Re: Trying to understand why smtpd doesn't accept messages.

Tue, 06 Jan 2026 08:05:50 -0800 

Hi Mattias,


> But from a security perspective, I think that "local" is a saner default
> than "any", because in this way it's much harder to accidentally create
> an open relay.


Sure. I think it would be better still if a match rule had a mandatory
"for" clause; I am not a big fan of silent defaults.

Good news is, after changing my match rule to ...

    match from any for any action "my-test-mda"

.. mails from the outside world now proceed a bit further (the second test
yields true now), and I see a "rule #1 matched" in the trace.

Bad news, the message still doesn't make it into the queue, and I once
again don't understand why. Below is what is reported between reception of
the "RCPT TO" and reporting back "550 Invalid recipient".

smtp: 0x55a196b07790: <<< RCPT TO:<[email protected]>
mproc: dispatcher -> lka: realloc 128 -> 512
mproc: dispatcher -> lka : 297 IMSG_SMTP_EXPAND_RCPT
imsg: lka <- dispatcher: IMSG_SMTP_EXPAND_RCPT (len=297)
expand: 0x55f984720dc8: expand_insert() called for
address:[email protected][parent=(nil), rule=(nil)]
expand: 0x55f984720dc8: inserted node 0x55f9846baa10
expand: lka_expand: address: [email protected] [depth=0]
lookup: match "84.86.60.125" as netaddr in table static:<anyhost> -> true
lookup: match "wherewithal.nl" as domain in table static:<anydestination>
-> true
rule #1 matched: match from any for any action my-test-mda
expand: 0x55f984720dc8: expand_insert() called for
username:test14[parent=0x55f9846baa10, rule=0x55f9846b24c0,
dispatcher=0x55f9846b2570]
expand: 0x55f984720dc8: inserted node 0x55f984722bb0
expand: lka_expand: username: test14 [depth=1, sameuser=0]
lookup: lookup "test14" as userinfo in table getpwnam:<getpwnam> -> none
expand: lka_expand: user-part does not match system user
mproc: lka -> dispatcher : 35 IMSG_SMTP_EXPAND_RCPT
expand: 0x55f984720dc8: clearing expand tree
imsg: dispatcher <- lka: IMSG_SMTP_EXPAND_RCPT (len=35)
smtp: 0x55a196b07790: >>> 550 Invalid recipient: <[email protected]>
a37854893ea302ed smtp failed-command command="RCPT TO:<[email protected]>"
result="550 Invalid recipient: <[email protected]>"


Do you (or somebody else) have an idea?

Cheers, Sidney

Reply via email to