123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 |
- <!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>Status Update April 2022 — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>Status Update April 2022</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — April 01, 2022</h3><div><p>I am back to working on various records to support <code><opensmtpd-configuration></code>
- for the <code>opensmtpd-service-type</code>. I decided about a week ago, to just do some
- of the changes in the records that I want to do. Once I am satisfied with the
- updates, then I will work on making the code output the <code>smtpd.conf</code> file. I am
- fairly please with some of the changes to the records that I have made.</p><p>Feel free to play with the examples below from my repo!</p><pre><code>https://notabug.org/jbranso/linode-guix-system-configuration.git
- guile -L .
- scheme@(guile-user)> ,use (opensmtpd-records)
- scheme@(guile-user)> ,m (opensmtpd-records)
- (opensmtpd-table (name "table") (values (list "hello" "world")))</code></pre><p>Please note, that I am still working on changing the record names, so various
- things that work as described in the blog post may not work in a week or two.</p><h2>a pretty useful <code><opensmtpd-configuration></code> gives no errors</h2><pre><code>(define example-opensmtpd-configuration
- (let ([interface "lo"]
- [creds-table (opensmtpd-table
- (name "creds")
- (values
- (list
- (cons "joshua"
- "$some$encrypted$password"))))]
- [receive-action (opensmtpd-action-local-delivery-configuration
- (name "receive")
- (method (opensmtpd-maildir-configuration
- (pathname "/home/%{rcpt.user}/Maildir")
- (junk #t)))
- (virtual (opensmtpd-table
- (name "virtual")
- (values (list "josh" "jbranso@dismail.de")))))]
- [filter-dkimsign (opensmtpd-filter
- (name "dkimsign")
- (exec #t)
- (proc (string-append "/path/to/dkimsign -d gnucode.me -s 2021-09-22 -c relaxed/relaxed -k "
- "/path/to/dkimsign-key user nobody group nobody")))]
- [smtp.gnucode.me (opensmtpd-pki
- (domain "smtp.gnucode.me")
- (cert "opensmtpd.scm")
- (key "opensmtpd.scm"))])
- (opensmtpd-configuration
- (mta-max-deferred 50)
- (queue
- (opensmtpd-queue-configuration
- (compression #t)))
- (smtp
- (opensmtpd-smtp-configuration
- (max-message-size "10M")))
- (srs
- (opensmtpd-srs-configuration
- (ttl-delay "5d")))
- (listen-ons
- (list
- (opensmtpd-listen-on
- (interface interface)
- (port 25)
- (secure-connection "tls")
- (filters (list (opensmtpd-filter-phase
- (name "noFRDNS")
- (phase "commit")
- (conditions (list (opensmtpd-conditions-configuration
- (condition "fcrdns")
- (not #t))))
- (decision "disconnect")
- (message "No FCRDNS"))))
- (pki smtp.gnucode.me))
- ;; this lets local users logged into the system via ssh send email
- (opensmtpd-listen-on
- (interface interface)
- (port 465)
- (secure-connection "smtps")
- (pki smtp.gnucode.me)
- (auth creds-table)
- (filters (list filter-dkimsign)))
- (opensmtpd-listen-on
- (interface interface)
- (port 587)
- (secure-connection "tls-require")
- (pki smtp.gnucode.me)
- (auth creds-table)
- (filters (list filter-dkimsign)))))
- (matches (list
- (opensmtpd-match
- (action (opensmtpd-action-relay-configuration
- (name "relay")))
- (for (opensmtpd-match-configuration
- (option "for any")))
- (from (opensmtpd-match-configuration
- (option "from any")))
- (auth (opensmtpd-match-configuration
- (option "auth"))))
- (opensmtpd-match
- (action receive-action)
- (from (opensmtpd-match-configuration
- (option "from any")))
- (for (opensmtpd-match-configuration
- (option "for domain")
- (value (opensmtpd-table
- (name "domain-table")
- (values (list "gnucode.me" "gnu-hurd.com")))))))
- (opensmtpd-match
- (action receive-action)
- (for (opensmtpd-match-configuration
- (option "for local")))))))))</code></pre><p>However there’s still some work to do because this doesn’t work:</p><pre><code>(opensmtpd-configuration->mixed-text-file example-opensmtpd-configuration)
- ice-9/boot-9.scm:1685:16: In procedure raise-exception:
- error: value: unbound variable
- Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.
- scheme@(opensmtpd-records) [12]> ,bt
- In /home/joshua/prog/gnu/guix/guix-config/linode-guix-system-configuration/opensmtpd-records.scm:
- 1667:3 4 (opensmtpd-configuration->mixed-text-file #<<opensmtpd-configuration> package: #<package opensmtpd@6.8.0p2 gnu/packages/mail.scm:2979 7f1e1a3…>)
- 1628:9 3 (opensmtpd-configuration-fieldname->string _ _ _)
- 1634:10 2 (list-of-records->string _ _)
- 1669:99 1 (_ _)
- In ice-9/boot-9.scm:
- 1685:16 0 (raise-exception _ #:continuable? _)</code></pre><h2>I have also sanitized the <code><opensmtpd-conditions-configuration></code></h2><p>If you type in various incorrectly written
- <code><opensmtpd-conditions-configuration></code> records, then you will get some helpful
- error messages:</p><ol><li><p>if condition is rdns, src, helo, mail-from, rcpt-to, then they must also provide a table</p><p>What is interesting, is that I do not know how to sanitize a whole record when
- the record is initiated. I can only have a parent record sanitize it. For
- example the following record is invalid, because if the ’condition’ is “src”,
- then you need to provide a table. However, the following works in a REPL.</p><pre><code>(opensmtpd-conditions-configuration
- (condition "src"))</code></pre><p><code>$11 = #<<opensmtpd-conditions-configuration> condition: "src" not: #f regex: #f table: #f></code></p><p>But when you put the same incorrect <code><opensmtpd-conditions-configuration></code>
- into an <code><opensmtpd-filter-phase></code>, then you get the right error message.</p><pre><code>(opensmtpd-filter-phase
- (name "filter")
- (phase "helo")
- (decision "bypass")
- (conditions
- (list
- (opensmtpd-conditions-configuration
- (condition "src")))))
- <opensmtpd-conditions-configuration>'s fieldname 'condition' values of
- 'src', 'helo', 'mail-from', or 'rcpt-to' need a corresponding 'table'
- of type <opensmtpd-table>. eg:
- (opensmtpd-conditions-configuration
- (condition "src")
- (table (opensmtpd-table
- (name "src-table")
- (values (list "hello" "cat")))))
- ice-9/boot-9.scm:1685:16: In procedure raise-exception:
- Throw to key `bad!' with args `((#<<opensmtpd-conditions-configuration> condition: "mail-from" not: #f regex: #f table: #f>))'.
-
- Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.</code></pre></li><li><p>make sure that there are no duplicate conditions</p><pre><code>(opensmtpd-filter-phase
- (name "noFRDNS")
- (phase "commit")
- (conditions (list (opensmtpd-conditions-configuration
- (condition "fcrdns")
- (not #t))
- (opensmtpd-conditions-configuration
- (condition "fcrdns")
- (not #t))))
- (decision "disconnect")
- (message "No FCRDNS"))
- <opensmtpd-filter-phase> fieldname: 'conditions' is a list of unique
- <opensmtpd-conditions-configuration> records.
- ice-9/boot-9.scm:1685:16: In procedure raise-exception:
- Throw to key `bad!' with args `((#<<opensmtpd-conditions-configuration> condition: "fcrdns" not: #t regex: #f table: #f> #<<opensmtpd-conditions-configuration> condition: "fcrdns" not: #t regex: #f table: #f>))'.
-
- Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.</code></pre></li><li><p>sanitize the phase-name</p><pre><code>(opensmtpd-filter-phase
- (name "filter")
- (phase "hello")
- (decision "bypass")
- (conditions
- (list
- (opensmtpd-conditions-configuration
- (condition "auth")))))
- <opensmtpd-filter-phase> fieldname: 'phase' is of type string. The string can be either 'connect', 'helo', 'mail-from', 'rcpt-to', 'data', or 'commit.'
- ice-9/boot-9.scm:1685:16: In procedure raise-exception:
- Throw to key `bad!' with args `("hello")'.
-
- Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.</code></pre></li></ol><h2>Changes to the records eleminate potential errors like</h2><p>misspelling a table name, or calling an action that is not defined.</p><p>The <code><opensmtpd-configuration></code> used to be defined this way:</p><pre><code>(service opensmtpd-service
- (opensmtpd-configuration
- (includes ...)
- (tables ...)
- (pkis ...)
- (filters ...)
- (listen-on ...)
- (actions ...)
- (matches ...)))</code></pre><p>It would be possible to give a table a name of “password-table”, but then later
- to refer to it as “passwords-table”, which would NOT have worked. Like so:</p><pre><code>(service opensmtpd-service
- (opensmtpd-configuration
- (tables (list (opensmtpd-table
- (name "<passwords-table>")
- (values
- (list
- (cons "joshua"
- "$encrypted$password"))))))
- (listen-on
- (list (opensmtpd-listen-on
- (auth "<password-table>" ))))
- (actions ...)
- (matches ...)))</code></pre><p>Now instead, you define the table where it is used!</p><pre><code>(opensmtpd-listen-on
- (interface interface)
- (port 587)
- (secure-connection "tls-require")
- (pki smtp.gnucode.me)
- (auth (opensmtpd-table
- (name "creds")
- (values
- (list
- (cons "joshua"
- "$encrypted$password")))))
- (filters (list filter-dkimsign)))</code></pre></div></article></section></main><footer><p>© 2020 Joshua Branson. The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme. Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>
|