Re: OpenSMTP - Wrong user for Dovecot LMTP
On 10/19/20 1:18 PM, Chris Bennett wrote: On Mon, Oct 19, 2020 at 06:24:47AM -0400, Aisha Tammy wrote: On 10/19/20 12:20 AM, Kastus Shchuka wrote: On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote: Hi, I just upgraded to 6.8 and the upgrade process has been super cool and simple :) Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has stopped delivering the mail using Dovecots LMTP due to sending as wrong user. osmtpd tries to send the mail as *_smtpd* even when configured to send as a different user *excision* Could it be this change: https://marc.info/?t=15878902902=1=2 ? Well damn... That would indeed cause this error. I guess a simple fix would be to add _smtpd to the socket group or change socket group to _smtpd. Another fix would be to have the whole virtual user system also be done using _smtpd but I feel that keeping things with separate users is better. Thanks a lot for the answer! Aisha Are you using Maildir and IMAP from dovecot? I am. I've setup using vmail as the user for dovecot. Something similar to your virtual user files, except that I have three files: vdomains, vaddr and vusers. vusers has the table you are using, except moving to user vmail instead of excision, which doesn't matter. vdomains are the domains getting mail. vaddr are just the plain addresses used. action a01 lmtp "/var/dovecot/lmtp" rcpt-to alias action a02 lmtp "/var/dovecot/lmtp" rcpt-to virtual match from any for local action a01 match from any for domain rcpt-to action a02 This works really well. I'm also using PostgreSQL for the users, passwords and home folders for dovecot, which solves the upcoming removal of bsdauth in dovecot. However, unrelated I'm having trouble setting up auth for sending. There are many conflicting examples which I can't sort out. I'll look over what you've posted to see if that can work for me. I have four mail domains on this server and I'm definitely missing some small piece of the puzzle. Regards, Chris Bennett Yea, take a look at my config, it allows senders to send from any of their allowed aliases. like no...@domain1.com has an alias anothern...@domain2.org. Then no...@domain1.com can both send and receive mails for anothernoob. You have a create the virtuals table, and a reverse virtuals table, called in my config. Though I don't use postgresql or anything... I just cooked up a small homegrown scheme using openssh and passwd file format storage for users and passwords. Everyone supports that, don't think its gonna be killed anytime soon :D Aisha
Re: OpenSMTP - Wrong user for Dovecot LMTP
On Mon, Oct 19, 2020 at 06:24:47AM -0400, Aisha Tammy wrote: > On 10/19/20 12:20 AM, Kastus Shchuka wrote: > > On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote: > > > Hi, > > > > > > I just upgraded to 6.8 and the upgrade process has been super cool and > > > simple :) > > > > > > Unfortunately I seem to have hit some weird issue in OpenSMTPD where it > > > has stopped > > > delivering the mail using Dovecots LMTP due to sending as wrong user. > > > > > > osmtpd tries to send the mail as *_smtpd* even when configured to send as > > > a > > > different user *excision* > > > > > > Could it be this change: https://marc.info/?t=15878902902=1=2 ? > > > > Well damn... That would indeed cause this error. > I guess a simple fix would be to add _smtpd to the socket group or change > socket > group to _smtpd. > > Another fix would be to have the whole virtual user system also be done using > _smtpd but I feel that keeping things with separate users is better. > > Thanks a lot for the answer! > > Aisha > Are you using Maildir and IMAP from dovecot? I am. I've setup using vmail as the user for dovecot. Something similar to your virtual user files, except that I have three files: vdomains, vaddr and vusers. vusers has the table you are using, except moving to user vmail instead of excision, which doesn't matter. vdomains are the domains getting mail. vaddr are just the plain addresses used. action a01 lmtp "/var/dovecot/lmtp" rcpt-to alias action a02 lmtp "/var/dovecot/lmtp" rcpt-to virtual match from any for local action a01 match from any for domain rcpt-to action a02 This works really well. I'm also using PostgreSQL for the users, passwords and home folders for dovecot, which solves the upcoming removal of bsdauth in dovecot. However, unrelated I'm having trouble setting up auth for sending. There are many conflicting examples which I can't sort out. I'll look over what you've posted to see if that can work for me. I have four mail domains on this server and I'm definitely missing some small piece of the puzzle. Regards, Chris Bennett
Re: OpenSMTP - Wrong user for Dovecot LMTP
On 10/19/20 12:20 AM, Kastus Shchuka wrote: On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote: Hi, I just upgraded to 6.8 and the upgrade process has been super cool and simple :) Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has stopped delivering the mail using Dovecots LMTP due to sending as wrong user. osmtpd tries to send the mail as *_smtpd* even when configured to send as a different user *excision* Could it be this change: https://marc.info/?t=15878902902=1=2 ? Well damn... That would indeed cause this error. I guess a simple fix would be to add _smtpd to the socket group or change socket group to _smtpd. Another fix would be to have the whole virtual user system also be done using _smtpd but I feel that keeping things with separate users is better. Thanks a lot for the answer! Aisha
OpenSMTP - Wrong user for Dovecot LMTP
Hi, I just upgraded to 6.8 and the upgrade process has been super cool and simple :) Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has stopped delivering the mail using Dovecots LMTP due to sending as wrong user. osmtpd tries to send the mail as *_smtpd* even when configured to send as a different user *excision* Relevant parts of the error output from the command smtpd -dv -T stat -T lookup -T expand -T mproc -T rules debug: mda: got message fd 21 for session 27dfd8470fcf834f evpid 1140e2ecd415316b debug: mda: querying mda fd for session 27dfd8470fcf834f evpid 1140e2ecd415316b mproc: pony -> parent : 6168 IMSG_MDA_FORK debug: smtpd: forking mda for session 27dfd8470fcf834f: excision as _smtpd mproc: parent -> pony : 8 IMSG_MDA_FORK debug: mda: got mda fd 22 for session 27dfd8470fcf834f evpid 1140e2ecd415316b debug: smtpd: mda process done for session 27dfd8470fcf834f: exited abnormally debug: mda: io disconnected on session 27dfd8470fcf834f mproc: parent -> pony : 35 IMSG_MDA_DONE mproc: pony -> queue : 53 IMSG_MDA_DELIVERY_TEMPFAIL 27dfd846f9575079 mda delivery evpid=1140e2ecd415316b from= to= rcpt= use r=excision delay=2h10m40s result=TempFail stat=Error (temporary failure: "mail.lmtp: connect: Permission denied") debug: mda: session 27dfd8470fcf834f done mproc: pony -> control : 46 IMSG_STAT_DECREMENT debug: mda: user "excision" becomes runnable mproc: pony -> control : 45 IMSG_STAT_DECREMENT debug: mda: all done for user ":excision" mproc: pony -> control : 42 IMSG_STAT_DECREMENT mproc: queue -> control : 57 IMSG_STAT_INCREMENT ramstat: decrement: mda.envelope ramstat: mda.envelope (0xe29944762c1): 1 -> 0 ramstat: decrement: mda.running ramstat: mda.running (0xe29d4a91c41): 1 -> 0 ramstat: decrement: mda.user ramstat: mda.user (0xe298f729481): 1 -> 0 mproc: queue -> control : 59 IMSG_STAT_INCREMENT mproc: queue -> scheduler : 441 IMSG_QUEUE_DELIVERY_TEMPFAIL ramstat: increment: queue.evpcache.load.hit mproc: scheduler -> control : 61 IMSG_STAT_INCREMENT ramstat: queue.evpcache.load.hit (0xe2a74f72f81): 111 -> 112 mproc: scheduler -> control : 61 IMSG_STAT_DECREMENT ramstat: increment: queue.evpcache.update.hit ramstat: queue.evpcache.update.hit (0xe29d4a91c41): 52 -> 53 ramstat: increment: scheduler.delivery.tempfail ramstat: scheduler.delivery.tempfail (0xe2a74f72981): 45 -> 46 ramstat: decrement: scheduler.envelope.inflight ramstat: scheduler.envelope.inflight (0xe2a74f72281): 1 -> 0 mproc: pony -> lka : 28 IMSG_GETNAMEINFO mproc: pony -> control : 46 IMSG_STAT_INCREMENT This is happening as the lmtp socket only has minimal permissions srw-rw 1 excision excision 0B Oct 18 20:03 lmtp= Relevant parts of my smtpd.conf ... action "dovecot-lmtp" \ lmtp "/var/dovecot/lmtp" rcpt-to \ virtual ... # # accept mail from outside sent to our # BUT not those who are coming for key-submission match from any \ for domain \ !rcpt-to \ action "dovecot-lmtp" ... Relevant parts of my virtuals table ai...@aisha.cc excision ... open...@aisha.ccai...@aisha.cc ... I've also attached the full files if needed and a larger log as well. It's possible I've made some error, but then it was working until yesterday. Current workaround: chmod 666 /var/dovecot/lmtp to allow _smtpd user to also write to the socket. Very insecure, I know... Hopefully, it is just me making a stupid error in the config :x Thanks, Aisha ai...@aisha.cc excision postmas...@aisha.cc ai...@aisha.cc ab...@aisha.cc ai...@aisha.cc n...@aisha.cc ai...@aisha.cc secur...@aisha.cc ai...@aisha.cc hostmas...@aisha.cc ai...@aisha.cc use...@aisha.cc ai...@aisha.cc n...@aisha.cc ai...@aisha.cc webmas...@aisha.cc ai...@aisha.cc dmarcrepo...@aisha.cc ai...@aisha.cc tlsrepo...@aisha.cc ai...@aisha.cc ansim...@aisha.cc ai...@aisha.cc gen...@aisha.cc ai...@aisha.cc open...@aisha.ccai...@aisha.cc n...@aisha.cc ai...@aisha.cc faceb...@aisha.cc ai...@aisha.cc enigm...@aisha.cc ai...@aisha.cc testu...@aisha.cc ai...@aisha.cc e...@aisha.cc ai...@aisha.cc st...@aisha.cc ai...@aisha.cc git...@aisha.cc ai...@aisha.cc n...@aisha.cc ai...@aisha.cc m...@aisha.cc ai...@aisha.cc freen...@aisha.cc ai...@aisha.cc r...@aisha.cc ai...@aisha.cc lez...@aisha.cc
Re: OpenSMTP - Wrong user for Dovecot LMTP
On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote: > Hi, > > I just upgraded to 6.8 and the upgrade process has been super cool and > simple :) > > Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has > stopped > delivering the mail using Dovecots LMTP due to sending as wrong user. > > osmtpd tries to send the mail as *_smtpd* even when configured to send as a > different user *excision* Could it be this change: https://marc.info/?t=15878902902=1=2 ?