Re: opensmtpd can't handle long lines in aliases table

[Edgar Pettijohn]

On Sun, Aug 02, 2020 at 09:50:15AM -0400, openbsd.b...@aisha.cc wrote:
> >Synopsis:    opensmtpd can't handle long lines in aliases table
> >Category:    opensmtpd
> >Environment:
>       System      : OpenBSD 6.7
>       Details     : OpenBSD 6.7 (GENERIC) #5: Tue Jul 21 13:24:31 MDT 2020
>                        
> r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> 
>       Architecture: OpenBSD.amd64
>       Machine     : amd64
> >Description:
> When having a large line in opensmtpd table, the daemon runs fine but
> when trying to send emails from the user for that line (or from any
> alias from that line there is an error saying
> 
> > Aug  2 09:33:34 mail smtpd[35636]: a05ce7f284d26d63 smtp authentication 
> > user=ai...@aisha.cc result=ok
> > Aug  2 09:33:34 mail smtpd[36367]: warn: failure during mailaddrmap lookup 
> > revirt:ai...@aisha.cc
> > Aug  2 09:33:34 mail smtpd[35636]: a05ce7f284d26d63 smtp failed-command 
> > command="MAIL FROM:<openbsd.t...@aisha.cc> BODY=8BITMIME SIZE=1171" 
> > result="421 4.3.0 Te
> mporary Error"
> 

Have you tried `smtpctl trace expand` to get more logging?

Edgar

> my /etc/mail/smtpd.conf:
> 
> # options for smtpd
> queue compression
> queue ttl 4d
> bounce warn-interval 1h, 6h, 2d # default: 4h
> smtp max-message-size 33M
> 
> smtp sub-addr-delim '.'
> 
> # actual mail handling
> pki aisha.cc cert  "/etc/excision/ssl/aisha.cc.crt"
> pki aisha.cc key   "/etc/excision/ssl/private/aisha.cc.key"
> 
> # Filters
> #
> # junk: add X-Spam header
> # junk those sending from dynamic ip regex matches
> filter check_dyndns phase connect match rdns regex { ".*\.dyn\..*", 
> ".*\.dsl\..*" } junk
> 
> # junk those who don't have forward or reverse dns
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> 
> # junk and slow those below a sender score of 70
> filter senderscore proc-exec "filter-senderscore -junkBelow 70 -slowFactor 
> 1000"
> 
> # also use the rspamd filter
> filter rspamd proc-exec "filter-rspamd"
> 
> # Tables
> #
> # Local host aliases
> table aliases \
>       file:/etc/mail/aliases
> #
> # Virtual host aliases
> table virtuals \
>       file:/etc/mail/virtual
> table revirt \
>       file:/etc/mail/revirt
> #
> # Virtual domains
> table vdomains \
>       file:/etc/mail/vdomains
> #
> # Virtual passwd
> table passwd \
>       passwd:/etc/mail/passwd
> #
> # OpenPGP WKS Submission Address
> table submission-address \
>       file:/etc/excision/spam/submission-address
> 
> # Incoming connections
> #
> # Local messages
> listen on socket \
>       filter rspamd
> #
> # If we defined a private interface, we probably want to get emails 
> # on that interface without mucking around with filters and
> # what not, so lets just listen there quietly
> listen on tun0
> #
> # Incoming messages from outside to people in <vdomain>
> # this filter checks for spam vs ham on smtp port
> listen on egress \
>       tls pki aisha.cc \
>       filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
> # 
> # User submitted messages on two ports 465-SSL/TLS and 587-STARTTLS
> # this filter signs the outgoing emails using the rspamd dkim_signing module
> listen on egress port smtps \
>       smtps pki aisha.cc \
>       auth <passwd> received-auth \
>       senders <revirt> \
>       filter rspamd 
> listen on egress port submission \
>       tls-require pki aisha.cc \
>       auth <passwd> received-auth \
>       senders <revirt> \
>       filter rspamd 
> 
> # Sending messages
> #
> action "local_mail" \
>       mbox \
>       alias <aliases>
> action "dovecot-lmtp" \
>       lmtp "/var/dovecot/lmtp" rcpt-to \
>       virtual <virtuals>
> action "outbound" \
>       relay \
>       helo mail.aisha.cc
> 
> # Rules - first to match is applied
> #
> # Forward local messages
> match         from local \
>       for local \
>       action "local_mail"
> #
> # Send any authenticated mail not meant for <vdomains> to outside
> match from any auth \
>       !for domain <vdomains> \
>       action "outbound"
> #
> # Local mail to <vdomains> is sent properly
> match from local \
>       for domain <vdomains> \
>       action "dovecot-lmtp"
> #
> # From authenticated users to <submission-address>
> match from any auth \
>       for domain <vdomains> \
>       rcpt-to <submission-address> \
>       action "dovecot-lmtp"
> # 
> # accept mail from outside sent to our <vdomains>
> # BUT not those who are coming for key-submission
> match from any \
>       for domain <vdomains> \
>       !rcpt-to <submission-address> \
>       action "dovecot-lmtp"
> #
> # Every other mail is to be rejected
> match from any \
>       for any \
>       reject
> 
> 
> problem line from the <revirt> table:
> 
> 
> ai...@aisha.cc                                
> ai...@aisha.cc,postmas...@aisha.cc,ab...@aisha.cc,n...@aisha.cc,secur...@aisha.cc,hostmas...@aisha.cc,use...@aisha.cc,n...@aisha.cc,webmas...@aisha.cc,dmarcrepo...@aisha.cc,tlsrepo...@aisha.cc,ansim...@aisha.cc,gen...@aisha.cc,open...@aisha.cc,n...@aisha.cc,faceb...@aisha.cc,enigm...@aisha.cc,testu...@aisha.cc,e...@aisha.cc,st...@aisha.cc,git...@aisha.cc,n...@aisha.cc,m...@aisha.cc,freen...@aisha.cc,r...@aisha.cc,lez...@aisha.cc,kat...@aisha.cc,mee...@aisha.cc,mozi...@aisha.cc,c...@aisha.cc,w...@aisha.cc,z...@aisha.cc,m...@aisha.cc,m...@aisha.cc,pro...@aisha.cc,aliexpr...@aisha.cc,a...@aisha.cc,ama...@aisha.cc,backbl...@aisha.cc,d...@aisha.cc,i...@aisha.cc,s...@aisha.cc,ramn...@aisha.cc,shroom...@aisha.cc,dn...@aisha.cc,afr...@aisha.cc,cfl...@aisha.cc,clou...@aisha.cc,racksp...@aisha.cc,firef...@aisha.cc,aish...@aisha.cc,epsi...@aisha.cc,am...@aisha.cc,bgpsp...@aisha.cc,epsi...@epsilonknot.xyz,postmas...@epsilonknot.xyz,ab...@epsilonknot.xyz,n...@epsilonknot.xyz,secur...@epsilonknot.xyz,hostmas...@epsilonknot.xyz,use...@epsilonknot.xyz,n...@epsilonknot.xyz,webmas...@epsilonknot.xyz,dmarcrepo...@epsilonknot.xyz,tlsrepo...@epsilonknot.xyz,ansim...@epsilonknot.xyz,w...@aisha.cc,r...@aisha.cc,postmas...@bsd.ac,ab...@bsd.ac,n...@bsd.ac,secur...@bsd.ac,hostmas...@bsd.ac,use...@bsd.ac,n...@bsd.ac,webmas...@bsd.ac,dmarcrepo...@bsd.ac,tlsrepo...@bsd.ac,ansim...@bsd.ac,ai...@bsd.ac,purr...@bsd.ac,c...@bsd.ac,c-stru...@bsd.ac,nycm...@bsd.ac,n...@epsilonknot.xyz,ata...@bsd.ac,z...@epsilonknot.xyz,excis...@aisha.cc,excis...@epsilonknot.xyz,excis...@bsd.ac,postmas...@shinigami.xyz,ab...@shinigami.xyz,n...@shinigami.xyz,secur...@shinigami.xyz,hostmas...@shinigami.xyz,use...@shinigami.xyz,n...@shinigami.xyz,webmas...@shinigami.xyz,dmarcrepo...@shinigami.xyz,tlsrepo...@shinigami.xyz,excis...@shinigami.xyz,calen...@aisha.cc,calen...@epsilonknot.xyz,calen...@bsd.ac,calen...@shinigami.xyz,postmas...@kshirsagar.xyz,ab...@kshirsagar.xyz,n...@kshirsagar.xyz,fl...@bsd.ac,te...@aisha.cc,te...@aisha.cc,te...@aisha.cc,te...@aisha.cc,te...@aisha.cc,te...@aisha.cc,te...@aisha.cc
> 
> if I remove the email te...@aisha.cc, then I am able to send emails normally, 
> but if I keep the te...@aisha.cc then I get the above error in 
> /var/log/maillog= 9
> 
> 
> dmesg:
> OpenBSD 6.7 (GENERIC) #5: Tue Jul 21 13:24:31 MDT 2020
>     r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 1056817152 (1007MB)
> avail mem = 1012322304 (965MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5930 (9 entries)
> bios0: vendor SeaBIOS version "rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org" 
> date 04/01/2014
> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
> acpi0 at bios0: ACPI 1.0
> acpi0: sleep states S3 S4 S5
> acpi0: tables DSDT FACP APIC HPET
> acpi0: wakeup devices
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Virtual CPU 523cbcdd6ca4, 2395.50 MHz, 06-3d-02
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
> 64b/line 16-way L2 cache
> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 999MHz
> ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 20, 24 pins
> acpihpet0 at acpi0: 100000000 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpicpu0 at acpi0: C1(@1 halt!)
> "ACPI0006" at acpi0 not configured
> acpipci0 at acpi0 PCI0: _OSC failed
> acpicmos0 at acpi0
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "QEMU0002" at acpi0 not configured
> "ACPI0010" at acpi0 not configured
> cpu0: using Broadwell MDS workaround
> pvbus0 at mainbus0: KVM
> pvclock0 at pvbus0
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
> wired to compatibility, channel 1 wired to compatibility
> pciide0: channel 0 disabled (no drives)
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
> iic0 at piixpm0
> vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
> vio0 at virtio0: address 56:00:02:7f:a6:34
> virtio0: msix per-VQ
> virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00
> vioblk0 at virtio1
> scsibus2 at vioblk0: 2 targets
> sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, >
> sd0: 25600MB, 512 bytes/sector, 52428800 sectors
> virtio1: msix shared
> virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
> viomb0 at virtio2
> virtio2: apic 0 int 10
> virtio3 at pci0 dev 6 function 0 "Qumranet Virtio RNG" rev 0x00
> viornd0 at virtio3
> virtio3: apic 0 int 10
> virtio4 at pci0 dev 7 function 0 "Qumranet Virtio Network" rev 0x00
> vio1 at virtio4: address 5a:00:02:7f:a6:34
> virtio4: msix shared
> isa0 at pcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> usb0 at uhci0: USB revision 1.0
> uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
> addr 1
> uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" 
> rev 2.00/0.00 addr 2
> uhidev0: iclass 3/0
> ums0 at uhidev0: 3 buttons, Z dir
> wsmouse1 at ums0 mux 0
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd0a (d7d104baf4499ac3.a) swap on sd0b dump on sd0b
> fd0 at fdc0 drive 1: density unknown
> 
> usbdevs:
> Controller /dev/usb0:
> addr 01: 8086:0000 Intel, UHCI root hub
>        full speed, self powered, config 1, rev 1.00
>        driver: uhub0
> addr 02: 0627:0001 QEMU, QEMU USB Tablet
>        full speed, power 100 mA, config 1, rev 0.00, iSerial 
> 28754-0000:00:01.2-1
>        driver: uhidev0