Hi All, I’ve been using OpenSMTPD on OpenBSD to run my email server since at least 2015, and this setup has been working really well for me since.
I have recently upgraded my SMTP server from OpenBSD 6.3, via 6.4 to 6.5 (I know I dragged my feet on this one, but I was worried about breaking my email service - there are a few people using this server and relying on it quite a lot). Anyway, it turns out the changes to the config brought on by the new syntax were easier than I initially expected and it seems all is good again. The one issue I do have is with incoming email, sent from an address which contains a single apostrophe (‘) in the local-part of the address - e.g. <first.o’[email protected]>. It seems OpenSMTPD rewrites the from email address by replacing characters it deems insecure with a colon (:). So the example address above becomes <first.o:[email protected]>. Now, the issue is that, while the ‘:’ as well as “‘“ are both allowed characters in the local part, the ‘:’ is only allowed when the local-part is enclosed in double quotes - i.e. <first.o’[email protected]> is VALID, <first.o:[email protected]> is INVALID, and <“first.o:last"@example.com> is VALID. It seems that when the rewrite happens, the local part is not being enclosed in the double quotes. All of the above leads to Dovecot LMTP rejecting the email because of the invalid from address. The relevant part of the smtpd.conf is below: action "lmtp" mda "/usr/libexec/mail.lmtp -f \"%{sender}\" -d /var/dovecot/lmtp %{user.username}" virtual <users> action "lmtp-local" mda "/usr/libexec/mail.lmtp -f \"%{sender}\" -d /var/dovecot/lmtp %{user.username}" alias <aliases> I have also tried using the “syntactic sugar” form: action "lmtp" lmtp "/var/dovecot/lmtp" virtual <users> action "lmtp-local" lmtp "/var/dovecot/lmtp" alias <aliases> and the result is the same - Dovecot rejects the email. I also tried using the :raw modifier to the actions above, like so: action "lmtp" mda "/usr/libexec/mail.lmtp -f \"%{sender:raw}\" -d /var/dovecot/lmtp %{user.username}" virtual <users> but this caused an issue with running mail.lmtp, as now the shell complained about the lack of closing single quote character (‘) for emails which contain an apostrophe in the local part. Whether Dovecot LMTP checking the from email address is a good thing is disputable, and I believe they are working on removing this check altogether, following the logic that once the SMTP server accepted an email and is happy, dovecot should not care, but the current state of play is that they do, and OpenSMTPD rewriting the from address seems to be breaking delivery of some email. This may not be much of an issue in some places, but in the country I live in, it’s quite popular for people to have an apostrophe in their surnames, and thus have their email address with the apostrophe. To try and pin-point the issue, I ran dovecot with “lmtp_rawlog_dir” option, to log each lmtp session as it took place. This is what happens when you try and send email, via SMTPD, with the apostrophe in the from address: atlantic:/var/log/dovecot# cat 20190623-211547.66274.1.in 1561324547.779544 LHLO localhost 1561324547.780609 MAIL FROM:<first.o:[email protected]> atlantic:/var/log/dovecot# cat 20190623-211547.66274.1.out 1561324547.778817 220 mail.example.org Server Ready. 1561324547.780444 250-mail.example.org 1561324547.780444 250-8BITMIME 1561324547.780444 250-CHUNKING 1561324547.780444 250-ENHANCEDSTATUSCODES 1561324547.780444 250-PIPELINING 1561324547.780444 250-STARTTLS 1561324547.780444 250 VRFY 1561324547.780762 501 5.5.4 Invalid FROM: Invalid character in localpart with the relevant line in the maillog: Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery evpid=56aed6237d6444a0 from=<first.o'[email protected]> to=<[email protected]> rcpt=<[email protected]> user=me delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart") and this is what happens when I connect to dovecot-lmtp directly and send the same email, correctly quoting the rewritten from address: atlantic:/var/log/dovecot# cat 20190623-221211.18076.3.in 1561327931.935101 LHLO localhost 1561327931.935293 MAIL FROM:<"first.o:last"@example.com> 1561327931.935668 RCPT TO:<postmaster> 1561327931.960386 DATA 1561327931.960854 From: Fist O'Last <first.o'[email protected]> 1561327931.960854 To: Postmaster <[email protected]> 1561327931.960854 Subject: This is a test 1561327931.960854 1561327931.960854 this is a test 1561327931.960854 . 1561327931.996700 QUIT atlantic:/var/log/dovecot# cat 20190623-221211.18076.3.out 1561327931.934775 220 mail.example.org Server Ready. 1561327931.935192 250-mail.example.org 1561327931.935192 250-8BITMIME 1561327931.935192 250-CHUNKING 1561327931.935192 250-ENHANCEDSTATUSCODES 1561327931.935192 250-PIPELINING 1561327931.935192 250-STARTTLS 1561327931.935192 250 VRFY 1561327931.935560 250 2.1.0 OK 1561327931.960207 250 2.1.5 OK 1561327931.960506 354 OK 1561327931.996534 250 2.0.0 <postmaster> y8HBNzv5D12cRgAA9ywqzw Saved 1561327931.996787 221 2.0.0 Bye atlantic:/var/log/dovecot# Am I missing something in the configuration, or is this something that needs to be fixed in smtpd? I’m running OpenBSD 6.5 patched to 005_libssl (so I guess it’s the -stable flavour), with stock OpenSMTPD distributed with OpenBSD 6.5. Thanks! Best Regards, mike PS. I’ve used this Wikipedia article to find out the valid format of an email address: https://en.wikipedia.org/wiki/Email_address -- Michal Krzysztofowicz http://beautifulocean.org/ -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
