"SEND MAIL" doesn't send mail, mail stays in queue

[Marco Beishuizen]

Hi,

I'm trying to use MAIL on my DEC PWS600au running OpenVMS 8.4. SMTP is
enabled and running. The MAIL program seems to work. I used "SET
CONFIGURATION SMTP" to set the mail gateway to the ISP mail server. There
are no error messages.

Problem is that when entering a mail message and sending it, nothing
happens. The mail messages stay in the mail queue forever.

Am I missing something?

Thanks in advance,
Marco
--
System restarting, wait...

[Marco Beishuizen]

[Stephen Hoffman]

On 2018-01-22 18:33:10 +0000, Marco Beishuizen said:

> I'm trying to use MAIL on my DEC PWS600au running OpenVMS 8.4. SMTP is
> enabled and running. The MAIL program seems to work. I used "SET
> CONFIGURATION SMTP" to set the mail gateway to the ISP mail server.
> There are no error messages.
>
> Problem is that when entering a mail message and sending it, nothing
> happens. The mail messages stay in the mail queue forever.
>
> Am I missing something?

The existing mail server logs will usually give some details on why the
connections are being rejected. Start there. Probably an
authentication error, as a guess. While it's usually easiest to use
the gateway settings to route all outbound mail to a "newer" mail
server, there's no authentication support available with that, short of
add-on (replacement) software, or (easier) setting up a local relay via
Postfix or some other mail server and from there along to the ISP.

Though I suspect it's not the case here, if you're trying to send SMTP
mail directly, please post your domain and somebody can check DNS
forward and reverse and MX settings for you. That information is
already known to anybody watching DNS, and the spammers and the rest of
the gremlins routinely scan for and already already have those and
other details and are already poking at any open TCP port 25 they find
on the 'net. Usually within minutes, lately. If you're shy about
posting that domain data, verify that forward and reverse DNS are valid.

Be aware that the default behavior for TCP/IP Services SMTP with either
problems in the configuration file or no configuration file is as an
open relay and with no errors displayed.

Or start reading the backlog of discussions, starting with the following:
https://groups.google.com/d/msg/comp.os.vms/EKI3G_O9fEk/bJIPUvmoz_QJ
https://groups.google.com/d/msg/comp.os.vms/wbdmJuNJb0M/waXG7aXm8BcJ

There are issues with the installation, as well. TCP/IP Services
lacks encryption support for client access, lacks STARTTLS and other
details, and contending with spam invariably involves add-on pieces;
there's little that's integrated.


--
Pure Personal Opinion | HoffmanLabs LLC

[Phillip Helbig (undress to reply)]

In article <p45edm$f1v$1...@dont-email.me>, Stephen Hoffman

<seao...@hoffmanlabs.invalid> writes:

> On 2018-01-22 18:33:10 +0000, Marco Beishuizen said:
>
> > I'm trying to use MAIL on my DEC PWS600au running OpenVMS 8.4. SMTP is
> > enabled and running. The MAIL program seems to work. I used "SET
> > CONFIGURATION SMTP" to set the mail gateway to the ISP mail server.
> > There are no error messages.
> >
> > Problem is that when entering a mail message and sending it, nothing
> > happens. The mail messages stay in the mail queue forever.
> >
> > Am I missing something?
>
> The existing mail server logs will usually give some details on why the
> connections are being rejected. Start there. Probably an
> authentication error, as a guess. While it's usually easiest to use
> the gateway settings to route all outbound mail to a "newer" mail
> server, there's no authentication support available with that, short of
> add-on (replacement) software, or (easier) setting up a local relay via
> Postfix or some other mail server and from there along to the ISP.

I've been running SMTP at home on VMS for almost 20 years. The only
thing I needed to do above and beyond the normal setup (and turning off
the RELAY stuff) was to find an SMTP relay server for outgoing mail.
I've been using the services of DynAccess for that, as well as for
dynamic DNS. My experience: better services, lower prices, and better
support than the competition. Since, as a dynamic-DNS provider, your IP
is known, you can use the server---with no authentication. I receive
email directly. I use spamhaus.org as an RBL. That and a setting to
reject mail to non-existent users keeps out most spam. DynAccess also
offers the possibility to receive mail and forward it to you, in which
case it is also possible to turn on some anti-spam stuff (based on
content as well, I believe). I use the MX servers only as backups in
case I am offline.

[Marco Beishuizen]

On Mon, 22 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

> The existing mail server logs will usually give some details on why the
> connections are being rejected. Start there. Probably an
> authentication error, as a guess. While it's usually easiest to use the
> gateway settings to route all outbound mail to a "newer" mail server,
> there's no authentication support available with that, short of add-on
> (replacement) software, or (easier) setting up a local relay via Postfix
> or some other mail server and from there along to the ISP.

The smtp configuration shows:

[...]
TCPIP> show config smtp

SMTP Configuration
Options
Initial interval: 0 00:30:00.00 Address_max: 16
NOEIGHT_BIT
Retry interval: 0 01:00:00.00 Hop_count_max: 16 NORELAY
Maximum interval: 3 00:00:00.00
TOP_HEADERS

Timeout Initial Mail Receipt Data Terminate
Send: 5 5 5 3 10
Receive: 5

Alternate gateway: 194.109.6.51
General gateway: 194.109.6.51

Substitute domain: not defined
Zone: not defined

Postmaster: TCPIP$SMTP
Log file: SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG

Generic queue Queues Participating nodes

TCPIP$SMTP_OVMS1_00 1 OVMS1
[...]

The smtp logfile is saying that there are no queue entries found, even
though there are 3 mail still sitting there:

[...]
$ type tcpip$smtp_ovms1.log;6


%%%%%%%%%%%% SMTP ANALYZE 22-JAN-2018 15:49:49.49 %%%%%%%%%%%%
%TCPIP-I-ANA_RUNING, ANALYZE runs on host OVMS1

%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122015
73677_SYSTEM-30D.TCPIP_OVMS1;1
%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122020
62598_SYSTEM-30D.TCPIP_OVMS1;1
%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122020
93150_SYSTEM-30D.TCPIP_OVMS1;1
%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122023
32205_SYSTEM-22F.TCPIP_OVMS1;1
%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122031
12463_SYSTEM-22F.TCPIP_OVMS1;1
%TCPIP-I-ANA_NOENTR, no queue entry found for file
SYS$SYSROOT:[SYSMGR]180122153
41104_SYSTEM-22F.TCPIP_OVMS1;1


%%%%%%%%%%%% SMTP ANALYZE 22-JAN-2018 15:49:49.65 %%%%%%%%%%%%
%TCPIP-I-ANA_COMPLE, ANALYZE completed on host OVMS1
%TCPIP-I-ANA_FEPAIR, found 0 file-queue entry pairs
%TCPIP-I-ANA_DELQEN, deleted 0 queue entries
%TCPIP-I-ANA_FILNOQ, found 6 files with no queue entries
%TCPIP-I-ANA_FILHLD, holding 0 files in directory
%TCPIP-I-ANA_FILDEL, deleted 0 files from the Postmaster directory
%TCPIP-I-ANA_SUBFIL, submitted 0 files to the generic queue
%TCPIP-I-ANA_FILACE, encountered 0 file access errors
%TCPIP-I-ANA_NONCFF, found 0 files in Postmaster directory
%TCPIP-I-ANA_FILCOR, found 0 corrupted control files in Postmaster
directory

> Though I suspect it's not the case here, if you're trying to send SMTP
> mail directly, please post your domain and somebody can check DNS
> forward and reverse and MX settings for you. That information is
> already known to anybody watching DNS, and the spammers and the rest of
> the gremlins routinely scan for and already already have those and other
> details and are already poking at any open TCP port 25 they find on the
> 'net. Usually within minutes, lately. If you're shy about posting that
> domain data, verify that forward and reverse DNS are valid.

The PWS is behind a modem/router with a firewall. First thing I would like
to do is to be able to send mail, with the mail server of my ISP as the
smart host. Receiving mail I'll try to config later using IMAP, so the
OpenVMS machine won't receive mail by itself.

> Be aware that the default behavior for TCP/IP Services SMTP with either
> problems in the configuration file or no configuration file is as an
> open relay and with no errors displayed.

The smtp config shows a "NORELAY" so that's ok right?

> Or start reading the backlog of discussions, starting with the
> following:
> https://groups.google.com/d/msg/comp.os.vms/EKI3G_O9fEk/bJIPUvmoz_QJ
> https://groups.google.com/d/msg/comp.os.vms/wbdmJuNJb0M/waXG7aXm8BcJ

I'll do that, thanks.

> There are issues with the installation, as well. TCP/IP Services lacks
> encryption support for client access, lacks STARTTLS and other details,
> and contending with spam invariably involves add-on pieces; there's
> little that's integrated.

True, the OpenVMS software isn't the latest and greatest. But the Alpha is
used to play with and learn OpenVMS with, and maybe as backup. The system
is behind a router so the security isn't that bas I guess.

Thanks & regards,
Marco
--
I've seen Sun monitors on fire off the side of the multimedia lab.
I've seen NTU lights glitter in the dark near the Mail Gate.
All these things will be lost in time, like the root partition last week.
Time to die...
-- Peter Gutmann

[Marco Beishuizen]

On Mon, 22 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

> The existing mail server logs will usually give some details on why the
> connections are being rejected. Start there. Probably an
> authentication error, as a guess. While it's usually easiest to use the
> gateway settings to route all outbound mail to a "newer" mail server,
> there's no authentication support available with that, short of add-on
> (replacement) software, or (easier) setting up a local relay via Postfix
> or some other mail server and from there along to the ISP.

> Though I suspect it's not the case here, if you're trying to send SMTP
> mail directly, please post your domain and somebody can check DNS
> forward and reverse and MX settings for you. That information is
> already known to anybody watching DNS, and the spammers and the rest of
> the gremlins routinely scan for and already already have those and other
> details and are already poking at any open TCP port 25 they find on the
> 'net. Usually within minutes, lately. If you're shy about posting that
> domain data, verify that forward and reverse DNS are valid.

The PWS is behind a modem/router with a firewall. First thing I would like
to do is to be able to send mail, with the mail server of my ISP as the
smart host. Receiving mail I'll try to config later using IMAP, so the
OpenVMS machine won't receive mail by itself.

> Be aware that the default behavior for TCP/IP Services SMTP with either
> problems in the configuration file or no configuration file is as an
> open relay and with no errors displayed.

The smtp config shows a "NORELAY" so that's ok right?

> Or start reading the backlog of discussions, starting with the
> following:
> https://groups.google.com/d/msg/comp.os.vms/EKI3G_O9fEk/bJIPUvmoz_QJ
> https://groups.google.com/d/msg/comp.os.vms/wbdmJuNJb0M/waXG7aXm8BcJ

I'll do that, thanks.

> There are issues with the installation, as well. TCP/IP Services lacks
> encryption support for client access, lacks STARTTLS and other details,
> and contending with spam invariably involves add-on pieces; there's
> little that's integrated.

[Marco Beishuizen]

On Mon, 22 Jan 2018, the wise Phillip Helbig undress to reply via Info-vax...:

> I've been running SMTP at home on VMS for almost 20 years. The only
> thing I needed to do above and beyond the normal setup (and turning off
> the RELAY stuff) was to find an SMTP relay server for outgoing mail.
> I've been using the services of DynAccess for that, as well as for
> dynamic DNS. My experience: better services, lower prices, and better
> support than the competition. Since, as a dynamic-DNS provider, your IP
> is known, you can use the server---with no authentication. I receive
> email directly. I use spamhaus.org as an RBL. That and a setting to
> reject mail to non-existent users keeps out most spam. DynAccess also
> offers the possibility to receive mail and forward it to you, in which
> case it is also possible to turn on some anti-spam stuff (based on
> content as well, I believe). I use the MX servers only as backups in
> case I am offline.

My ISP allows to use an smtp server a home and use port 25. The ISP
mailserver can be configured as a smart host to point to. I do this on all
my other machines (postfix, sendmail) and works fine. My ISP also has a
great spamfilter. So probably no need for alternatives.

Thanks & regards,
Marco

--

Magnet, n.: Something acted upon by magnetism.

Magnetism, n.: Something acting upon a magnet.

The two definition immediately preceding are condensed from the works
of one thousand eminent scientists, who have illuminated the subject
with a great white light, to the inexpressible advancement of human
knowledge.
-- Ambrose Bierce, "The Devil's Dictionary"

[Marco Beishuizen]

On Mon, 22 Jan 2018, the wise Phillip Helbig undress to reply via Info-vax...:

> I've been running SMTP at home on VMS for almost 20 years. The only
> thing I needed to do above and beyond the normal setup (and turning off
> the RELAY stuff) was to find an SMTP relay server for outgoing mail.
> I've been using the services of DynAccess for that, as well as for
> dynamic DNS. My experience: better services, lower prices, and better
> support than the competition. Since, as a dynamic-DNS provider, your IP
> is known, you can use the server---with no authentication. I receive
> email directly. I use spamhaus.org as an RBL. That and a setting to
> reject mail to non-existent users keeps out most spam. DynAccess also
> offers the possibility to receive mail and forward it to you, in which
> case it is also possible to turn on some anti-spam stuff (based on
> content as well, I believe). I use the MX servers only as backups in
> case I am offline.

[bill...@navistar.com]

Marco,

You didn't post the version of TCPIP Services you're running, but with VMS 8.4 I'd assume TCPIP v5.7. V5.7 uses a configuration file to configure SMTP, TCPIP$SMTP_COMMON:TCPIP$SMTP.CONF, not SET CONFIG commands. IIRC, the output from SHOW CONFIG SMTP is not an accurate display of the running configuration.

[Stephen Hoffman]

On 2018-01-22 21:54:46 +0000, Phillip Helbig (undress to reply said:

> I've been running SMTP at home...

Whether a particular ISP or mail relay provider allows relays or allows
not-TLS connections varies. Whether a particular ISP allows outbound
TCP port 25 also varies. These and other security requirements only
tend to tighten, too. Then there are the more mundane changes, like a
changed mail server host name as has happened with various providers.
That's all ignoring the security problems inherent in the
not-TLS-protected POP and IMAP and SMTP connections supported by the
TCP/IP Server OpenVMS mail server, too; unencrypted client connections
and cleartext credentials over potentially-insecure networks aren't
very popular, and which can then mean that external and internal
connections and (when necessary) a local relay to a
not-directly-accessible OpenVMS through (for instance) a local Postfix
/ Dovecot server. To a more protected and isolated OpenVMS server.
But I digress. Check the server logs, see what errors are being
produced. And there's usually either a DNS problem around — DNS
errors are almost typical for small network configurations and even
some larger sites — or it's an authentication or TLS-related problem
connecting to the server, when the mail server is not playing well with
other servers.

[Stephen Hoffman]

On 2018-01-22 22:16:48 +0000, Marco Beishuizen said:

On Mon, 22 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

The existing mail server logs will usually give some details on why the connections are being rejected.  Start there.  Probably an authentication error, as a guess.  While it's usually easiest to use the gateway settings to route all outbound mail to a "newer" mail server, there's no authentication support available with that, short of add-on (replacement) software, or (easier) setting up a local relay via Postfix or some other mail server and from there along to the ISP.

The smtp configuration shows:

[...]

TCPIP> show config smtp

...

Log file:           SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG

What's in that log?   Or in whatever any reference in the TCPIP$SMTP.CONF file is pointing at?

Though I suspect it's not the case here, if you're trying to send SMTP mail directly, please post your domain and somebody can check DNS forward and reverse and MX settings for you.  That information is already known to anybody watching DNS, and the spammers and the rest of the gremlins routinely scan for and already already have those and other details and are already poking at any open TCP port 25 they find on the 'net.  Usually within minutes, lately.  If you're shy about posting that domain data, verify that forward and reverse DNS are valid.

The PWS is behind a modem/router with a firewall. First thing I would like to do is to be able to send mail, with the mail server of my ISP as the smart host. Receiving mail I'll try to config later using IMAP, so the OpenVMS machine won't receive mail by itself.

That's a relay, and — if it's an authenticated relay, or requires (as many do) use of TCP 587 or maybe TCP 465, you're out of luck with OpenVMS.  You'll need a different stack or a relay via a different local mail server with relay capabilities, or remote mail server that allows wide-open connections.

Be aware that the default behavior for TCP/IP Services SMTP with either problems in the configuration file or no configuration file is as an open relay and with no errors displayed.

The smtp config shows a "NORELAY" so that's ok right?'

OpenVMS stopped using the TCPIP utility configuration tool a while back, and the documentation on the new file-based implementation is sparse.    In V5.7 and later, SMTP is largely managed via the under-documented configuration file TCPIP$SMTP_COMMON:TCPIP$SMTP.CONF.   It's basically documented by the comments in the template configuration file.

In general, I don't trust any mail server to correctly report, and would externally verify whether or not it's possible to relay through any SMTP server.  The gremlins will provide that testing service for free too, but that's not the best approach.

There are issues with the installation, as well.  TCP/IP Services lacks encryption support for client access, lacks STARTTLS and other details, and contending with spam invariably involves add-on pieces; there's little that's integrated.

True, the OpenVMS software isn't the latest and greatest. 

Much of it is antique.   And insecure.  VSI is working to resolve much of that, but even once the VSI TCPIP product — a VSI-branded version of Process Multinet — becomes available there's still the never-ending requirements for updates.

I wouldn't bother spending a great deal of time and effort learning much about TCP/IP Services, either.   This as it's soon all being replaced by VSI TCPIP, with a migration period provided for the folks moving applications and procedures from the current product.

Related: http://vmssoftware.com/pdfs/VSI_Roadmap_20171215.pdf

But the Alpha is used to play with and learn OpenVMS with, and maybe as backup. The system is behind a router so the security isn't that bas I guess.

More than a few techniques are available that can bypass firewalls.    And open ports to vulnerable servers is another discussion. 

Something to ponder around where we're probably headed with networks and firewalls and security: https://research.google.com/pubs/pub43231.html

[Grant Taylor]

On 01/22/2018 03:16 PM, Marco Beishuizen wrote:
> Receiving mail I'll try to config later using IMAP, so the OpenVMS
> machine won't receive mail by itself.

Are you planing on having someone else, possibly your ISP, receive your
email via MX record where you will then pull it down via IMAP? I.e.
something akin to the popular fetchmail utility?

If you (or anyone else) is interested in having someone else front your
SMTP as the MX to the world and then forward (relay) it to you, let me
know. I'm always happy to help people playing and learning.



--
Grant. . . .
unix || die

[Joukj]

Marco Beishuizen wrote:
> The smtp config shows a "NORELAY" so that's ok right?

That shouold be OK. You do not want to use your machine as a relay
(allow other machines to send E-mail via your macchine)

Jouk

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise bill.hall--- via Info-vax wrote:

> Marco,
>
> You didn't post the version of TCPIP Services you're running, but with
> VMS 8.4 I'd assume TCPIP v5.7. V5.7 uses a configuration file to
> configure SMTP, TCPIP$SMTP_COMMON:TCPIP$SMTP.CONF, not SET CONFIG
> commands. IIRC, the output from SHOW CONFIG SMTP is not an accurate
> display of the running configuration.

$ tcpip show version

HP TCP/IP Services for OpenVMS Alpha Version V5.7 - ECO 5
on a Digital Personal WorkStation running OpenVMS V8.4
[...]

The tcpip$smtp.conf looks like:

$ type tcpip$smtp.conf
!TCPIP$SMTP.CONF file created at : Mon Jan 22 02:23:32 2018


!TCPIP SMTP configuration data:

Initial-Interval : 0 00:30:00.00
Retry-Interval : 0 01:00:00.00
Retry-Maximum : 3 00:00:00.00
Receive-Timeout : 5
Retry-Address : 16
Hop-Count : 16
Number-Of-Queues-Per-Node : 1
Send-Timeout-Init : 5
Send-Timeout-Mail : 5
Send-Timeout-Rcpt : 5
Send-Timeout-Data : 3
Send-Timeout-Term : 10
Header-Placement : TOP
Eightbit : FALSE
Relay : FALSE
Alternate-Gateway : 192.168.178.1
General-Gateway : 192.168.178.1
!Zone : < not defined >
!Substitute-Domain : < not defined >
Queue-Name :
Log-Line-Numbers : FALSE
Memory-Debug : FALSE
Mail$Protocol-Debug : FALSE
CF-Debug : FALSE
Parse-Debug : FALSE
Unbacktranslatable-IP-Text : Closing transmission channel.
Bad-Clients-Text : Closing transmission channel.
Client-In-RBL-Text : Closing transmission channel.
Reject-Mail-From-Text : Closing transmission channel.
Unqualified-Sender-Text : Closing transmission channel.
Unresolvable-Domain-Text : Closing transmission channel.
SPAM-Relay-Text : User not local, Relay disabled.
EXPN-Used-Text : Closing transmission channel.
VRFY-Used-Text : Closing transmission channel.
[...]

As there is no "Queue-Name" I'm thinking there is something with the mail
queue not correctly configured.

Regards,
Marco
--
Wasting time is an important part of living.

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise bill.hall--- via Info-vax wrote:

> Marco,
>
> You didn't post the version of TCPIP Services you're running, but with
> VMS 8.4 I'd assume TCPIP v5.7. V5.7 uses a configuration file to
> configure SMTP, TCPIP$SMTP_COMMON:TCPIP$SMTP.CONF, not SET CONFIG
> commands. IIRC, the output from SHOW CONFIG SMTP is not an accurate
> display of the running configuration.

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

>> Log file: SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG
>
> What's in that log? Or in whatever any reference in the TCPIP$SMTP.CONF
> file is pointing at?

The file TCPIP$SMTP_LOGFILE.LOG doesn't exist, but TCPIP$SMTP_OVMS1.LOG
does:

[...]

So I'm thinking now that something with the mail queue isn't right.

Regards,
Marco
--
I have an existential map. It has "You are here" written all over it.
-- Steven Wright

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

>> Log file: SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG
>
> What's in that log? Or in whatever any reference in the TCPIP$SMTP.CONF
> file is pointing at?

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Grant Taylor via Info-vax wrote:

> Are you planing on having someone else, possibly your ISP, receive your
> email via MX record where you will then pull it down via IMAP? I.e.
> something akin to the popular fetchmail utility?

No, on my other machines I just read my email on the imap server of my
ISP with alpine.

> If you (or anyone else) is interested in having someone else front your
> SMTP as the MX to the world and then forward (relay) it to you, let me
> know. I'm always happy to help people playing and learning.

Thanks, but I think my ISP should be able to do that. All other machines
here have a mailserver running (Sendmail, Postfix) and all was needed is
pointing it to the smarthost, which is the smtp server of the ISP.

Regards,
Marco

--
I have no doubt that it is a part of the destiny of the human race,
in its gradual improvement, to leave off eating animals.
-- Thoreau

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Grant Taylor via Info-vax wrote:

> Are you planing on having someone else, possibly your ISP, receive your
> email via MX record where you will then pull it down via IMAP? I.e.
> something akin to the popular fetchmail utility?

No, on my other machines I just read my email on the imap server of my
ISP with alpine.

> If you (or anyone else) is interested in having someone else front your
> SMTP as the MX to the world and then forward (relay) it to you, let me
> know. I'm always happy to help people playing and learning.

[Paul Sture]

Marco, do you realise your posts are showing up twice?

Once with Subject:

"[Info-VAX] Re: "SEND MAIL" doesn't send mail, mail stays in queue"

and again with Subject:

"Re: "SEND MAIL" doesn't send mail, mail stays in queue"

with otherwise identical contents.

--
As we've seen time and time again, the Internet of Things is
demonstrably as robust and secure as a kitten crossing a motorway.
-- Alistair Dabbs

[MG]

Speaking of your ISP (and the double-posts, as someone
mentioned), I see you use Info-VAX, but are you aware
that they also offer USENET (nntp.xs4all.nl)? It has
worked fine for me.

- MG

[MG]

On 23-JAN-2018 at 14:49 I wrote:
> [...] (nntp.xs4all.nl) [...]
Or, actually: news.xs4all.nl

- MG

[bill...@navistar.com]

The "Queue-Name" entry default to the generic queue TCPIP$SMTP. You have "Number-Of-Queues-Per-Node" set as 1 execution queue configured. $SHOW QUEUE/FULL TCPIP$SMTP* should look something like this example from a two node cluster.

Generic server queue TCPIP$SMTP
/GENERIC=(TCPIP$SMTP_HOST1_1,TCPIP$SMTP_HOST2_1) /OWNER=[SYSMGT,SYSTEM] /PROTECTION=(S:M,O:D,G:R,W:S)

Server queue TCPIP$SMTP_HOST1_1, idle, on HOST1::, mounted form DEFAULT
/BASE_PRIORITY=4 /DEFAULT=(FEED,FORM=DEFAULT) /OWNER=[SYSMGT,SYSTEM] /PROCESSOR=TCPIP$SMTP_SYMBIONT /PROTECTION=(S:M,O:D,G:R,W:S)

Server queue TCPIP$SMTP_HOST2_1, idle, on HOST2::, mounted form DEFAULT
/BASE_PRIORITY=4 /DEFAULT=(FEED,FORM=DEFAULT) /OWNER=[SYSMGT,SYSTEM] /PROCESSOR=TCPIP$SMTP_SYMBIONT /PROTECTION=(S:M,O:D,G:R,W:S)

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Paul Sture via Info-vax wrote:

> Marco, do you realise your posts are showing up twice?
>
> Once with Subject:
>
> "[Info-VAX] Re: "SEND MAIL" doesn't send mail, mail stays in queue"
>
> and again with Subject:
>
> "Re: "SEND MAIL" doesn't send mail, mail stays in queue"
>
> with otherwise identical contents.

Yes that's because replies go both to the mailing list and the newsgroup.
This one is going only to the mailing list.

--
He who laughs last -- missed the punch line.

[Marco Beishuizen]

Yes I know I use them both. Replies go to both the mailing list and the
newsgroup. I'll stick to the mailing list.

--
Everybody is given the same amount of hormones, at birth, and
if you want to use yours for growing hair, that's fine with me.

[Stephen Hoffman]

On 2018-01-23 07:55:25 +0000, Marco Beishuizen said:

> Alternate-Gateway : 192.168.178.1
> General-Gateway : 192.168.178.1

Is your ISP really using 192.168/16 private class C block addresses for
their IPv4 mail services? That'd be somewhat unusual. Or did this
mistakenly get set to the local IP gateway, and not to the ISP SMTP
gateway?

> As there is no "Queue-Name" I'm thinking there is something with the
> mail queue not correctly configured.

It's comparatively difficult to even get mail configured correctly on
OpenVMS, what with certificates and connection security and DKIM and
other more modern requirements that OpenVMS knows little or nothing
about. But that's further along the path of learning how not to write
a user interface for most modern expectations, which is where this is
headed. Regarding the existence of the mail queues, the
TCPIP$CONFIG.COM tool manages that for you, occasionally with some
manual steps for the more complex configurations. You'll need to
enable and start the SMTP mail server, minimally.

Off-LAN network routing also already needs to be working for the
OpenVMS box to send mail. ssh connections to decuserve.org or such.
I'll assume that's all been checked already and is working.

Newer servers increasingly require correct DNS, due to security
requirements. OpenVMS is too old and too insecure to care about
correct local DNS translations for itself and other local systems, so
at least there's that. Yes, I'm really not a fan of TCP/IP Services.
It was good for its time, but requirements have changed and TCP/IP
Services hasn't kept up. VSI is working on a replacement with newer
features, as was previously mentioned.

[Marco Beishuizen]

On Tue, 23 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:

> On 2018-01-23 07:55:25 +0000, Marco Beishuizen said:
>
>> Alternate-Gateway : 192.168.178.1
>> General-Gateway : 192.168.178.1
>
> Is your ISP really using 192.168/16 private class C block addresses for
> their IPv4 mail services? That'd be somewhat unusual. Or did this
> mistakenly get set to the local IP gateway, and not to the ISP SMTP
> gateway?

You are right this isn't correct. It's the IP of my modem/router. The
TCPIP$CONFIG didn't alter it after all. I'll change the TCPIP$SMTP.CONF
file manually and see what happens.

Thanks,
Marco

--
When the Ngdanga tribe of West Africa hold their moon love ceremonies,
the men of the tribe bang their heads on sacred trees until they get a
nose bleed, which usually cures them of _ t_ h_ a_ t.
-- Mike Harding, "The Armchair Anarchist's Almanac"

[Marco Beishuizen]

Mine shows:

$ show queue/full tcpip$smtp*
Generic server queue TCPIP$SMTP
/GENERIC=(TCPIP$SMTP_OVMS1_1) /OWNER=[SYSTEM]

/PROTECTION=(S:M,O:D,G:R,W:S)

Entry Jobname Username Blocks Status
----- ------- -------- ------ ------
105 18012202332205_SYSTEM-22F
SYSTEM 5 Holding until 23-JAN-2018
17:03:54.18
Submitted 23-JAN-2018 16:03:54.18 /FORM=DEFAULT /PRIORITY=100
File:
_OVMS1$DKA0:[SYS0.SYSMGR]18012202332205_SYSTEM-22F.TCPIP_OVMS1;1

106 18012215341104_SYSTEM-22F
SYSTEM 5 Holding until 23-JAN-2018
17:04:26.78
Submitted 23-JAN-2018 16:04:26.78 /FORM=DEFAULT /PRIORITY=100
File:
_OVMS1$DKA0:[SYS0.SYSMGR]18012215341104_SYSTEM-22F.TCPIP_OVMS1;1

107 18012203112463_SYSTEM-22F
SYSTEM 5 Holding until 23-JAN-2018
17:41:53.60
Submitted 23-JAN-2018 16:41:53.60 /FORM=DEFAULT /PRIORITY=100
File:
_OVMS1$DKA0:[SYS0.SYSMGR]18012203112463_SYSTEM-22F.TCPIP_OVMS1;1

Server queue TCPIP$SMTP_OVMS1_1, idle, on OVMS1::, mounted form DEFAULT
/BASE_PRIORITY=4 /DEFAULT=(FEED,FORM=DEFAULT) /OWNER=[SYSTEM]

/PROCESSOR=TCPIP$SMTP_SYMBIONT /PROTECTION=(S:M,O:D,G:R,W:S)

[...]

The tree testmails are shown, but also the smtp queue. So that looks ok.
I edited the TCPIP$SMTP.CONF file manually because TCPIP$CONFIG didn't
change the .CONF file (the gateway/smart host).

--
Double Bucky, you're the one,
You make my keyboard so much fun,
Double Bucky, an additional bit or two, (Vo-vo-de-o)
Control and meta, side by side,
Augmented ASCII, 9 bits wide!
Double Bucky, a half a thousand glyphs, plus a few!

Oh, I sure wish that I,
Had a couple of bits more!
Perhaps a set of pedals to make the number of bits four.

Double Double Bucky! Double Bucky left and right
OR'd together, outta sight!
Double Bucky, I'd like a whole word of,
Double Bucky, I'm happy I heard of,
Double Bucky, I'd like a whole word of you!
-- to Niklaus Wirth, who suggested that an extra bit
be added to terminal codes on 36-bit machines for use
by screen editors. [to the tune of "Rubber Ducky"]

[Scott Dorsey]

You have telnet as a tool to check connectivity. You can telnet into port 25
of your ISP's mail forwarder. You can telnet into port 143 of their IMAP
server. You can use telnet to make sure that you're talking to the correct
server and that all connections between you and the server are intact.
--scott


--
"C'est un Nagra. C'est suisse, et tres, tres precis."

[Stephen Hoffman]

On 2018-01-23 15:46:06 +0000, Marco Beishuizen said:

> On Tue, 23 Jan 2018, the wise Stephen Hoffman via Info-vax wrote:
>
>> On 2018-01-23 07:55:25 +0000, Marco Beishuizen said:
>>
>>> Alternate-Gateway : 192.168.178.1
>>> General-Gateway : 192.168.178.1
>>
>> Is your ISP really using 192.168/16 private class C block addresses for
>> their IPv4 mail services? That'd be somewhat unusual. Or did this
>> mistakenly get set to the local IP gateway, and not to the ISP SMTP
>> gateway?
>
> You are right this isn't correct. It's the IP of my modem/router. The
> TCPIP$CONFIG didn't alter it after all. I'll change the TCPIP$SMTP.CONF
> file manually and see what happens.

Nicely-massive monstrously-huge staggeringly-large hole in the UI and
in the error logging, that one. Basic testing at startup should at
least have flagged that as "this host doesn't look like a mail server"
and with an ensuing demi-blizzard of logging messages, after all.

[Stephen Hoffman]

On 2018-01-23 16:16:18 +0000, Scott Dorsey said:

> You have telnet as a tool to check connectivity. You can telnet into
> port 25 of your ISP's mail forwarder. You can telnet into port 143 of
> their IMAP server. You can use telnet to make sure that you're talking
> to the correct server and that all connections between you and the
> server are intact.
> --scott

Testing which should be automatic within the startup — connect and
determine if the specified server is accessible, and what SMTP options
are available — and test again when the connections go sideways.

We cannot depend on the presence of a telnet client. Those are getting
removed as part of security upgrades. Yes, nc or netcat can replace
telnet for testing here. But OpenVMS lacks those.

Nor can we depend on the folks maintaining the OpenVMS systems having
the knowledge and skills necessary to debug failed connections. Sure.
We used to. Some still do. But that's not the world we're in now.
New folks have other things to learn, and other situations to deal
with, and new folks — new customers, BTW — are inherently not familiar
with the platform. And even for the skilled and experienced folks,
having the mail server log a "is this really a mail server you've asked
me to connect to?" saves them time and effort.

New folks and new-to-the-tool folks (and OpenVMS hobbyists, here) are
far and away the best folks to test user interfaces, too. Developers
can be exceptionally bad at creating user interfaces and diagnostics
and APIs, unfortunately.

[Phillip Helbig (undress to reply)]

In article <alpine.NEB.2.20.1801222242400.23084@shogun>, Marco

Beishuizen <mbei...@xs4all.nl> writes:

> The PWS is behind a modem/router with a firewall. First thing I would like
> to do is to be able to send mail, with the mail server of my ISP as the
> smart host.

Most will probably want some sort of authorization which VMS doesn't
support. Check out http://www.dynaccess.com/ for one which doesn't.

> Receiving mail I'll try to config later using IMAP, so the
> OpenVMS machine won't receive mail by itself.

Why not receive it on VMS?

[Phillip Helbig (undress to reply)]

In article <alpine.NEB.2.20.1801222326440.23084@shogun>, Marco

Beishuizen <mbei...@xs4all.nl> writes:

> My ISP allows to use an smtp server a home and use port 25. The ISP
> mailserver can be configured as a smart host to point to. I do this on all
> my other machines (postfix, sendmail) and works fine. My ISP also has a
> great spamfilter. So probably no need for alternatives.

The main thing is that people receiving your mail see it as coming from
the ISP's SMTP relay server, and that the ISP makes sure that it is not
blacklisted.

[Marco Beishuizen]

Well, little victory here!: 1 email got through and got delivered. The one
that had my own email address as from: address. The other two have the
local system mailaddress and probably get rejected because of that.

So a few more tweaks and...

Regards,
Marco

--
Tiger got to hunt,
Bird got to fly;
Man got to sit and wonder, "Why, why, why?"

Tiger got to sleep,
Bird got to land;
Man got to tell himself he understand.
-- The Books of Bokonon

[Stephen Hoffman]

On 2018-01-23 20:10:14 +0000, Phillip Helbig (undress to reply said:

> Why not receive it on VMS?

Sure.

If you're willing to post your usernames and passwords to the whole
Internet. Because that's what remote mail clients will do, when
accessing OpenVMS.

And if you'e willing to not be able to acquire mail remotely or to work
around the increasing numbers of networks block outbound TCP port 25
connections.

Blocking outbound 25 was happening ~fifteen years ago in some networks,
and it is only getting more common.

If any local network to isn't already blocking outbound TCP port 25, it
probably should be. But I digress.

Sure, you can certainly VPN what are otherwise insecure client
connections into the TCP/IP Server email server. That's a barrel of
fun.

The upcoming VSI TCPIP package (née Multinet) mail server is rather
better here.

[Phillip Helbig (undress to reply)]

In article <p4aqn4$lpe$1...@dont-email.me>, Stephen Hoffman

<seao...@hoffmanlabs.invalid> writes:

> > Why not receive it on VMS?
>
> Sure.
>
> If you're willing to post your usernames and passwords to the whole
> Internet. Because that's what remote mail clients will do, when
> accessing OpenVMS.

If you send an email to me, where is a username or password involved?
OK, the From: header might contain something like the username on the
machine you send it from, but it doesn't have to. Passwords for sending
email to VMS? I'm confused.

> The upcoming VSI TCPIP package (née Multinet) mail server is rather
> better here.

I'm looking forward to it.

[Hunter Goatley]

On 1/24/2018 2:35 PM, Stephen Hoffman wrote:
>
> If you're willing to post your usernames and passwords to the whole
> Internet.  Because that's what remote mail clients will do, when
> accessing OpenVMS.

At the risk of sounding like a commercial, I thought I'd remind/tell
everyone that our product PMDF supports TLS and SASL connections on VMS.
It also has a VMS MAIL replacement that understands, processes, and can
easily create MIME messages.

http://www.process.com/products/pmdf/

--
Hunter
------
Hunter Goatley, Process Software, http://www.process.com/
goath...@goatley.com http://hunter.goatley.com/

[Stephen Hoffman]

On 2018-01-24 22:51:02 +0000, Phillip Helbig (undress to reply said:

> In article <p4aqn4$lpe$1...@dont-email.me>, Stephen Hoffman
> <seao...@hoffmanlabs.invalid> writes:
>
>>> Why not receive it on VMS?
>>
>> Sure.
>>
>> If you're willing to post your usernames and passwords to the whole
>> Internet. Because that's what remote mail clients will do, when
>> accessing OpenVMS.
>
> If you send an email to me, where is a username or password involved?

I'll ignore the lack of STARTTLS support here, but that's a whole
'nother issue.

> Passwords for sending email to VMS? I'm confused.

Mail clients use credentials to access mail servers. If you decided
to hook up that iPad to that OpenVMS server for instance, you'd have to
use an insecure connection.

[tuklu_san]

On 1/22/2018 13:33, Marco Beishuizen wrote:
> Hi,
>
> I'm trying to use MAIL on my DEC PWS600au running OpenVMS 8.4. SMTP is
> enabled and running. The MAIL program seems to work. I used "SET
> CONFIGURATION SMTP" to set the mail gateway to the ISP mail server.
> There are no error messages.
>
> Problem is that when entering a mail message and sending it, nothing
> happens. The mail messages stay in the mail queue forever.
>
> Am I missing something?
>
> Thanks in advance,
> Marco

Anything of interest in SYS$SPECIFIC:[TCPIP$SMTP]TCPIP$SMTP_LOGFILE.LOG ?

[Grant Taylor]

On 01/24/2018 06:12 PM, Stephen Hoffman wrote:
> Mail clients use credentials to access mail servers.

Yes, email clients (MUAs). I believe that Phillip is talking about the
inbound SMTP to the mail server (MTA).

Granted, MUAs need to get the email somehow.



--
Grant. . . .
unix || die

[Phillip Helbig (undress to reply)]

In article <p4b4mÄoqi$1...@dont-email.me>, Hunter Goatley

<goath...@goatley.com> writes:

> > If you're willing to post your usernames and passwords to the whole
> > Internet. Because that's what remote mail clients will do, when
> > accessing OpenVMS.
>
> At the risk of sounding like a commercial, I thought I'd remind/tell
> everyone that our product PMDF supports TLS and SASL connections on VMS.
> It also has a VMS MAIL replacement that understands, processes, and can
> easily create MIME messages.
>
> http://www.process.com/products/pmdf/

Though not at home, I have some experience with PMDF and, yes, it is
really good. :-)

[Phillip Helbig (undress to reply)]

In article <p4batu$usj$1...@dont-email.me>, Stephen Hoffman

<seao...@hoffmanlabs.invalid> writes:

> >>> Why not receive it on VMS?
> >>
> >> Sure.
> >>
> >> If you're willing to post your usernames and passwords to the whole
> >> Internet. Because that's what remote mail clients will do, when
> >> accessing OpenVMS.
> >
> > If you send an email to me, where is a username or password involved?
>
> I'll ignore the lack of STARTTLS support here, but that's a whole
> 'nother issue.
>
> > Passwords for sending email to VMS? I'm confused.
>
> Mail clients use credentials to access mail servers. If you decided
> to hook up that iPad to that OpenVMS server for instance, you'd have to
> use an insecure connection.

OK. But if I log into VMS (from a terminal, or in DECwindows, or from
outside via SSH) and read email with VMS MAIL, there are no passwords
involved related to mail. Similarly if someone sends me an email. Of
course, if you want to read email stored on VMS with some sort of POP
client or whatever (with which I have no experience) then that is
something different.

[Phillip Helbig (undress to reply)]

In article <p4bqki$tm7$1...@tncsrv09.home.tnetconsulting.net>, Grant Taylor

<gta...@tnetconsulting.net> writes:

> On 01/24/2018 06:12 PM, Stephen Hoffman wrote:
> > Mail clients use credentials to access mail servers.
>
> Yes, email clients (MUAs). I believe that Phillip is talking about the
> inbound SMTP to the mail server (MTA).

Right.

[Stephen Hoffman]

Hence my "remote mail clients" reference.

Few folks are interested in having to establish a VPN nor to use
command line access via ssh to access mail. Not when existing clients
allow direct access, and not when the OpenVMS native command-line
client can't deal with MIME encoded messages without added effort and
an external MIME tool. Which means that most folks running a mail
server seek to enable and use remote access via TLS-protected IMAP and
TLS-protected ESMTP. Neither of which is available with TCP/IP
Services.

Various clients that have been ported to OpenVMS — Seahorse and
Communicator, for example — also use the network (remote) path to
access the mail server.

Once the updated VSI TCPIP stack is available, it'd be appropriate for
VSI to disable unencrypted POP and IMAP access by default. Along with
other insecure protocols and tools. While we're migrating to the new
stack, might as well move (most) folks toward more security. But then
there's more than a little "fun" here getting the rest of certificate
authentication to work on OpenVMS, and getting certificate chains
configured and available, too.

[Stephen Hoffman]

I've encountered a mail server that won't connect to a mail server that
lacks STARTTLS. OpenVMS TCP/IP Services lacks STARTTLS. Mail servers
are a moving target. That STARTTLS "fun" is in addition to DKIM and
the rest of the "fun" that can arise here, too. I don't know off-hand
if Multinet includes STARTTLS, but I'd be surprised if it didn't. How
it manages its certificate store is another (related) matter.

[Grant Taylor]

On 01/25/2018 01:23 PM, Stephen Hoffman wrote:
> I've encountered a mail server that won't connect to a mail server that
> lacks STARTTLS.

I'd be curious to know what mail server that was.

I'm not saying that they don't exist, but I am saying that I think they
are quite rare.

There is a difference in server to server SMTP with lack of STARTTLS and
client to server submission with lack of STARTTLS.

It is quite common for mail servers to require STARTTLS for clients to
authenticate to relay mail through them in an effort to protect the
authentication credentials.

I also suspect the lack of STARTTLS can be at least partially mitigated
by a backup mail relay that does provide STARTTLS that will connect to
VMS without STARTTLS and relay messages in.

[Grant Taylor]

On 01/25/2018 01:20 PM, Stephen Hoffman wrote:
> Few folks are interested in having to establish a VPN nor to use command
> line access via ssh to access mail.

I suspect that the Phillip is outside of the vast majority of the users
that you are referring to.

It really sounds like Phillip is wanting to do something for himself as
a hobby. - More power to him.