Invalid recipient for local account.
Hello,
I manage a server with a mix of a few local users on a OpenSMTPD server
and all others users authenticate via an LDAP directory.
All user on registered on the LDAP directory received emails, local
users get "Invalid recipient":
Aug 22 14:14:16 mx-01 smtpd[15911]: 1413a338b810bc82 smtp failed-command
command="RCPT TO:" result="550 Invalid recipient:
"
Aug 22 14:14:17 mx-01 smtpd[15911]: 1413a338b810bc82 smtp disconnected
reason=disconnect
I confirm the user exist on the OpenSMTPD server.
~$ getent passwd mob
mob:x:1079:1011:Mob,,,:/home/mob:/bin/bash
Here the configuration files :
pki mx-01.passerelles34.fr cert
"/etc/letsencrypt/live/mx-01.passerelles34.fr/fullchain.pem"
pki mx-01.passerelles34.fr key
"/etc/letsencrypt/live/mx-01.passerelles34.fr/privkey.pem"
table aliases db:/etc/aliases.db
table sympa db:/etc/mail/sympa/aliases.db
table ldap ldap:/etc/mail/ldap.conf
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS"
filter "rspamd" proc-exec "filter-rspamd"
smtp max-message-size "20M"
#listen on enp1s0 tls pki mx-01.passerelles34.fr auth-optional filter rspamd
listen on enp1s0 tls pki mx-01.passerelles34.fr auth-optional filter {
check_dyndns, check_rdns, check_fcrdns, rspamd }
listen on enp1s0 port submission tls-require pki mx-01.passerelles34.fr
auth filter rspamd
listen on enp10s0 tls pki mx-01.passerelles34.fr auth-optional filter rspamd
listen on enp10s0 port submission tls-require pki mx-01.passerelles34.fr
auth filter rspamd
action "relaysympa" relay host 192.168.78.70
action "mailinglist" forward-only alias
action "inbound" maildir junk userbase alias
action "outbound" relay
match from any for domain "sympa.passerelles34.fr" action "relaysympa"
match from any for rcpt-to action "mailinglist"
match from any for domain "passerelles34.fr" action "inbound"
#match for local action "local"
match from auth for any action "outbound"
Here the OpenSMTPD PAM file /etc/pam.d/smtpd :
#%PAM-1.0
account [default=bad success=ok user_unknown=ignore] pam_ldap.so debug
auth sufficient pam_unix.so nullok
auth sufficient pam_ldap.so debug
auth required pam_deny.so
I cannot put those local user on the LDAP for some reason I doesn't
control and want my local users to receive their emails.
Am I made something wrong I didn't see, Any clue is good.
Best regards,
Yan
Re:[Solved] Forward from to another MTA
On 2022-08-16 12:05, Tassilo Philipp wrote: Good thinking Reio! Indeed, there's only a relay line for auth'ed mail, but none for this type of forwarded, local mail. You probably need a further, specific match line. The debug output should help you spot this and write a rule accordingly. Thanks Reio Thanks for you help ! Here the rules I use after following your suggestions : action "relaysympa" relay host list.domain.tld action "mailinglist" forward-only alias match from any for domain "list.domain.tld" action "relaysympa" match from any for rcpt-to action "mailinglist Have a nice day :) Yan
Re: Forward from to another MTA
On 2022-08-16 11:30, Tassilo Philipp wrote: I'm not sure, I'm afraid I cannot help you further with this. I guess the forward seems to match and work now, as your new problem seems to be related to theor "RCPT TO:" stuff, which isn't list.domain.tld..., glad we got that sorted at least. In order to further debug this, I would recommend you start smtpd with -v and enable some of the traces (either through -T options or smtpctl(8)). IIRC, you need -v in order for any of the tracing to work. Then you'll get a detailed output of what match rule is used, what action is triggered, etc.. Good luck Thanks, I will follow your suggestion and continue to dig in. Have a nice day, Yan
Re: Forward from to another MTA
On 2022-08-16 10:13, Tassilo Philipp wrote: I might misunderstand your question, but I noticed that your line: match for rcpt-to action "mailinglist" does not specify a "from" option, so it defaults to "from local". This means it won't match for non-local IPs. Maybe that's the culprit? hth Hello, Oh you right now I have another problem : --- Aug 16 10:34:13 leeds smtpd[17062]: 039b2f6018e9c7ea smtp failed-command command="RCPT TO:" result="524 5.2.4 Mailing list expansion problem: " --- Errata: --- My previous error was : Aug 15 17:50:00 leeds smtpd[5281]: 7dae3f5b0d6ff768 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " --- Let me try to rephrase my question : I have two server, one with OpenSMTPd who manage email for my end users, another manage mailing lists with Sympa. All incoming emails on OpenSMTPd are in @domain.tld. The mailing list software expect something in @list.domain.tld but they are aliased on the OpenSMTPd server as @domain.tld. The aliases in contain value like this : mailinglist1: mailinglist1 @list.domain.tld (Without the space before @) When my users send emails to mailinglist1 @domain.tld, I want OpenSMTPd to forward/relay them as mailinglist1 @list.domain.tld to the mailing list server and to do the same for all aliases in table. How can I achieve that ? :) Let me know if you need more clarity. Best regards, Yan
Forward from to another MTA
Hello,
I have some difficulties to create rule sets for a specific use case.
I use an OpenSMPTD/Dovecot as main mail server and Sympa (
https://www.sympa.org/index) running on an other server to manage
mailing list.
On the main mail server, I have two sets of aliases:
table aliases db:/etc/aliases.db
table sympa db:/etc/mail/sympa/aliases.db
The first one contain list of aliases for local accounts.
e.g. anAlias: account
The second one is a list of alias which point to another MTA dedicated
to a mailing list.
e.g. list: l...@list.domain.tld
I want to forward all incoming emails targeting the Sympa table to the
mailing list server.
Unfortunately when I send an email to, let's say, l...@list.domain.tld,
I got this result :
Aug 16 09:56:36 mx-01 smtpd[16029]: 624b10db2fc80050 smtp failed-command
command="RCPT TO:" result="550 Invalid recipient:
"
Here the smtpd.conf:
pki mx-01.domain.tld cert
"/etc/letsencrypt/live/mx-01.domain.tld/cert.pem"
pki mx-01.domain.tld key
"/etc/letsencrypt/live/mx-01.domain.tld/privkey.pem"
table aliases db:/etc/aliases.db
table sympa db:/etc/mail/sympa/aliases.db
table ldap ldap:/etc/mail/ldap.conf
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS"
filter "rspamd" proc-exec "filter-rspamd"
smtp max-message-size "20M"
listen on enp1s0 tls pki mx-01.domain.tld auth-optional filter {
check_dyndns, check_rdns, check_fcrdns, rspamd }
listen on enp1s0 port submission tls-require pki mx-01.domain.tld auth
filter rspamd
# Maybe I misunderstand the `forward-only` in my use case.
action "mailinglist" forward-only alias
action "inbound" maildir junk userbase alias
action "outbound" relay
match for rcpt-to action "mailinglist"
match from any for domain "domain.tld" action "inbound"
match from auth for any action "outbound"
Any ideas ?
Have a nice day,
Yan
