Folks:

Here's a shot in the dark. I've looked up and down the internet, and can't
find a solution.

I have a mini PC which just serves up videos. Daily it backs up to an
attached drive. This happens with a script in /etc/cron.daily, which
typically emails results to root. In my case it's aliased to me. I have OpenSMTPD installed with this config:

---

# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/aliases
table secrets file:/etc/secrets

listen on localhost

action "relay" relay host smtp+notls://[email protected]:25 auth <secrets>

match from local for any action "relay"

---

Note: yosemite is my desktop machine; that where I want the mail to be
sent. "paulf" is a tag in the secrets file. Note that this connection
between the mini PC (buckaroo) and yosemite should be a plain text
connection, very simple. My username and password are in the secrets file.

When I attempt to send a test message to check this all works (via swaks or mail), I get an error message in the /var/log/mail.log file which says:

"warn: Failed to parse smarthost smtp+notls://[email protected]:25"

Note that the "protocol" doesn't matter. I can use "smtp" alone as the protocol, and it still won't pa

On Wed, May 22, 2024 at 09:37:18PM -0400, Paul M Foster wrote:

Folks:

Here's a shot in the dark. I've looked up and down the internet, and can't find a solution.

[...]

"warn: Failed to parse smarthost smtp+notls://[email protected]:25"

Note that the "protocol" doesn't matter. I can use "smtp" alone as the protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
local hosts file.

But "[email protected]" doesn't look like a host (unless you are
trying to sneak in the creds in the URL -- then I'd expect something
like user:pass@host). No idea how opensmtp works and whether it tries
to parse credentials off the URL.

Have you tried leaving out the "paul@" part? Do you have access credentials elsewhere in your config (typically they are in a separate file to better control access to that).

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZk7IMwAKCRAFyCz1etHa RqFOAJ4v9xJSv6nlwmzvaIVBDS9lM+NUOgCfbe9PqVrWjCi5gRGR0M5gTceL2Cs=
=W198
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul M Foster <[email protected]> writes:

Folks:

Here's a shot in the dark. I've looked up and down the internet, and can't find a solution.

I have a mini PC which just serves up videos. Daily it backs up to an attached drive. This happens with a script in /etc/cron.daily, which typically emails results to root. In my case it's aliased to me. I have OpenSMTPD installed with this config:

---

[...]

action "relay" relay host smtp+notls://[email protected]:25 auth <secrets>

I have some opensmtpd config around and this line should work.
My suspects are:
1. whitespaces / end lines - have you test your config with xxd to check
if there CRLF for rexample ?
2. do you have a line
--8<---------------cut here---------------start------------->8---
paulf username:password
--8<---------------cut here---------------end--------------->8---
in your secrets file?
HTH




--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Support Bingo, keep Grandma off the streets.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Kamil Jońca <[email protected]> writes:

[...]

[...]

action "relay" relay host smtp+notls://[email protected]:25 auth <secrets>

I have some opensmtpd config around and this line should work.
My suspects are:
1. whitespaces / end lines - have you test your config with xxd to check
if there CRLF for rexample ?
2. do you have a line

--8<---------------cut here---------------start------------->8---
paulf username:password
--8<---------------cut here---------------end--------------->8---

in your secrets file?
HTH

After closer look I have another doubt:
https://man.openbsd.org/smtpd.conf
says:
--8<---------------cut here---------------start------------->8---
The label corresponds to an entry in a credentials table, as documented
in table(5). It is used with the “smtp+tls” and “smtps” protocols for authentication. Server certificates for those protocols are verified by default.

--8<---------------cut here---------------end--------------->8---
So if you use smtp+notls or pure smtp - maybe 'paulf@' is wrong
here?

KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
If the human brain were so simple that we could understand it,
we would be so simple we couldn't.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 06:38:11AM +0200, [email protected] wrote:

On Wed, May 22, 2024 at 09:37:18PM -0400, Paul M Foster wrote:

Folks:

Here's a shot in the dark. I've looked up and down the internet, and can't find a solution.

[...]

"warn: Failed to parse smarthost smtp+notls://[email protected]:25"

Note that the "protocol" doesn't matter. I can use "smtp" alone as the protocol, and it still won't parse. And yes, yosemite.mars.lan is in my local hosts file.

But "[email protected]" doesn't look like a host (unless you are
trying to sneak in the creds in the URL -- then I'd expect something
like user:pass@host). No idea how opensmtp works and whether it tries
to parse credentials off the URL.

Have you tried leaving out the "paul@" part? Do you have access credentials elsewhere in your config (typically they are in a separate file to better control access to that).

The smarthost URL is straight out of the man page. The "paulf@" part allows OpenSMTP to figure which credential in the "secrets" file to use.

However, I took your advice and lopped off the "paulf@" from the URL, and managed to get an email through. Go figure.

Paul


--
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 07:46:30AM -0400, Paul M Foster wrote:

On Thu, May 23, 2024 at 06:38:11AM +0200, [email protected] wrote:

[...]

Have you tried leaving out the "paul@" part? [...]

The smarthost URL is straight out of the man page. The "paulf@" part allows OpenSMTP to figure which credential in the "secrets" file to use.

Makes sense, yes.

However, I took your advice and lopped off the "paulf@" from the URL, and managed to get an email through. Go figure.

And this doesn't, but glad you got it working :-)

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZk8tTgAKCRAFyCz1etHa RqX2AJwN42QKyhbIyqWChB6oAktqZEboyACeIqmYtA27iisdXIlpEWN8XiCejWE=
=QJbY
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 07:19:08AM +0200, Kamil Jońca wrote:

Kamil Jońca <[email protected]> writes:

[...]

[...]

action "relay" relay host smtp+notls://[email protected]:25 auth <secrets>

I have some opensmtpd config around and this line should work.
My suspects are:
1. whitespaces / end lines - have you test your config with xxd to check
if there CRLF for rexample ?
2. do you have a line

--8<---------------cut here---------------start------------->8---
paulf username:password
--8<---------------cut here---------------end--------------->8---

in your secrets file?
HTH

After closer look I have another doubt:
https://man.openbsd.org/smtpd.conf
says:
--8<---------------cut here---------------start------------->8---
The label corresponds to an entry in a credentials table, as documented
in table(5). It is used with the “smtp+tls” and “smtps” protocols for authentication. Server certificates for those protocols are verified by default.

--8<---------------cut here---------------end--------------->8---
So if you use smtp+notls or pure smtp - maybe 'paulf@' is wrong
here?

I think you may be right.

Paul

--
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:43 AM Paul M Foster <[email protected]> wrote:

[snip]

On the video server, run nslookup and see if it can resolve yosemite.mars.lan.

Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
can successfully ping it. It has a fixed (local) IP, which was set in the router. I don't understand why nslookup fails when buckaroo knows who
yosemite is.

Looking at the string smtp+notls://[email protected]:25, it
looks more like a url than a hostname. Maybe that is confusing your
mail agent.

However, this is standard usage, according to the smptd.conf(5) man page.

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect
*.lan is not reserved for private use.

On a LAN, you can use anything you like. I've used .mars.lan for decades
with no difficulty.

Paul

--
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 07:53:31AM -0400, Paul M Foster wrote:

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:43 AM Paul M Foster <[email protected]> wrote:

[snip]

On the video server, run nslookup and see if it can resolve yosemite.mars.lan.

Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
can successfully ping it. It has a fixed (local) IP, which was set in the router. I don't understand why nslookup fails when buckaroo knows who yosemite is.

Nslookup asks directly your name servers (those in the resolv.conf).
Programs should ask the local resolver [1] , which can (and usually
is) configured to look first in /etc/hosts (that's this line

hosts: files dns

in your /etc/nsswitch.conf). Some applications (browser, I'm looking
at you!) which deem themselves more important than all the other
snowflakes are starting to bypass this.

Cheers

[1] this is a library, which comes with a man page
--
tomás

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZk84gwAKCRAFyCz1etHa RnENAJ9Hv+JgoAeLDgUvT8cj3SfFTH9N+ACeLFrEVSKIW99Ge0lmh7OcP0KJNZ0=
=348F
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 07:53:31AM -0400, Paul M Foster wrote:

Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
can successfully ping it. It has a fixed (local) IP, which was set in the router. I don't understand why nslookup fails when buckaroo knows who yosemite is.

nslookup looks *only* in DNS.

If you want a tool that follows the same hostname lookup policies
that programs like "ping" use, there's getent(1).

hobbit:~$ nslookup hobbit
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find hobbit: NXDOMAIN

hobbit:~$ getent hosts hobbit
127.0.1.1 hobbit.wooledge.org hobbit
hobbit:~$ getent hosts www.debian.org
2603:400a:ffff:bb8::801f:3e www.debian.org

Of course, a lot of people just use "ping" for this same purpose. It's
not ideal, but it works.

hobbit:~$ ping -c1 hobbit
PING hobbit.wooledge.org (127.0.1.1) 56(84) bytes of data.
64 bytes from hobbit.wooledge.org (127.0.1.1): icmp_seq=1 ttl=64 time=0.015 ms

--- hobbit.wooledge.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.015/0.015/0.015/0.000 ms

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:08 PM Paul M Foster <[email protected]> wrote:

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
[...]

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect *.lan is not reserved for private use.

On a LAN, you can use anything you like. I've used .mars.lan for decades with no difficulty.

Citation, please.

I have none. But contrary to whatever the Deities Of The Internet say, I've been successfully using *.mars.lan for decades, and others before that,
like *.venus.lan. On a LAN where addresses are not interenet routable, you are, de
facto, able to use what you prefer. As long as your /etc/hosts file and
your router agree, there is no code in any application I'm aware of which prohibits the practice.

If I ever set up a totally new LAN, I may go with *.home though. Or maybe *.local, as I've heard Macs like that.

Paul

--
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:08 PM Paul M Foster <[email protected]> wrote:

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
[...]

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect *.lan is not reserved for private use.

On a LAN, you can use anything you like. I've used .mars.lan for decades with no difficulty.

Citation, please.

No need. It just works. Of course, if you have domain names
in your LAN which also is "out there", you won't "see" both.

If your LAN is isolated, you can basically do whatever you
want.

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

That's the why of the above recommendation.

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZk+Q5AAKCRAFyCz1etHa Rj6PAJ0RMSdnNRsjOeZ8aJG75br00UAyLQCfXPyXNt1r9C08vUIfwy9+zVZn3so=
=0ywy
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, May 23, 2024 at 03:17:00PM -0400, Jeffrey Walton wrote:

[...]

If your LAN is isolated, you can basically do whatever you
want.

And then act surprised when networking breaks :)

You just have to understand what's going on, that's all

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

I _think_ .local is reserved for mDNS. See <https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml>.

It's a while ago -- I went through this in some $BIGCORP.
Windows ops insisted in having the internal top level as
.local (don't ask :-)

For me it was as easy as kicking out Avahi. For the Mac
users it was... interesting :-)

It looks like .internal and possibly .private are coming soon. See <https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024>
and <https://www.theregister.com/2024/01/29/icann_internal_tld/>.

Whatever. Your net, your rules. Just make sure the software
you use plays along (Avahi is fond of .local because of
mDNS, for example).

Cheers
--
tomás

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZk+YtAAKCRAFyCz1etHa RrJIAJwJWnmhxixRu2lUTwqDMzIDDgOBrgCaAsvMRWcFTRwAmRbfnNjNcadktig=
=F5w3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5/23/24 14:55, [email protected] wrote:

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:

On Thu, May 23, 2024 at 12:08 PM Paul M Foster <[email protected]> wrote:

On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
[...]

Also, I think you should be using *.home.arpa, and not *.lan.
home.arpa is reserved for private use by ICANN and the IETF. I suspect >>>> *.lan is not reserved for private use.

On a LAN, you can use anything you like. I've used .mars.lan for decades >>> with no difficulty.

Another example of off the wall, a coyote was the smartest member of the canine's I've ever met. This bitch could do simple arithmetic, barking
the number of times the answer was. This machine is the best of about 8
here, so whatever has been on this desk has been "coyote" for nearly 40
years. Coyotes have a den so the domainname as FQDN in the hosts file
is coyote.den, I've had zero problems with that since the late 80's when coyote.coyote.den was a full blown Amiga 2000 with a 68040 board in it
with 64 megs of main memory. Never had a winderz machine in real use.
Bought a lappy with xp in it when I retired in 2002. put mandrake on it,
blew away the winderz two weeks later cuz winderz couldn't drive the
radio but mandrake could. It died of a dead battery over a decade back.
pi based stuff is moving in and the power bill is going down.

Citation, please.

No need. It just works. Of course, if you have domain names
in your LAN which also is "out there", you won't "see" both.

If your LAN is isolated, you can basically do whatever you
want.

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

That's the why of the above recommendation.

Cheers

Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)