An update on this thread in case anyone is interested or search for the same.
I never found any resolution to let OpenSMTPD rely on getpwnam (and thus ypldap). I traced the rules and lookup further and my only suspicion is that it's ypldap causing the odd behavior with getpwnam. In the end I took another approach and created a virtual user table mapping to the system users (fetched by ypldap) + added all aliases in the same virtual user map. Now I get proper Invalid Recipient replies and nothing stuck in the queue. I build the virtual user table with a simple Python LDAP script. This solution actually is better in the end as it allows my client to have more fine-grained control over mail accounts, aliases and group-mail aliases. ------- I do however have a question left: In my trials I briefly had the configuration as follows: accept tagged for domain <domains> alias <aliases> deliver to lmtp "/var/dovecot/lmtp" accept tagged for domain <domains> virtual <vusers> deliver to lmtp "/var/dovecot/lmtp" But everything ended up in the first rule, and even though the alias map didn't contain any of the recipients it never went to the virtual user rule and all mails stayed in "Temporary lookup failure". I solved it by combining my alias and virtual user maps, but if I understand it correctly the above should have worked.. or? Maybe it's the ypldap ghost.. Thanks, Eric Ripa > On 2015-03-06, at 08:22, Eric Ripa <[email protected]> wrote: > > Hi, > > I originally posted this as an issue on Github but then I realized that the > mail list probably would be a better match. So I'm reposting here and have > closed the Github issue. > > > I've setup OpenBSD 5.6 with OpenSMTPD 5.4.4 for use with system user (LDAP, > using ypldap) on one primary domain. The setup is based on the guide > available here: http://technoquarter.blogspot.se > <http://technoquarter.blogspot.se/> > > > This is the two rules that (in my mind) should affect this. > > table domains db:/etc/mail/domains.db > accept for domain <domains> deliver to lmtp "/var/dovecot/lmtp" > > And my domains file: > > example.com <http://example.com/> accept > > If I send to a user that does exist on the system I get correct behavior and > the mail delivers, but when I send to a non-existing user the mail goes into > limbo with '451 Temporary Failure' > > Using smtpd -d -T lookup I can see the following behaviors, first an existing > user: > > lookup: lookup "eric.ripa" as USERINFO in table getpwnam:<getpwnam> -> > "eric.ripa:1101:1025:/home/eric.ripa" > delivery: Ok for f23a96c23e2500b8: from=<[email protected] > <mailto:[email protected]>>, to=<[email protected] > <mailto:[email protected]>>, user=eric.ripa, method=lmtp, delay=1s, > stat=Delivered > > Then the non-existing user: > > lookup: lookup "foo" as USERINFO in table getpwnam:<getpwnam> -> -1 > smtp-in: Failed command on session a6ee64eda205f046: "RCPT > TO:<[email protected] <mailto:[email protected]>>" => 451 Temporary failure > relay: TempFail for c534b8c7f5ad4a41: session=a6ee64ec089bf84f, > from=<[email protected] <mailto:[email protected]>>, to=<[email protected] > <mailto:[email protected]>>, rcpt=<->, source=127.0.0.1, relay=127.0.0.1 > (localhost), delay=6m41s, stat=451 Temporary failure > > Shouldn't this mail bounce with a 550 or something similar? Currently the > mail stays in the queue until the envelope expires. > > Any ideas? Is it possible to force a reject if user doesn't exist on the > system? > > Thanks, > Eric Ripa
signature.asc
Description: Message signed with OpenPGP using GPGMail
