```
$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.3.0p1.sum.sig
Signature Verified
opensmtpd-7.3.0p1.tar.gz: OK
```
On my way to update #OpenSMTPD on #pkgsrc

Good morning, friends of the #BSDcafe and #fediverse
I'd like to share some details on the infrastructure of BSD.cafe with you all.

Currently, it's quite simple (we're not many and the load isn't high), but I've structured it to be scalable. It's based on #FreeBSD, connected in both ipv4 and ipv6, and split into jails:

* A dedicated jail with nginx acting as a reverse proxy - managing certificates and directing traffic
* A jail with a small #opensmtpd server - handling email dispatch - didn't want to rely on external services
* A jail with #redis - the heart of the communication between #Mastodon services - the nervous system of BSDcafe
* A jail with #postgresql - the database, the memory of BSDcafe
* A jail for media storage. The 'multimedia memory' of BSDcafe. This jail is on an external server with rotating disks, behind #cloudflare. Aim is georeplicated caching of multimedia data to reduce bandwidth usage.
* A jail with Mastodon itself - #sidekiq, #puma, #streaming. Here is where all processing and connection management takes place.

All communicate through a private LAN (in bridge) and is set up for VPN connection to external machines - in case I want to move some services, replicate or add them. The VPN connection can occur via #zerotier or #wireguard, and I've also set up a bridge between machines through a #vxlan interface over #wireguard.

Backups are constantly done via #zfs snapshots and external replication on two different machines, in two different datacenters (and different from the production VPS datacenter).

#sysadmin #tech #servers #ITinfrastructure #BSD

@Freaky
I need to get my hands dirty with #OpenSMTPD 🙂

I submitted a PR to update MacPorts' OpenSMTPD to 7.3.0p1 here:

https://github.com/macports/macports-ports/pull/19281

This supersedes the last PR I submitted to update OpenSMTPD to 7.3.0p0.

Also resets the clock on the maintainer timeout/port abandonment!

Regardless, I don't have commit access, so it's up to someone else to merge it.

At least it passed the build bot/CI checks?

#OpenSMTPD #MacPorts #OpenSource #SMTP #email #OpenBSD

FWIW, I submitted a PR to update the MacPorts' version of OpenSMTPD to 7.3.0p0 here:

https://github.com/macports/macports-ports/pull/19180

It appears to have passed the CI/build bot checks OK at least!

I don't have commit access within MacPorts, so it will be up to someone else to merge it. Hopefully the maintainer will take a look at it too (though since I opened that Trac issue 8 days ago for RC2 to facilitate testing I have observed no comment).

I did test building it with both MacPorts' libressl-devel (which is at 3.8.0) and openssl3 (which is at 3.1.1 currently) and it seems as if that was OK, so hopefully my modification to use MacPorts' dylib (which allows for different TLS libraries) was sufficient.

Alas, I am still not presently in a situation to be able to actually test any MXes; so the best I can offer from my present vantage is build testing, not functionality testing.

C'est la vie!

#OpenSMTPD #MacPorts #OpenSource #SMTP #OpenBSD #macOS #ISClicensed #email #TLSlibraryFlexibility

Announce: #OpenSMTPD 7.3.0p0 released

https://mail-archive.com/misc@opensmtpd.org/msg05872.html

Thanks to @op for his work synchronizing portable repository with upstream !

https://twitter.com/OpenSMTPD/status/1669976437598695424 #opensmtpd

@op I created a slightly modified Portfile for MacPorts and opened a Trac ticket for any macOS/MacPorts users who may want to have a slightly easier time testing.

The Trac ticket is here and includes the modified Portfile:

https://trac.macports.org/ticket/67614

#OpenSMTPD #MacPorts #OpenSource #ReleaseCandidate #CallForTesting

So guix may soon have an opensmtpd-service that can be configured with guix records. It was just merged into guixrus. If you use guix system, you might try my opensmtpd-service.
https://gnucode.me/submitting-opensmtpd-service-to-guixrus.html

#guix #opensmtpd

Please donate to The OpenBSD Foundation to help them reach their goal for 2022.

They do not only provide support for #OpenBSD, but also to related projects such as #OpenSSH, #OpenBGPD, #OpenNTPD, #OpenSMTPD, #LibreSSL, #mandoc and #rpki-client.

Thank you! :flan_thumbs:​

https://www.openbsdfoundation.org/

So my #server was being bruteforced by some #botnet since Nov 23.

Had to change RDP port and disable email submission on my net interface.

By the way, is it possible to set up pubkey-based authentification for #xrdp and #OpenSMTPD? 🤔

To the opensmtpd users: Is spfwalk still the way to go to build whitelists for spamd? Gilles had filter-greylist as a poc, but last commit was 2020 and the readme still saying (not for production, yet). Are there any plans to bring this into production ready state? I would love to see (and test) it.

#OpenBSD #OpenSMTPD

OpenBSD upgrade and mail evolution:

Upgrading my mailserver to OpenBSD 7.2 brought down the communication between postfix and the postgres database (postfix not able to authenticate anymore). furthermore, roundcube removed the (back in the days default) larry skin. So i ended up with a pretty broken installation of both. Fixing forward i migrated my setup to opensmtpd (finally, after pushing it for a couple of years), removed the postgres from the mailsetup and tied a couple of things together on the weekend. Roundcube skin was changed, too, after finding out, what the heck was wrong with roundcube. Evolution of this whole setup is not done yet, as i need to redo greylisting, add some more filters implement DKIM and DMARC.

#7.2 #openbsd #opensmtpd

I ran into a mail problem that I didn't notice after my recent upgrade to #buster. When I would compose a new mail and send it via opensmtpd over the smarthosts I use, everything was fine. But when I replied to a mail in Emacs with a 'From:' that differs from user-mail-address, Emacs happily just used the latter when handing over the mail to "sendmail" and I think that was not the case before.

I think that's a change in Emacs 27 to the default value of message-sendmail-envelope-from. I can't prove that's the culprit, but the same Emacs/message config was used before the upgrade. Or maybe the newer opensmtpd version is doing some things differently, I don't know. Anyway, setting the variable to 'header fixes things. #emacs #emacs27 #opensmtpd

I've got my own email server now! It's awesome! Now I need to set up bogofilter and sieve filtering. #opensmtpd #guix

So.. I wrote a quick how to on setting up a backup MX server with #OpenBSD and #OpenSMTPD since the only one I could find was a bit dated. I wrote it for gemini and did a hasty conversion to html manually. It isn't pretty but it gets the job done:

https://sdcch.org/opensmtpd-backup-mx.html

gemini://sdcch.org/opensmtpd-backup-mx/

Thank you @solene for giving it a once over, your blog inspired me to do this!

Now there's a #perl DKIM example #OpenSMTPd filter. I suppose I should try to understand what DMARC is next.

https://github.com/afresh1/OpenSMTPd-Filter/tree/blead/examples

I summed up my experience implementing #DKIM filters for #OpenSMTPD in a blog post. Code is linked and somewhat explained. https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/

My second attempt to switch from #Postfix to #OpenSMTPD succeeded. The configuration is a breeze, I can stop worrying about breaking best practices accidentally. It also integrates nicely with Docker. The complication was setting up #DKIM, this time I wrote my own filters for it.

#OpenSMTPd sounds like a nice alternative to #Postfix. The configuration is indeed way more readable and turning your mail server into an open relay unintentionally should be far less likely. However, #DKIM support is lacking to say the least. Maybe some other time...