast (no highly intensive compute load) > - low RAM need > - needs 1 TB of hard drive at least > - will be used only remotely, for basic and low-intensity server-type > applications (no desktop use) > - under $500 > > Thanks! > James
Re: Open Source / BSD License Copyright infringements
Apologies for the interruption, however, the claim of violation of of Copyright infringement is... I'll use the word... dubious. https://blog.delphinusdns.org/c?article=1717456278 "I heard through a psychic tarot reader that someone sold delphinusdnsd and possibly put their name on it. " All respect to the author of the software, however, I would want a more authoritative and/or credible source for claims of copyright infringement before getting involved in the search. I'd also suggest that it is far more plausible that this is evidence that the OP is the victim of a fraud of an entirely different variety, and hope this message is an opportunity for introspection and careful re-examination about their relationship with the source of the accusation.
Tips for getting OpenBSD running on Surface Pro 3 tablet?
I have an SP3 tablet with the OEM keyboard/trackpad combo. The installation works perfectly, it boots, keyboard works, I get through the install process (*several* times), but after having rebooted, I get kicked directly into the BIOS, and there's no way to force a boot from the internal SSD where OpenBSD is supposed to have installed. I've turned off TPM and Secure Boot Control, the boot order is USB -> SSD (but selecting SSD only doesn't improve the situation), and under 'Advanced Security', everything is enabled. In terms of the install, I've tried MBR and GPT partitioning, moved the OpenBSD partition from #3 to #0 in the partition table, simplified the install by not encrypting the filesystems, disabling X, only defining one fs (/) and swap and probably a dozen other combinations. The only snag I can think of is that there's one USB port, so I'm installing from the USB, and can't have a wired network connection at the same time -- so I don't get firmware updates. But if the installer boots, so should OpenBSD. After all that, I'm out of ideas. Is there a specific trick to getting OpenBSD running on the SP3? I know this is old hardware, but it still has decent specs (i7 / 16GB / 512GB), and I'd like to experiment with running OpenBSD as a desktop OS. Any input is greatly appreciated. Thanks in advance!
7.6 aarch64 + UTM on M4 Mac = unable to reorder libraries for a custom kernel?
Just checking to see if anyone has successfully managed to run OpenBSD 7.6 for aarch64 under UTM on a Mac with an M4 processor. I know the default supported hardware is M1/M2, but I'm running under the QEMU 9.1 ARM Virtual Machine system -- so I'm hoping that my newer CPU doesn't really matter. I'm getting errors on boot about not being able to successfully relink the kernel at boot time, and random user-land crashes while doing things like pkg_add, etc. Oddly, relinking the kernel after syspatch is successful, it's the boot-time relinking that's failing. I get that my use case is probably quite 'out there', but any insight / input would be appreciated. Thanks.
Re: Sizing a server for modest web/mail ?
A quick thank-you to everyone who replied! Given the number of variables, I think my strategy will be to make it easier to rebuild the entire system from backups. This way, I can build a new machine with filesystems that better represent my actual usage, then just dump an image of the filesystem on top of the new hierarchy. Take care, and have a great holiday everyone.
Re: Sizing a server for modest web/mail ?
> On Dec 10, 2024, at 3:40 PM, Mike Fischer wrote: > > For a low-traffic site that should be fine. > > The actual disk footprint depends on your needs of course. Only you know what > those are. How big are your DocumenRoot directories, databases and mailboxes? The only large-ish site (30GB) will live on it's own block storage device. Everything else is under 1GB. > It may make sense to partition the disk manually so that e.g. MySQL > (MariaDB?) and the webserver have enough space in /var and OpenSMTPd has > enough space in /var/mail and /home. Just make sure /usr/local is big enough > for all your installed ports with some space to spare and I have done well > with a swap partition equal to the RAM size. Also make sure you have enough > reserve space to comfortable do future OpenBSD upgrades. This is my concern. I've never been able to wrap my head around how anyone can predict their future disk usage -- and the penalty for getting it wrong under OpenBSD is quite severe... As far as I know, there's no good way to move / expand / reduce filesystems, and the only way forward is to rebuild from scratch with new numbers. Today, I have / and /var as the only two filesystems (plus swap), and I will graft additional block storage onto specific mount points if there's a subdirectory that expands beyond what has been allocated. Thanks for your comments.
Disk encryption on cloud servers...
Second question of the day... Is the key to an OpenBSD (7.6) encrypted disk stored 'in the clear' in RAM? Or is the key somehow obscured while in memory? My security needs for web server with a few blogs and personal eMail is relatively low, and my goal here is to be 'better than average' in case the cloud provider is compromised and attackers get access to disk / RAM on the VMs. Any insight into how this works, and if my solution is actually 'better than average' would be appreciated. Thanks.
Sizing a server for modest web/mail ?
Hi. I'm closing my office next month, and as a result I'm losing my fibre line and static IPs. I've built a VM in a major cloud provider's datacentre, and managed to install OpenBSD 7.6. It will serve myself and a few friends, mostly some very small, relatively low-traffic WordPress sites, a Wiki, YourLS, a few static sites, and a mail server. I'm wonder if there's a way to estimate if the server I have will meet the needs of these sites -- the stack I'm using is vanilla 7.6 plus MySQL, Nginx, PHP8.3+FPM, and OpenSMTPd. The hardware is two-cores of Intel CPU @ 3Ghz, 4GB RAM, and about 50GB of SSD. It's shared architecture, so I know I'm at the mercy of other users, although these are *supposed* to be guaranteed to be available to me at all times. I work in IT, so I'm accustomed to providing information on users / software / activity in anticipation of hardware upgrades, but I've never been responsible for doing the actual work. Any insight would be greatly appreciated.
