On Mon, 2020-07-27 at 22:46 -0400, Larkin Nickle wrote:
> Someone from a corporation that uses GroupWise for email is unable to 
> get their mail to deliver to my server running OpenBSD. In the log, I see:
> Jul 27 22:10:39 hostname smtpd[34369]: de587a23456fe10c smtp 
> failed-command command="RCPT TO:<m...@l......org> 
> ORCPT=rfc822;groupwise...@l......org:1:1" result="553 ORCPT address 
> syntax error"
> My best guess is that GroupWise is maybe appending :1:1 to the end of 
> the address and this is what is tripping this syntax error. They are 
> able to successfully send mail to me on Google Mail, Outlook, etc. mail 
> accounts.
I probably agree with you; from smtp_session.c:3213:
                } else if (ADVERTISE_EXT_DSN(tx->session) && strncasecmp(opt, 
"ORCPT=", 6) == 0) {
                        opt += 6;

                        if (strncasecmp(opt, "rfc822;", 7) == 0)
                                opt += 7;

                        if (!text_to_mailaddr(&tx->evp.dsn_orcpt, opt) ||
                            !valid_localpart(tx->evp.dsn_orcpt.user) ||
                            !valid_domainpart(tx->evp.dsn_orcpt.domain)) {
                                    "553 ORCPT address syntax error");
Where valid_domainpart uses res_hnok(), which only allows for:
'.', alpha, digit, '-', and '_' according to libc/net/res_comp.c.

According to RFC3461 section 4.2:
      orcpt-parameter = "ORCPT=" original-recipient-address
      original-recipient-address = addr-type ";" xtext

So addr-type here is rfc822, which is supported by smtpd. So the
address-part is in xtext, on which the RFC says the following:
while the "xtext" portion contains an encoded representation of the
original recipient address using the rules in section 5 of this

I haven't read section 5 fully (don't have the time now) but I'm highly
doubtful that ":1:1" is a legitimate postfix on a domainname. You should
ask your colleague where this comes from and why this should be

As for why google, outlook, etc support this: I don't know. I don't see
any value in it yet personally, so maybe they don't either and just
parse the value to see if it's valid xtext, without actually validating
that it's a valid mail address. Just taking a blind guess here.


Reply via email to