Routing

youthful-zorse · December 19, 2023, 12:03pm

Please tell me how to use routing in Kumo MTA, idea is I want that the from a different egress pool I want to send the mail to the another third party MTA which has auth enable for them

inclusive-eagle · December 19, 2023, 12:03pm

Hey there @youthful-zorse, thanks for posting. To ensure the fastest resolution to your issue, please review the following and follow all the steps:

Mike · December 19, 2023, 1:19pm

youthful-zorse · December 19, 2023, 3:45pm

I am having trouble configuring that, can you please let me know is there any example if I can use to check.

Mike · December 19, 2023, 3:49pm

Other than the example in the docs? I’d rather see what you tried and how it is not working so I can improve the docs.

youthful-zorse · December 19, 2023, 3:49pm

ok let me send the code

youthful-zorse · December 19, 2023, 3:50pm

kumo.on('get_egress_path_config', function(domain, site_name)
  return kumo.make_egress_path {
    enable_tls = 'Required',
    smtp_auth_plain_username = 'scott',
    -- The password can be any keysource value
    smtp_auth_plain_password = {
      key_data = 'tiger',
    },
  }
end)

youthful-zorse · December 19, 2023, 3:50pm

I have just use this

youthful-zorse · December 19, 2023, 3:50pm

does I need to add something extra?

Mike · December 19, 2023, 3:50pm

And what goes wrong?

Mike · December 19, 2023, 3:51pm

And what is the full init.lua?

youthful-zorse · December 19, 2023, 3:51pm

ok sharing the same

youthful-zorse · December 19, 2023, 3:53pm

kumo.on('get_egress_path_config', function(domain, site_name)
  return kumo.make_egress_path {
    enable_tls = 'Required',
    smtp_auth_plain_username = 'scott',
    -- The password can be any keysource value
    smtp_auth_plain_password = {
      key_data = 'tiger',
    },
  }
end)
kumo.on('smtp_server_auth_plain', function(authz, authc, password, conn_meta)
  local password_database = {
    ['scott'] = 'tiger',
    ['scott1'] = 'tiger',
  }
  if password == '' then
    return false
  end
  return password_database[authc] == password
end)
-- Configure source IPs.
local sources = require 'policy-extras.sources'
sources:setup ({ '/opt/kumomta/etc/sources.toml' })


local queue_module = require 'policy-extras.queue'
local queue_helper =   queue_module:setup ({ '/opt/kumomta/etc/queues.toml' })


--[[ Double DKIM Sign  ]]

kumo.on('smtp_server_message_received', function(msg)
  queue_helper:apply(msg)
  local domain = msg:recipient().domain
        if (domain == "gmail.com")
          then
                local aclmobile_net_signer = kumo.dkim.rsa_sha256_signer {
                domain = 'aclmobile.net',
                selector = '5nXKKHgBnyGAcLwvMLZIq',
                headers = {'Content-Type', 'Message-Id', 'Subject', 'Date', 'Mime-Version', 'To', 'From'},
                key = '/opt/kumomta/etc/dkim/aclmobile.net/5nXKKHgBnyGAcLwvMLZIq.key',
                 }
                msg:dkim_sign(aclmobile_net_signer)
        end

 local signer = kumo.dkim.rsa_sha256_signer {
        domain = msg:from_header().domain,
        selector = 'acls01',
        headers = { 'From', 'To', 'Subject' },
        key = '/opt/kumomta/etc/dkim/acl.pinchappmails.com/acls01.key',
          }
        msg:dkim_sign(signer)

 end)

youthful-zorse · December 19, 2023, 3:53pm

local kumo = require 'kumo'
--[[ Start of INIT section ]]
--

kumo.on('init', function()
  kumo.start_esmtp_listener {
    listen = '0.0.0.0:587',
  }

  kumo.define_spool {
    name = 'data',
    path = '/var/spool/kumomta/data',
  }

  kumo.define_spool {
    name = 'meta',
    path = '/var/spool/kumomta/meta',
  }

--  kumo.configure_local_logs {
  --  log_dir = '/var/log/kumomta',
  --}

  kumo.configure_local_logs {
  log_dir = '/var/log/kumomta',
  max_segment_duration = '01 seconds',
  per_record = {
    Reception = {
      -- use names like "20230306-022811_recv" for reception logs
      suffix = '_recv',
    },

    Delivery = {
      -- put delivery logs in a different directory
      log_dir = '/var/log/kumo/delivery',
      suffix = '_dev',
      --template = [[{{type}} id={{ id }}, from={{ sender }}, recipient={{ recipient }}, response={{ response_code }}, content={{ code }} peer_address={{ peer_address }}, timestamp={{ timestamp }}]],
    },

    TransientFailure = {
      -- Don't log transient failures
      enable = false,
    },

    Bounce = {
      -- Instead of logging the json record, evaluate this
      -- template string and log the result.
      --template = [[Bounce! id={{ id }}, from={{ sender }} code={{ code }} age={{ timestamp - created }}]],
      suffix = '_bounce',
    },

    -- For any record type not explicitly listed, apply these settings.
    -- This effectively turns off all other log records
    Any = {
      enable = false,
    },
  },
}

  kumo.set_diagnostic_log_filter 'kumod=debug'
  kumo.configure_local_logs {
    log_dir = '/var/log/kumomta',
  }
  kumo.configure_bounce_classifier {
    files = {
      '/opt/kumomta/share/bounce_classifier/iana.toml',
    },
  }

end)

youthful-zorse · December 19, 2023, 3:54pm

this is my whole init.lua file

Mike · December 19, 2023, 4:13pm

So you have no logic in your lua to say when to use the authentication. You should do like you have logic checking if the domain being passed is the one you want to authenticate to, and that local kumo = require kumo should be at the top of the init.lua

youthful-zorse · December 19, 2023, 4:15pm

rather than lua, can I use toml file?

youthful-zorse · December 19, 2023, 4:15pm

is there any steps

Mike · December 19, 2023, 4:33pm

Look at using the shaping helper, and then you can put the credentials in the config for that domain, there’s an example in the page I linked to at the bottom on how to do it via the shaping helper.

youthful-zorse · December 19, 2023, 5:13pm

ok