Hi All,

I’ve been using OpenSMTPD on OpenBSD to run my email server since at least 
2015, and this setup has been working really well for me since. 

I have recently upgraded my SMTP server from OpenBSD 6.3, via 6.4 to 6.5 (I 
know I dragged my feet on this one, but I was worried about breaking my email 
service - there are a few people using this server and relying on it quite a 
lot). Anyway, it turns out the changes to the config brought on by the new 
syntax were easier than I initially expected and it seems all is good again. 

The one issue I do have is with incoming email, sent from an address which 
contains a single apostrophe (‘) in the local-part of the address - e.g. 
<first.o’l...@example.com>. 

It seems OpenSMTPD rewrites the from email address by replacing characters it 
deems insecure with a colon (:). So the example address above becomes 
<first.o:l...@example.com>. 

Now, the issue is that, while the ‘:’ as well as “‘“ are both allowed 
characters in the local part, the ‘:’ is only allowed when the local-part is 
enclosed in double quotes - i.e. <first.o’l...@example.com> is VALID, 
<first.o:l...@example.com> is INVALID, and <“first.o:last"@example.com> is 
VALID. 

It seems that when the rewrite happens, the local part is not being enclosed in 
the double quotes.

All of the above leads to Dovecot LMTP rejecting the email because of the 
invalid from address. 

The relevant part of the smtpd.conf is below: 

action "lmtp" mda "/usr/libexec/mail.lmtp -f \"%{sender}\" -d /var/dovecot/lmtp 
%{user.username}" virtual <users>
action "lmtp-local" mda "/usr/libexec/mail.lmtp -f \"%{sender}\" -d 
/var/dovecot/lmtp %{user.username}" alias <aliases>

I have also tried using the “syntactic sugar” form: 

action "lmtp" lmtp "/var/dovecot/lmtp" virtual <users>
action "lmtp-local" lmtp "/var/dovecot/lmtp" alias <aliases>

and the result is the same - Dovecot rejects the email. 

I also tried using the :raw modifier to the actions above, like so: 

action "lmtp" mda "/usr/libexec/mail.lmtp -f \"%{sender:raw}\" -d 
/var/dovecot/lmtp %{user.username}" virtual <users>

but this caused an issue with running mail.lmtp, as now the shell complained 
about the lack of closing single quote character (‘) for emails which contain 
an apostrophe in the local part. 


Whether Dovecot LMTP checking the from email address is a good thing is 
disputable, and I believe they are working on removing this check altogether, 
following the logic that once the SMTP server accepted an email and is happy, 
dovecot should not care, but the current state of play is that they do, and 
OpenSMTPD rewriting the from address seems to be breaking delivery of some 
email. This may not be much of an issue in some places, but in the country I 
live in, it’s quite popular for people to have an apostrophe in their surnames, 
and thus have their email address with the apostrophe. 


To try and pin-point the issue, I ran dovecot with “lmtp_rawlog_dir” option, to 
log each lmtp session as it took place. 

This is what happens when you try and send email, via SMTPD, with the 
apostrophe in the from address:

atlantic:/var/log/dovecot# cat 20190623-211547.66274.1.in
1561324547.779544 LHLO localhost
1561324547.780609 MAIL FROM:<first.o:l...@example.com>

atlantic:/var/log/dovecot# cat 20190623-211547.66274.1.out
1561324547.778817 220 mail.example.org Server Ready.
1561324547.780444 250-mail.example.org
1561324547.780444 250-8BITMIME
1561324547.780444 250-CHUNKING
1561324547.780444 250-ENHANCEDSTATUSCODES
1561324547.780444 250-PIPELINING
1561324547.780444 250-STARTTLS
1561324547.780444 250 VRFY
1561324547.780762 501 5.5.4 Invalid FROM: Invalid character in localpart

with the relevant line in the maillog: 

Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery 
evpid=56aed6237d6444a0 from=<first.o'l...@example.com> 
to=<postmas...@example.org> rcpt=<postmas...@example.org> user=me delay=0s 
result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid 
FROM: Invalid character in localpart")


and this is what happens when I connect to dovecot-lmtp directly and send the 
same email, correctly quoting the rewritten from address:

atlantic:/var/log/dovecot# cat 20190623-221211.18076.3.in
1561327931.935101 LHLO localhost
1561327931.935293 MAIL FROM:<"first.o:last"@example.com>
1561327931.935668 RCPT TO:<postmaster>
1561327931.960386 DATA
1561327931.960854 From: Fist O'Last <first.o'l...@example.com>
1561327931.960854 To: Postmaster <postmas...@example.org>
1561327931.960854 Subject: This is a test
1561327931.960854
1561327931.960854 this is a test
1561327931.960854 .
1561327931.996700 QUIT

atlantic:/var/log/dovecot# cat 20190623-221211.18076.3.out
1561327931.934775 220 mail.example.org Server Ready.
1561327931.935192 250-mail.example.org
1561327931.935192 250-8BITMIME
1561327931.935192 250-CHUNKING
1561327931.935192 250-ENHANCEDSTATUSCODES
1561327931.935192 250-PIPELINING
1561327931.935192 250-STARTTLS
1561327931.935192 250 VRFY
1561327931.935560 250 2.1.0 OK
1561327931.960207 250 2.1.5 OK
1561327931.960506 354 OK
1561327931.996534 250 2.0.0 <postmaster> y8HBNzv5D12cRgAA9ywqzw Saved
1561327931.996787 221 2.0.0 Bye
atlantic:/var/log/dovecot#


Am I missing something in the configuration, or is this something that needs to 
be fixed in smtpd? 


I’m running OpenBSD 6.5 patched to 005_libssl (so I guess it’s the -stable 
flavour), with stock OpenSMTPD distributed with OpenBSD 6.5. 

Thanks!
Best Regards,
mike


PS. I’ve used this Wikipedia article to find out the valid format of an email 
address: https://en.wikipedia.org/wiki/Email_address

-- 
Michal Krzysztofowicz
http://beautifulocean.org/


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to