Saturday, September 30, 2023
support@conference.yunohost.org
September
Mon Tue Wed Thu Fri Sat Sun
        1
 2
 3
4
 5
 6
 7
 8
 9
 10
11
 12
 13 14
 15
 16
 17
18
 19
 20
 21
 22
 23
 24
25
 26
 27
 28
 29
 30
  
             

[04:44:56] <ChriChri[m]> `postfix/smtpd[181938]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 5.7.1 <listmonk@do.main>: Sender address rejected: not logged in; from=<listmonk@do.main> to=<user@do.main> proto=ESMTP helo=<localhost>`

Shouldn't this work? E-Mails from localhost are not accepted?
[05:12:55] <ChriChri[m]> ```
# grep -A2 smtpd_sender_restrictions main.cf
smtpd_sender_restrictions =
reject_sender_login_mismatch,
permit_mynetworks,
```
O.k., this makes sense (I guess - I'm more the exim guy than good with postfix). Without this users on a webinterface like snappymail or roundcube could probably just send email using any sender address, right?

But how do I allow e.g. listmonk to send emails? I'm thinking it needs to send emails with whatever from address the initiator of a campaign chooses to use?
[05:23:01] <ChriChri[m]> `reject_sender_login_mismatch` → `reject_authenticated_sender_login_mismatch` — all users authenticate for using smtp while daemons and services usually rely on being either in a relay host list or somehow else (like being on localhost) authorized.

[06:06:08] <ChriChri[m]> Testing:
```
# grep -A4 smtpd_sender_restrictions main.cf
smtpd_sender_restrictions =
reject_authenticated_sender_login_mismatch,
permit_mynetworks,
reject_unauthenticated_sender_login_mismatch,
permit_sasl_authenticated,
```
[08:21:35] <Tag> > <@chrichri:librem.one> ```
> # grep -A2 smtpd_sender_restrictions main.cf
> smtpd_sender_restrictions =
> reject_sender_login_mismatch,
> permit_mynetworks,
> ```
> O.k., this makes sense (I guess - I'm more the exim guy than good with postfix). Without this users on a webinterface like snappymail or roundcube could probably just send email using any sender address, right?
>
> But how do I allow e.g. listmonk to send emails? I'm thinking it needs to send emails with whatever from address the initiator of a campaign chooses to use?

There's a *new* option in the manifest.toml to allow an app to send emails using the system user for this app. It looks like this is not enabled for listmonk_ynh yet. I'm looking at listmonk documentation and I don't really know where SMTP auth is handled.
[08:23:23] <Tag> Ok, looks like it's configured from listmonk web interface
[09:37:50] <guyoua> > check your resolv.conf. your computer might be using 8.8.8.8 instead of your local lan's router


[09:38:10] <guyoua> I check it out and I see no difference with my other computer.
[09:39:25] <guyoua> I really can't get why it is not working on this computer. It's like the server doesn't exist at all no certificat error, nothing.
[09:40:42] <Tag> You can reach it using the IP, right ?
[09:41:54] <guyoua> Yes
[09:44:19] <Tag> So it's a DNS problem somewhere. Can you try `dig +short yourdomain.local @192.168.1.1` with 192.168.1.1 being the local IP of your router
[09:47:14] <guyoua> I have no message
[09:50:36] <Tag> Do you have avahi (or an alternative) installed on both your computers ?
[09:51:11] <guyoua> I have fedora gnome
[09:51:20] <Tag> yes
[09:56:09] <guyoua> I don't see a package name avahi in the list what are the alternative ?
[11:00:48] <ChriChri[m]> > <@tag:lostpod.me> There's a *new* option in the manifest.toml to allow an app to send emails using the system user for this app. It looks like this is not enabled for listmonk_ynh yet. I'm looking at listmonk documentation and I don't really know where SMTP auth is handled.

What would "allow an app to send emails using the system user" mean? Is there an account for smtp auth for the system user? Or is there another way for postfix to identify the sending app (sorry, I'm new to postfix, have been focused to exim until now...)?
[11:06:12] <Tag> There's a `allow_email` properties in the manifest.toml that can be enabled. This translate as a line in `/etc/postfix/app_senders_login_maps`
Unfortunately, this doesn't allow the listmonk user to send mail with any from, only one specific from
https://github.com/YunoHost-Apps/listmonk_ynh/pull/39
[12:22:27] <ChriChri[m]> > <@tag:lostpod.me> There's a `allow_email` properties in the manifest.toml that can be enabled. This translate as a line in `/etc/postfix/app_senders_login_maps`
> Unfortunately, this doesn't allow the listmonk user to send mail with any from, only one specific from
> https://github.com/YunoHost-Apps/listmonk_ynh/pull/39

Is this what it should look with the manifest adjusted:
```
# This file is regenerated automatically.
# Please DO NOT edit manually ... changes will be overwritten!
#
# Doing it anyway for testing:
@do.main listmonk
```
Meaning that uid listmonk is allowed to send as any sender?
[12:24:10] <Aleks (he/him/il/lui)> that's also assuming that the listmonk can properly authenticate on the mail stack using a password etc
[12:28:44] <ChriChri[m]> > <@Alekswag:matrix.org> that's also assuming that the listmonk can properly authenticate on the mail stack using a password etc

It could, if I'd put an user into the userdatabase that is allowed to email - I guess. listmonk offers to use smtp auth or there'd need to be some account defined in the manifest if there's such a function.
[12:31:41] <ChriChri[m]> In the case of listmonk a yunohost-postback server could be another solution. But that's not very general I guess...
[13:58:04] <Tag> > <@Alekswag:matrix.org> that's also assuming that the listmonk can properly authenticate on the mail stack using a password etc

Yes, it can
[13:59:18] <ChriChri[m]> > <@tag:lostpod.me> Yes, it can

Could it use the system user listmonk?
[13:59:35] <Tag> > <@chrichri:librem.one> Is this what it should look with the manifest adjusted:
> ```
> # This file is regenerated automatically.
> # Please DO NOT edit manually ... changes will be overwritten!
> #
> # Doing it anyway for testing:
> @do.main listmonk
> ```
> Meaning that uid listmonk is allowed to send as any sender?

And... yes and no. With the PR, the line is `listmonk@domain.tld listmonk`
Because the way yunohost does allow only one address
[14:03:13] <ChriChri[m]> https://aria.im/_matrix/media/v1/download/librem.one/YssePkpuhfoORKRDFiLyGhIL
[14:04:36] <Tag> And I tried to edit this file manually and reload postfix, it did not allow listmonk to send mail as another user
I tried `@domain.tld` `*@domain.tld` `domain.tld`
[14:04:41] <Tag> I just don't know the syntax...
[14:04:41] <ChriChri[m]> Hm, I guess this will not be suffiecient⬆️·
[14:05:20] <ChriChri[m]> > <@tag:lostpod.me> And I tried to edit this file manually and reload postfix, it did not allow listmonk to send mail as another user
> I tried `@domain.tld` `*@domain.tld` `domain.tld`

I would have thought that syntax is correct...
[14:05:24] <Aleks (he/him/il/lui)> I think it needs to be "recompiled" with postmap maybr
[14:05:46] <Aleks (he/him/il/lui)> I dont remember all the ceremony
[14:09:40] <Tag> > <@Alekswag:matrix.org> I dont remember all the ceremony

Oh maybe we need to replace `hash:` with `pcre:` in
```
smtpd_sender_login_maps=
# Regular Yunohost accounts
ldap:/etc/postfix/ldap-accounts.cf,
# Extra maps for app system users who need to send emails
hash:/etc/postfix/app_senders_login_maps
```

[14:44:46] <Tag> damn I though recompiling postfix /o\\

yes yes using postmap to refresh the .db file okay
[14:46:25] <Aleks (he/him/il/lui)> Nice
[18:11:28] <guyoua> I can't find what is blocking my pc to get access to my local domain name. I try to create a hosts file but I got no result on this one.
[19:28:41] <phinero> *[ERROR] Port 8095 is not reachable from the outside.
- Exposing this port is needed for [?] features (service wg-quick@wg0)*
Got this message from automatic diagnosis. How to solve it?
Yuno 11.2.4 VPS
[19:37:54] <orhtej2> > <@phinero:matrix.org> *[ERROR] Port 8095 is not reachable from the outside.
> - Exposing this port is needed for [?] features (service wg-quick@wg0)*
> Got this message from automatic diagnosis. How to solve it?
> Yuno 11.2.4 VPS

Forward the port on router?
[19:38:18] <orhtej2> wg0 i assume means you're using wireguard
[19:57:38] <phinero> > Forward the port on router?

But I'm self-hosting on a VPS

[20:00:57] <Tag> phinero: it's ok. It's UDP ans diagnosis can't really test this properly right now.
[20:01:13] <fch> It's not "self" hosting if it's on a VPS. It's third party hosting
[20:01:15] <Tag> https://github.com/YunoHost/issues/issues/1914
[20:02:01] <Tag> fch: it depends on the definition. you're not hosting at home, but you're managing the service yourself.
[20:02:39] <Tag> but what is home ? if you have a landlord, are you landlord hosting ?
[20:03:19] <Tag> and anyway you live in a society so you're probably society hosted
[21:02:04] <eric_G> > <fch> It's not "self" hosting if it's on a VPS. It's third party hosting

zeloterie