On Jan 18, 2020 2:45 PM, gil...@poolp.org wrote: > > January 15, 2020 6:03 PM, "Éloi Rivard" <eloi.riv...@aquilenet.fr> wrote: > > > Hi, > > > > I would like to put a OpenSMTPD server in front of a sourcehut lists > > installation [1] (that is, a mailing list system for sourcehut). > > OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is > > my configuration (without the filter and pki parts): > > > > listen on eth0 tls pki lists.forge.mydomain.tld > > action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock > > > > match from any for domain "lists.forge.yaal.fr" action "sourcehut" > > > > Now with this configuration I only get "550 Invalid recipient" errors, > > which is expected because OpenSMTPD has no way to know what is a valid > > sourcehut list recipient. > > > > How can I make OpenSMTPD just skip the recipient verification, and just > > forward everything to the lmtp socket? > > > > There are two ways: > > 1- synchronize the list of recipients in a recipient table in smtpd, that > may be less convenient because you need to have the list of recipients > on the SMTP side AND the lmtp side, but... that's the clean way. > > 2- you can have a virtual mapping with a catch-all so that all recipients > are accepted and passed to the LMTP socket, this works but is not very > clean because it will backscatter if LMTP rejects the recipient. > > > > I read about userbase catchall, but my understanding is that userbases > > maps recipients to a system user, and that seems irrelevant for me as > > no system user is involved here. > > > > The userbase feature is to provide an alternate mechanism to resolve the > usernames to uid, gid and home directory. I don't think it's useful here > but your comment has hinted me at the issue: > > It is inaccurate that no system user is involved here, all recipients do > resolve into a username because some user has to do the LMTP session. In > virtual setups, like yours seems to be, the proper way is to create some > dedicated user and map all recipients to that: > > action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \ > virtual { "@" = _sourcehut } > > In cases where you have a full list of recipients and do not need to get > virtual mappings involved, you can do: > > action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \ > user _sourcehut >
> But no matter what, any action in smtpd.conf is a command that is going > to get executed and a process has to have a owner, so there is going to > be a system user involved. > Something along these words should be added to the manual somewhere. I think that is a common misunderstanding for virtual setups. Edgar