Re: OpenSMTP - Wrong user for Dovecot LMTP

2020-10-19 Thread Aisha Tammy

On 10/19/20 1:18 PM, Chris Bennett wrote:

On Mon, Oct 19, 2020 at 06:24:47AM -0400, Aisha Tammy wrote:

On 10/19/20 12:20 AM, Kastus Shchuka wrote:

On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote:

Hi,

   I just upgraded to 6.8 and the upgrade process has been super cool and 
simple :)

Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has 
stopped
delivering the mail using Dovecots LMTP due to sending as wrong user.

osmtpd tries to send the mail as *_smtpd* even when configured to send as a
different user *excision*



Could it be this change: https://marc.info/?t=15878902902=1=2 ?



Well damn... That would indeed cause this error.
I guess a simple fix would be to add _smtpd to the socket group or change socket
group to _smtpd.

Another fix would be to have the whole virtual user system also be done using
_smtpd but I feel that keeping things with separate users is better.

Thanks a lot for the answer!

Aisha



Are you using Maildir and IMAP from dovecot? I am.
I've setup using vmail as the user for dovecot. Something similar to
your virtual user files, except that I have three files:
vdomains, vaddr and vusers.

vusers has the table you are using, except moving to user vmail instead
of excision, which doesn't matter. vdomains are the domains getting
mail.
vaddr are just the plain addresses used.

action a01 lmtp "/var/dovecot/lmtp" rcpt-to alias 
action a02 lmtp "/var/dovecot/lmtp" rcpt-to virtual 

match from any for local action a01
match from any for domain  rcpt-to  action a02

This works really well. I'm also using PostgreSQL for the users,
passwords and home folders for dovecot, which solves the upcoming
removal of bsdauth in dovecot.

However, unrelated I'm having trouble setting up auth for sending. There
are many conflicting examples which I can't sort out. I'll look over
what you've posted to see if that can work for me. I have four mail
domains on this server and I'm definitely missing some small piece of
the puzzle.

Regards,
Chris Bennett



Yea, take a look at my config, it allows senders to send from any of their
allowed aliases. like no...@domain1.com has an alias anothern...@domain2.org.
Then no...@domain1.com can both send and receive mails for anothernoob.

You have a create the virtuals table, and a reverse virtuals table, called 

in my config.

Though I don't use postgresql or anything... I just cooked up a small homegrown
scheme using openssh and passwd file format storage for users and passwords.
Everyone supports that, don't think its gonna be killed anytime soon :D

Aisha



Re: OpenSMTP - Wrong user for Dovecot LMTP

2020-10-19 Thread Chris Bennett
On Mon, Oct 19, 2020 at 06:24:47AM -0400, Aisha Tammy wrote:
> On 10/19/20 12:20 AM, Kastus Shchuka wrote:
> > On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote:
> > > Hi,
> > > 
> > >   I just upgraded to 6.8 and the upgrade process has been super cool and 
> > > simple :)
> > > 
> > > Unfortunately I seem to have hit some weird issue in OpenSMTPD where it 
> > > has stopped
> > > delivering the mail using Dovecots LMTP due to sending as wrong user.
> > > 
> > > osmtpd tries to send the mail as *_smtpd* even when configured to send as 
> > > a
> > > different user *excision*
> > 
> > 
> > Could it be this change: https://marc.info/?t=15878902902=1=2 ?
> > 
> 
> Well damn... That would indeed cause this error.
> I guess a simple fix would be to add _smtpd to the socket group or change 
> socket
> group to _smtpd.
> 
> Another fix would be to have the whole virtual user system also be done using
> _smtpd but I feel that keeping things with separate users is better.
> 
> Thanks a lot for the answer!
> 
> Aisha
> 

Are you using Maildir and IMAP from dovecot? I am.
I've setup using vmail as the user for dovecot. Something similar to
your virtual user files, except that I have three files:
vdomains, vaddr and vusers.

vusers has the table you are using, except moving to user vmail instead
of excision, which doesn't matter. vdomains are the domains getting
mail.
vaddr are just the plain addresses used.

action a01 lmtp "/var/dovecot/lmtp" rcpt-to alias 
action a02 lmtp "/var/dovecot/lmtp" rcpt-to virtual 

match from any for local action a01 
match from any for domain  rcpt-to  action a02

This works really well. I'm also using PostgreSQL for the users,
passwords and home folders for dovecot, which solves the upcoming
removal of bsdauth in dovecot.

However, unrelated I'm having trouble setting up auth for sending. There
are many conflicting examples which I can't sort out. I'll look over
what you've posted to see if that can work for me. I have four mail
domains on this server and I'm definitely missing some small piece of
the puzzle.

Regards,
Chris Bennett




Re: OpenSMTP - Wrong user for Dovecot LMTP

2020-10-19 Thread Aisha Tammy

On 10/19/20 12:20 AM, Kastus Shchuka wrote:

On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote:

Hi,

  I just upgraded to 6.8 and the upgrade process has been super cool and simple 
:)

Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has 
stopped
delivering the mail using Dovecots LMTP due to sending as wrong user.

osmtpd tries to send the mail as *_smtpd* even when configured to send as a
different user *excision*



Could it be this change: https://marc.info/?t=15878902902=1=2 ?



Well damn... That would indeed cause this error.
I guess a simple fix would be to add _smtpd to the socket group or change socket
group to _smtpd.

Another fix would be to have the whole virtual user system also be done using
_smtpd but I feel that keeping things with separate users is better.

Thanks a lot for the answer!

Aisha



OpenSMTP - Wrong user for Dovecot LMTP

2020-10-18 Thread Aisha Tammy

Hi,

 I just upgraded to 6.8 and the upgrade process has been super cool and simple 
:)

Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has 
stopped
delivering the mail using Dovecots LMTP due to sending as wrong user.

osmtpd tries to send the mail as *_smtpd* even when configured to send as a
different user *excision*

Relevant parts of the error output from the command
smtpd -dv -T stat -T lookup -T expand -T mproc -T rules

debug: mda: got message fd 21 for session 27dfd8470fcf834f evpid 
1140e2ecd415316b
debug: mda: querying mda fd for session 27dfd8470fcf834f evpid 1140e2ecd415316b
mproc: pony -> parent : 6168 IMSG_MDA_FORK
debug: smtpd: forking mda for session 27dfd8470fcf834f: excision as _smtpd
mproc: parent -> pony : 8 IMSG_MDA_FORK
debug: mda: got mda fd 22 for session 27dfd8470fcf834f evpid 1140e2ecd415316b
debug: smtpd: mda process done for session 27dfd8470fcf834f: exited abnormally
debug: mda: io disconnected on session 27dfd8470fcf834f
mproc: parent -> pony : 35 IMSG_MDA_DONE
mproc: pony -> queue : 53 IMSG_MDA_DELIVERY_TEMPFAIL
27dfd846f9575079 mda delivery evpid=1140e2ecd415316b from= to= rcpt= use
r=excision delay=2h10m40s result=TempFail stat=Error (temporary failure: "mail.lmtp: 
connect: Permission denied")
debug: mda: session 27dfd8470fcf834f done
mproc: pony -> control : 46 IMSG_STAT_DECREMENT
debug: mda: user "excision" becomes runnable
mproc: pony -> control : 45 IMSG_STAT_DECREMENT
debug: mda: all done for user ":excision"
mproc: pony -> control : 42 IMSG_STAT_DECREMENT
mproc: queue -> control : 57 IMSG_STAT_INCREMENT
ramstat: decrement: mda.envelope
ramstat: mda.envelope (0xe29944762c1): 1 -> 0
ramstat: decrement: mda.running
ramstat: mda.running (0xe29d4a91c41): 1 -> 0
ramstat: decrement: mda.user
ramstat: mda.user (0xe298f729481): 1 -> 0
mproc: queue -> control : 59 IMSG_STAT_INCREMENT
mproc: queue -> scheduler : 441 IMSG_QUEUE_DELIVERY_TEMPFAIL
ramstat: increment: queue.evpcache.load.hit
mproc: scheduler -> control : 61 IMSG_STAT_INCREMENT
ramstat: queue.evpcache.load.hit (0xe2a74f72f81): 111 -> 112
mproc: scheduler -> control : 61 IMSG_STAT_DECREMENT
ramstat: increment: queue.evpcache.update.hit
ramstat: queue.evpcache.update.hit (0xe29d4a91c41): 52 -> 53
ramstat: increment: scheduler.delivery.tempfail
ramstat: scheduler.delivery.tempfail (0xe2a74f72981): 45 -> 46
ramstat: decrement: scheduler.envelope.inflight
ramstat: scheduler.envelope.inflight (0xe2a74f72281): 1 -> 0
mproc: pony -> lka : 28 IMSG_GETNAMEINFO
mproc: pony -> control : 46 IMSG_STAT_INCREMENT

This is happening as the lmtp socket only has minimal permissions
 srw-rw  1 excision  excision 0B Oct 18 20:03 lmtp=

Relevant parts of my smtpd.conf

...
action "dovecot-lmtp" \
lmtp "/var/dovecot/lmtp" rcpt-to \
virtual 
...
#
# accept mail from outside sent to our
# BUT not those who are coming for key-submission
match   from any \
for domain  \
!rcpt-to  \
action "dovecot-lmtp"
...

Relevant parts of my virtuals table

ai...@aisha.cc  excision
...
open...@aisha.ccai...@aisha.cc
...


I've also attached the full files if needed and a larger log as well.

It's possible I've made some error, but then it was working until
yesterday.

Current workaround: chmod 666 /var/dovecot/lmtp
to allow _smtpd user to also write to the socket.
Very insecure, I know...

Hopefully, it is just me making a stupid error in the config :x

Thanks,
Aisha



ai...@aisha.cc  excision
postmas...@aisha.cc ai...@aisha.cc
ab...@aisha.cc  ai...@aisha.cc
n...@aisha.cc   ai...@aisha.cc
secur...@aisha.cc   ai...@aisha.cc
hostmas...@aisha.cc ai...@aisha.cc
use...@aisha.cc ai...@aisha.cc
n...@aisha.cc   ai...@aisha.cc
webmas...@aisha.cc  ai...@aisha.cc
dmarcrepo...@aisha.cc   ai...@aisha.cc
tlsrepo...@aisha.cc ai...@aisha.cc
ansim...@aisha.cc   ai...@aisha.cc
gen...@aisha.cc ai...@aisha.cc
open...@aisha.ccai...@aisha.cc
n...@aisha.cc   ai...@aisha.cc
faceb...@aisha.cc   ai...@aisha.cc
enigm...@aisha.cc   ai...@aisha.cc
testu...@aisha.cc   ai...@aisha.cc
e...@aisha.cc   ai...@aisha.cc
st...@aisha.cc  ai...@aisha.cc
git...@aisha.cc ai...@aisha.cc
n...@aisha.cc   ai...@aisha.cc
m...@aisha.cc   ai...@aisha.cc
freen...@aisha.cc   ai...@aisha.cc
r...@aisha.cc   ai...@aisha.cc
lez...@aisha.cc 

Re: OpenSMTP - Wrong user for Dovecot LMTP

2020-10-18 Thread Kastus Shchuka
On Sun, Oct 18, 2020 at 08:55:16PM -0400, Aisha Tammy wrote:
> Hi,
> 
>  I just upgraded to 6.8 and the upgrade process has been super cool and 
> simple :)
> 
> Unfortunately I seem to have hit some weird issue in OpenSMTPD where it has 
> stopped
> delivering the mail using Dovecots LMTP due to sending as wrong user.
> 
> osmtpd tries to send the mail as *_smtpd* even when configured to send as a
> different user *excision*


Could it be this change: https://marc.info/?t=15878902902=1=2 ?