Invalid recipient for local account.
Hello, I manage a server with a mix of a few local users on a OpenSMTPD server and all others users authenticate via an LDAP directory. All user on registered on the LDAP directory received emails, local users get "Invalid recipient": Aug 22 14:14:16 mx-01 smtpd[15911]: 1413a338b810bc82 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " Aug 22 14:14:17 mx-01 smtpd[15911]: 1413a338b810bc82 smtp disconnected reason=disconnect I confirm the user exist on the OpenSMTPD server. ~$ getent passwd mob mob:x:1079:1011:Mob,,,:/home/mob:/bin/bash Here the configuration files : pki mx-01.passerelles34.fr cert "/etc/letsencrypt/live/mx-01.passerelles34.fr/fullchain.pem" pki mx-01.passerelles34.fr key "/etc/letsencrypt/live/mx-01.passerelles34.fr/privkey.pem" table aliases db:/etc/aliases.db table sympa db:/etc/mail/sympa/aliases.db table ldap ldap:/etc/mail/ldap.conf filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \ disconnect "550 no residential connections" filter check_rdns phase connect match !rdns \ disconnect "550 no rDNS" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 no FCrDNS" filter "rspamd" proc-exec "filter-rspamd" smtp max-message-size "20M" #listen on enp1s0 tls pki mx-01.passerelles34.fr auth-optional filter rspamd listen on enp1s0 tls pki mx-01.passerelles34.fr auth-optional filter { check_dyndns, check_rdns, check_fcrdns, rspamd } listen on enp1s0 port submission tls-require pki mx-01.passerelles34.fr auth filter rspamd listen on enp10s0 tls pki mx-01.passerelles34.fr auth-optional filter rspamd listen on enp10s0 port submission tls-require pki mx-01.passerelles34.fr auth filter rspamd action "relaysympa" relay host 192.168.78.70 action "mailinglist" forward-only alias action "inbound" maildir junk userbase alias action "outbound" relay match from any for domain "sympa.passerelles34.fr" action "relaysympa" match from any for rcpt-to action "mailinglist" match from any for domain "passerelles34.fr" action "inbound" #match for local action "local" match from auth for any action "outbound" Here the OpenSMTPD PAM file /etc/pam.d/smtpd : #%PAM-1.0 account [default=bad success=ok user_unknown=ignore] pam_ldap.so debug auth sufficient pam_unix.so nullok auth sufficient pam_ldap.so debug auth required pam_deny.so I cannot put those local user on the LDAP for some reason I doesn't control and want my local users to receive their emails. Am I made something wrong I didn't see, Any clue is good. Best regards, Yan
Re:[Solved] Forward from to another MTA
On 2022-08-16 12:05, Tassilo Philipp wrote: Good thinking Reio! Indeed, there's only a relay line for auth'ed mail, but none for this type of forwarded, local mail. You probably need a further, specific match line. The debug output should help you spot this and write a rule accordingly. Thanks Reio Thanks for you help ! Here the rules I use after following your suggestions : action "relaysympa" relay host list.domain.tld action "mailinglist" forward-only alias match from any for domain "list.domain.tld" action "relaysympa" match from any for rcpt-to action "mailinglist Have a nice day :) Yan
Re: Forward from to another MTA
On 2022-08-16 11:30, Tassilo Philipp wrote: I'm not sure, I'm afraid I cannot help you further with this. I guess the forward seems to match and work now, as your new problem seems to be related to theor "RCPT TO:" stuff, which isn't list.domain.tld..., glad we got that sorted at least. In order to further debug this, I would recommend you start smtpd with -v and enable some of the traces (either through -T options or smtpctl(8)). IIRC, you need -v in order for any of the tracing to work. Then you'll get a detailed output of what match rule is used, what action is triggered, etc.. Good luck Thanks, I will follow your suggestion and continue to dig in. Have a nice day, Yan
Re: Forward from to another MTA
On 2022-08-16 10:13, Tassilo Philipp wrote: I might misunderstand your question, but I noticed that your line: match for rcpt-to action "mailinglist" does not specify a "from" option, so it defaults to "from local". This means it won't match for non-local IPs. Maybe that's the culprit? hth Hello, Oh you right now I have another problem : --- Aug 16 10:34:13 leeds smtpd[17062]: 039b2f6018e9c7ea smtp failed-command command="RCPT TO:" result="524 5.2.4 Mailing list expansion problem: " --- Errata: --- My previous error was : Aug 15 17:50:00 leeds smtpd[5281]: 7dae3f5b0d6ff768 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " --- Let me try to rephrase my question : I have two server, one with OpenSMTPd who manage email for my end users, another manage mailing lists with Sympa. All incoming emails on OpenSMTPd are in @domain.tld. The mailing list software expect something in @list.domain.tld but they are aliased on the OpenSMTPd server as @domain.tld. The aliases in contain value like this : mailinglist1: mailinglist1 @list.domain.tld (Without the space before @) When my users send emails to mailinglist1 @domain.tld, I want OpenSMTPd to forward/relay them as mailinglist1 @list.domain.tld to the mailing list server and to do the same for all aliases in table. How can I achieve that ? :) Let me know if you need more clarity. Best regards, Yan
Forward from to another MTA
Hello, I have some difficulties to create rule sets for a specific use case. I use an OpenSMPTD/Dovecot as main mail server and Sympa ( https://www.sympa.org/index) running on an other server to manage mailing list. On the main mail server, I have two sets of aliases: table aliases db:/etc/aliases.db table sympa db:/etc/mail/sympa/aliases.db The first one contain list of aliases for local accounts. e.g. anAlias: account The second one is a list of alias which point to another MTA dedicated to a mailing list. e.g. list: l...@list.domain.tld I want to forward all incoming emails targeting the Sympa table to the mailing list server. Unfortunately when I send an email to, let's say, l...@list.domain.tld, I got this result : Aug 16 09:56:36 mx-01 smtpd[16029]: 624b10db2fc80050 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " Here the smtpd.conf: pki mx-01.domain.tld cert "/etc/letsencrypt/live/mx-01.domain.tld/cert.pem" pki mx-01.domain.tld key "/etc/letsencrypt/live/mx-01.domain.tld/privkey.pem" table aliases db:/etc/aliases.db table sympa db:/etc/mail/sympa/aliases.db table ldap ldap:/etc/mail/ldap.conf filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \ disconnect "550 no residential connections" filter check_rdns phase connect match !rdns \ disconnect "550 no rDNS" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 no FCrDNS" filter "rspamd" proc-exec "filter-rspamd" smtp max-message-size "20M" listen on enp1s0 tls pki mx-01.domain.tld auth-optional filter { check_dyndns, check_rdns, check_fcrdns, rspamd } listen on enp1s0 port submission tls-require pki mx-01.domain.tld auth filter rspamd # Maybe I misunderstand the `forward-only` in my use case. action "mailinglist" forward-only alias action "inbound" maildir junk userbase alias action "outbound" relay match for rcpt-to action "mailinglist" match from any for domain "domain.tld" action "inbound" match from auth for any action "outbound" Any ideas ? Have a nice day, Yan