Closed Katzeilla closed 5 years ago
Hi, are you using MSA, or sending from host i.e. echo test | mail -s test myusername@gmail.com
@horia
I guess I know where the problem is.
I can't connect to port 587 directly, initially I guess that's because my ISP blocked it, and I forwarded that port via SSH, that's made my server believe I am sending mail from localhost.
So now I switched to another ISP that didn't block any port, but I still can't connect to that port. :(
k@host ~> telnet smtp.gmail.com 587
Trying 74.125.131.109...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP - gsmtp
^]
telnet> q
Connection closed.
k@host ~> telnet mail.myserver.net 587
Trying 23.109.98.29...
Deleting the following line from "smtpd.conf" will remove the restriction for sending mail from localhost
!mail-from <localhost>
To verify if the submission port is blocked
tcpdump -neq -ttt -i pflog0 port submission
The submission port can be changed in "pf.conf" on the following line
to port { submission imaps }
... and in smtpd.conf on the following line
listen on egress port submission
... apply changes
pfctl -f /etc/pf.conf
rcctl restart smtpd
Thanks for reply!
I changed submission port to 60587 in sptmd.conf
# Message submission agent requires STARTTLS and authentication
# listen on egress port submission \
listen on egress port 60587
and in pf.conf
# MSA and MUA
# (!) match mail_max_userip_connections from 20-imap.conf
pass log proto tcp \
to port { 60587 imaps } \
keep state (max-src-conn 10, max-src-conn-rate 100/10) \
tag INET_SELF
Then I verified port 60587 is usable by checking pflog
... rule 2._4.4/(match) pass in on vio0: <my_laptop_ip>.38332 > <server_ip>.60587: tcp 0 (DF)
I also remove all !mail-from <localhost>
from sptmd.conf, but after restart I still can't connect to smtpd. :(
~> telnet example.com 60587
Trying 12.34.56.78
telnet: Unable to connect to remote host: Network is unreachable
smtpd -v -d
doesn't show me anything useful.
Can you telnet $(hostname) 60587
from your mail host?
I have updated pf.conf to remove "max-src-conn" and added MSA with implicit TLS on port 465
server$ telnet $(hostname) 60587
Trying 1234:abcd:ef12:3456::43...
telnet: connect to address 1234:abcd:ef12:3456::43: Connection refused
Trying 12.34.56.78...
telnet: connect to address 46.23.92.146: Connection refused
Although smtpd is running, port 60587 is not listening.
server$ ps -aux | grep smtpd
_smtpd 55773 0.0 0.9 1832 4500 ?? Ip 5:36AM 0:00.02 smtpd: control (smtpd)
_smtpd 88314 0.0 0.8 1568 4196 ?? Ip 5:36AM 0:00.01 smtpd: klondike (smtpd)
root 88066 0.0 0.4 1836 2196 ?? Isp 5:36AM 0:00.03 smtpd
_smtpd 10407 0.0 0.8 1556 4256 ?? Ip 5:36AM 0:00.01 smtpd: scheduler (smtpd)
_smtpq 25953 0.0 0.9 1776 4436 ?? Ip 5:36AM 0:00.09 smtpd: queue (smtpd)
_smtpd 14994 0.0 0.9 1696 4448 ?? Ip 5:36AM 0:00.03 smtpd: pony express (smtpd)
_smtpd 48021 0.0 0.9 1708 4372 ?? Ip 5:36AM 0:00.01 smtpd: lookup (smtpd)
_smtpd 68383 0.0 0.4 512 2236 ?? I 5:36AM 0:00.01 passwd /etc/mail/passwd (table-passwd)
server$ netstat -nat | grep tcp
tcp 0 0 127.0.0.1.53 *.* LISTEN
tcp 0 0 127.0.0.1.10028 *.* LISTEN
tcp 0 0 127.0.0.1.10027 *.* LISTEN
tcp 0 0 *.80 *.* LISTEN
tcp 0 0 *.443 *.* LISTEN
tcp 0 0 127.0.0.1.10025 *.* LISTEN
tcp 0 0 *.993 *.* LISTEN
And I checked my smtpd.conf to make sure I got the correct port number.
puffy$ cat /etc/mail/smtpd.conf | grep 60587
listen on egress port 60587 \
Other methods I tried before:
Start smtpd with -d -f /etc/mail/smtpd.conf
Reboot & Restart everything
Still no luck :(
listen on egress port 60587 \
Maybe the interface is not in group egress
ifconfig egress
Now the problem is gone, but I still don't know why..... I restarted the system one more time and now I can send and receive email with no issue.
BTW, why the default smtpd.conf doesn't allow me send from localhost?
Thanks for the update, strange problem. We don't account for multiple IP and interfaces, which require additional configuration.
why the default smtpd.conf doesn't allow me send from localhost?
Prevents local users to alias, or mail
an external email address for privacy (e.g. system reports sent by mail) and may be a safety measure which can be disabled if not needed. It's a default opinion, unless someone changes my mind.
I am gonna to do everything again, include reinstall OpenBSD itself. I have to know what's going on.
Sorry for the long delay, just got back to my laptop.
I did everything again, and the solution seems to be restart smtpd twice after you modified the smtpd.conf
.
Now my OpenBSD-based mail server is online! :)
Hi everyone,
I tried to send a email to a Gmail account, and I got 'Invalid recipient: myusername@gmail.com.' error.
I'm not sure where the problem might be, I can login and receive email, but can't send anything to other server.
Any suggestion?