Re: userbase question
On Mon, Aug 27, 2018 at 09:54:05AM -0400, Matt Schwartz wrote:
> I am hoping not to have to use sqlite tables. I like the simplicity of
> file-based configuration.
just for the record:
besides table-specific features, all smtpd features are usable from file
configurations since I write the features for the file backend _then_ we
adapt the other backends.
> On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote:
> >
> > Iirc I got the .forward file working with sqlite tables, where the user
> > query also returned the virtual user???s maildir as an extra parameter.
> >
> > Good luck,
> > Reio
> >
> > > On 27 Aug 2018, at 16:11, Matt Schwartz wrote:
> > >
> > > Hello misc@,
> > >
> > > Below is my configuration file. I am trying to use the userbase
> > > parameter and when I try to send an email to myself, I get the 550
> > > Invalid Recipient error. I am trying to get the usrbase parameter
> > > working so that I can add a .forward file for virtual users as per the
> > > table(5) man page. If I don't use the userbase parameter, mail
> > > delivery works just fine. I am not certain what I am doing wrong here.
> > >
> > > #smtpd.conf
> > > pki mail cert "/etc/ssl/smtpd.crt"
> > > pki mail key "/etc/ssl/private/smtpd.key"
> > >
> > > table aliases file:/etc/mail/aliases
> > > table addrnames file:/etc/mail/addrnames
> > > table credentials file:/etc/mail/credentials
> > > table domains file:/etc/mail/domains
> > > table virtuals file:/etc/mail/virtuals
> > > table usrbase file:/etc/mail/usrbase
> > > table rejects file:/etc/mail/rejects
> > >
> > > # Listeners
> > > #
> > > listen on lo0
> > > listen on lo0 port 10028 tag DKIM
> > > listen on vio0 tls pki mail hostnames
> > > listen on vio0 port 587 tls-require pki mail auth \
> > >hostnames
> > >
> > > # Actions
> > > #
> > > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > %{rcpt}'" alias
> > > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > %{rcpt}'" userbase virtual
> > > action "dkim" relay host smtp://127.0.0.1:10027
> > > action "relay" relay
> > >
> > > # Incoming
> > > #
> > > match from any mail-from for any reject
> > > match from local for local action "local"
> > > match from any for domain action "domain"
> > >
> > > # Outgoing
> > > #
> > > match tag DKIM for any action "relay"
> > > match from local for any action "dkim"
> > > match auth from any for any action "dkim"
> > >
> > > #usrbase
> > > m...@example.org 2000:2000:/var/vmail/example.org/matt
> > >
> > > #virtuals
> > > m...@example.org vmail
> > >
> > > Thanks in advance,
> > > Matt
> > >
> > > --
> > > You received this mail because you are subscribed to misc@opensmtpd.org
> > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > >
> >
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase question
On Mon, Aug 27, 2018 at 09:11:02AM -0400, Matt Schwartz wrote:
> Hello misc@,
>
> Below is my configuration file. I am trying to use the userbase
> parameter and when I try to send an email to myself, I get the 550
> Invalid Recipient error. I am trying to get the usrbase parameter
> working so that I can add a .forward file for virtual users as per the
> table(5) man page. If I don't use the userbase parameter, mail
> delivery works just fine. I am not certain what I am doing wrong here.
>
> #smtpd.conf
> pki mail cert "/etc/ssl/smtpd.crt"
> pki mail key "/etc/ssl/private/smtpd.key"
>
> table aliases file:/etc/mail/aliases
> table addrnames file:/etc/mail/addrnames
> table credentials file:/etc/mail/credentials
> table domains file:/etc/mail/domains
> table virtuals file:/etc/mail/virtuals
> table usrbase file:/etc/mail/usrbase
> table rejects file:/etc/mail/rejects
>
> # Listeners
> #
> listen on lo0
> listen on lo0 port 10028 tag DKIM
> listen on vio0 tls pki mail hostnames
> listen on vio0 port 587 tls-require pki mail auth \
> hostnames
>
> # Actions
> #
> action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> %{rcpt}'" alias
> action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> %{rcpt}'" userbase virtual
> action "dkim" relay host smtp://127.0.0.1:10027
> action "relay" relay
>
you might want to have a look at mda wrappers, it will simplify your
actions considerably ;-)
> # Incoming
> #
> match from any mail-from for any reject
> match from local for local action "local"
> match from any for domain action "domain"
>
> # Outgoing
> #
> match tag DKIM for any action "relay"
> match from local for any action "dkim"
> match auth from any for any action "dkim"
>
> #usrbase
> m...@example.org 2000:2000:/var/vmail/example.org/matt
>
userbase maps a user to an account, so you shouldn't use an email address
here, it should be 'vmail' since that's what you use as the delivery user
in your virtuals table below:
> #virtuals
> m...@example.org vmail
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
very confused on userbase parameter
I am afraid that I am hopelessly confused on the userbase parameter. If I were to have the following: # credentials user1 # userinfo # vmail user is 2000 user1 2000:2000:/var/vmail/user1 # virtuals us...@domain1.com vmail # smtpd.conf table credentials file:/etc/mail/credentials table virtuals file:/etc/mail/virtuals table userinfo file:/etc/mail/userinfo action "action01" maildir userbase virtuals match from any for domain "domain1.com" action "action01" In theory, shouldn't this deliver email addressed to us...@domain1.com to /var/vmail/user1/Maildir/new? Thanks in advance, Matt -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
I finally understand userbase
Hi @misc,
Please disregard my previous email. I finally figured out how userbase
works! In case anyone is wondering how this works I wrote up something
explaining it really quickly. Userbase simply maps a virtual user to a
system user. The virtual user is defined in a separate file. So here's
how it works.
# userinfo
# File for the userbase parameter. All of my emails are stored as the
system user vmail which has a uid and gid of 2000
matt 2000:2000:/var/vmail/example.org/matt
# virtuals
# File for the virtual parameter.
m...@example.org matt
# or if you want a catch-all
@example.org matt
So, this makes the following work:
action "action01" maildir "/var/vmail/%{dest.domain}/%{dest.user}"
userbase virtual
match from any for domain "example.org" action "action01"
If you want to create a .forward file for the user matt, just create
it in /var/vmail/example.org/matt and make certain that it is owned by
the vmail user.
As Gilles mentioned, this feature works with regular files. You do not
need to use a database in order to get it to work. It works perfectly
with a regular file.
-Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Thanks but I finally figured it out and wrote up a little something
that could hopefully benefit others. It's nice being able to use the
.forward feature.
On Sat, Sep 1, 2018 at 12:45 PM Reio Remma wrote:
>
> Hello!
>
> Are you using multiple domains? I just tested it in its simplest form
> (in 6.0.3) with one domain and it worked without virtuals.
>
> table userinfo { reio = 5000:5000:/home/vmail/turin.mrstuudio.ee/reio }
>
> accept tagged Filtered for domain userbase deliver
> to lmtp "/var/run/dovecot/lmtp" rcpt-to
>
> OpenSMTPD successfully read the .forward file from
> 5000:5000:/home/vmail/turin.mrstuudio.ee/reio/.forward
>
> If you're using multiple domains, then you need a somewhat convoluted
> system with virtuals and userbase.
>
> The trouble is that OpenSMTPD is checking only the user name without the
> domain part from userbase.
>
> Good luck,
> Reio
>
> On 01.09.2018 18:59, Matt Schwartz wrote:
> > I am afraid that I am hopelessly confused on the userbase parameter.
> > If I were to have the following:
> >
> > # credentials
> > user1
> >
> > # userinfo
> > # vmail user is 2000
> > user1 2000:2000:/var/vmail/user1
> >
> > # virtuals
> > us...@domain1.com vmail
> >
> > # smtpd.conf
> > table credentials file:/etc/mail/credentials
> > table virtuals file:/etc/mail/virtuals
> > table userinfo file:/etc/mail/userinfo
> >
> > action "action01" maildir userbase virtuals
> > match from any for domain "domain1.com" action "action01"
> >
> > In theory, shouldn't this deliver email addressed to us...@domain1.com
> > to /var/vmail/user1/Maildir/new?
> >
> > Thanks in advance,
> > Matt
> >
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Here is my complete smtpd.conf. I actually don't use lmtp because I
need to take advantage of spam checking. I use rspamd for spam
checking. You can see that I use multiple domains as well. Gilles was
kind enough to suggest using a wrapper and boy did it make things much
more easy to read.
pki mail cert "/etc/ssl/smtpd.crt"
pki mail key "/etc/ssl/private/smtpd.key"
mda wrapper antispam "/usr/local/bin/rspamc --mime -e '%{mda}'"
table aliases file:/etc/mail/aliases
table addrnames file:/etc/mail/addrnames
table credentials file:/etc/mail/credentials
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table userinfo file:/etc/mail/userinfo
table rejects file:/etc/mail/rejects
# Listeners
#
listen on lo0
listen on lo0 port 10028 tag DKIM
listen on vio0 tls pki mail hostnames
listen on vio0 port 587 tls-require pki mail auth \
hostnames
# Actions
#
action "local" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk
wrapper "antispam" alias
action "domain" maildir "/var/vmail/%{dest.domain}/%{dest.user}" junk
wrapper "antispam" userbase virtual
action "dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
# Incoming
#
match from any mail-from for any reject
match from local for local action "local"
match from any for domain action "domain"
# Outgoing
#
match tag DKIM for any action "relay"
match from local for any action "dkim"
match auth from any for any action "dkim"
On Sat, Sep 1, 2018 at 1:06 PM Reio Remma wrote:
>
> On 01.09.2018 19:56, Matt Schwartz wrote:
> > Thanks but I finally figured it out and wrote up a little something
> > that could hopefully benefit others. It's nice being able to use the
> > .forward feature.
>
> Wondeful. :)
>
> For multiple domains we have to use something like this for the userbase
> lookup to succeed. :)
>
> table virtuals { r...@turin.mrstuudio.ee = reio_turin.mrstuudio.ee }
> table userinfo { reio_turin.mrstuudio.ee =
> 5000:5000:/home/vmail/turin.mrstuudio.ee/reio }
>
> accept tagged Filtered for domain virtual userbase
> deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to
>
> It actually doesn't look that complicated with just one user defined. :D
>
> Good luck,
> Reio
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
Thanks Gilles. I puzzled it out and it's working great now. On Sat, Sep 1, 2018 at 1:50 PM Gilles Chehade wrote: > > On Sat, Sep 01, 2018 at 11:59:20AM -0400, Matt Schwartz wrote: > > I am afraid that I am hopelessly confused on the userbase parameter. > > If I were to have the following: > > > > # credentials > > user1 > > > > # userinfo > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > > # virtuals > > us...@domain1.com vmail > > > > [...] > > > > In theory, shouldn't this deliver email addressed to us...@domain1.com > > to /var/vmail/user1/Maildir/new? > > > > you got the configuration file wrong again, despite having it right with > the comment itself: > > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > I'll describe how things work in this mail so it serves as reference for > future questions regarding aliases, virtual and userbase: > > Aliases and virtuals are mutually exclusive features that operate at the > same level, converting an e-mail address into a local user. > > Userbases operate at a lower level, allowing to lookup system details of > a local user such as uid, gid and home directory. > > You don't have to have aliases or virtuals, but you MUST have a userbase > which defaults to the system user database when you don't specify one. > > Aliases and virtuals can be seen as functions that take an e-mail as the > input and produce usernames that _MUST_ exist in the underlying userbase > as the output, otherwise the recipient will be rejected. > > The difference between aliases and virtuals is subtle but simple: > > - aliases assume that all users on the system are allowed to get e-mails > and that the user-part of recipient e-mail addresses are the usernames > on the system. the mechanism allows you to provide an OPTIONAL list of > transformations in case some recipients have user-parts that are not a > system user, and it assumes that if no alias is found, then user-parts > must be looked up as real usernames. > > - virtuals assume that users are NOT allowed to get e-mails, unless they > are EXPLICITELY allowed on a list. either a transform is found and the > recipient is converted into a username, or the recipient is rejected. > > > You can receive e-mail if you're not in the aliases list, if you have an > account on the system with a username matching the user-part. > > You can't receive e-mail if you're not in the virtuals list, EVEN if you > have an account matching the user-part. > > > Now with that being said, converting a recipient into a username doesn't > help us much if that username doesn't exist for real. We need a uid, gid > and a home directory, so no matter if you used aliases, virtuals or none > of them, the username behind a recipient must be found in the user base. > > If I take your example: > > > > # vmail user is 2000 > > user1 2000:2000:/var/vmail/user1 > > > > # virtuals > > us...@domain1.com vmail > > you have resolved us...@domain1.com into the user 'vmail'. > then we lookup the user 'vmail' in the userbase and ... nope, not found. > > Hope it clears it for everyone. > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
On Sat, Sep 01, 2018 at 05:50:27PM +, Gilles Chehade wrote: > > I'll describe how things work in this mail so it serves as reference for > future questions regarding aliases, virtual and userbase: > > Aliases and virtuals are mutually exclusive features that operate at the > same level, converting an e-mail address into a local user. > > Userbases operate at a lower level, allowing to lookup system details of > a local user such as uid, gid and home directory. > > You don't have to have aliases or virtuals, but you MUST have a userbase > which defaults to the system user database when you don't specify one. > > Aliases and virtuals can be seen as functions that take an e-mail as the > input and produce usernames that _MUST_ exist in the underlying userbase > as the output, otherwise the recipient will be rejected. > > The difference between aliases and virtuals is subtle but simple: > > - aliases assume that all users on the system are allowed to get e-mails > and that the user-part of recipient e-mail addresses are the usernames > on the system. the mechanism allows you to provide an OPTIONAL list of > transformations in case some recipients have user-parts that are not a > system user, and it assumes that if no alias is found, then user-parts > must be looked up as real usernames. > > - virtuals assume that users are NOT allowed to get e-mails, unless they > are EXPLICITELY allowed on a list. either a transform is found and the > recipient is converted into a username, or the recipient is rejected. > > > You can receive e-mail if you're not in the aliases list, if you have an > account on the system with a username matching the user-part. > > You can't receive e-mail if you're not in the virtuals list, EVEN if you > have an account matching the user-part. > > > Now with that being said, converting a recipient into a username doesn't > help us much if that username doesn't exist for real. We need a uid, gid > and a home directory, so no matter if you used aliases, virtuals or none > of them, the username behind a recipient must be found in the user base. > Thanks, this helps a lot Just one more question. You reply sounds like I should choose either aliases or virtual, but not both. Is this correct? What about programs such as femail? Do they work fine with just virtuals? Thanks Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
On Sat, Sep 01, 2018 at 11:20:37AM -0700, Chris Bennett wrote: > > Thanks, this helps a lot > > Just one more question. > > You reply sounds like I should choose either aliases or virtual, but not > both. Is this correct? > The option are mutually exclusive, you can't have a mechanism allow some lookups to produce no result while the other requires lookups to produce a result. Note that the aliases and virtual are defined in the action, so you have the possibility to use aliases and virtuals on different rules. just not on the same ones. > What about programs such as femail? Do they work fine with just > virtuals? > femail and related operate _after_ the end user is resolved: 1- user submits r...@poolp.org in the smtp session 2- aliases/virtuals lookup resolve 'root' into 'gilles' 3- userbase resolves 'gilles' into uid 1000 and homedir /home/gilles 4- THEN femail/fdm/procmail/whatever runs as uid 1000 -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase question
Hi Gilles,
Thank you for your advice about using wrappers. I decided to implement
an mda wrapper as per your suggestion. It is interesting that I still
needed to specify either an mbox or maildir in the syntax when I
specify a wrapper. In this case, it doesn't seem to matter if I use
mbox or maildir because dovecot's LDA is doing the final delivery.
This works but I might be doing it wrong.
action "local" mbox wrapper "deliver" alias
action "domain" mbox wrapper "deliver" virtual
match for local action "local"
match from any for domain action "domain"
I have to agree that using the mda wrapper feature is a heck of a lot
cleaner. I am even going to do some testing using OpenSMTPD for final
delivery now that there is explicit support for junk mail delivery. I
think the reason that the userbase didn't work is that I am using
dovecot for final delivery of the email. Below is a patch for the
smtpd.conf(8) man page to reflect where to use the wrapper specified
by mda wrapper.
--- smtpd.conf.5Sat Sep 1 08:52:32 2018
+++ smtpd.conf.5 Sat Sep 1 08:55:23 2018
@@ -156,6 +156,9 @@
.Pq see Sx FORMAT SPECIFIERS .
.It Cm relay
Relay the message to another SMTP server.
+.It Cm wrapper Ar name
+Use a wrapper specified by
+.Cm mda wrapper .It command.
.El
.Pp
The local delivery methods support additional options:
On Sat, Sep 1, 2018 at 8:01 AM Gilles Chehade wrote:
>
> On Mon, Aug 27, 2018 at 09:54:05AM -0400, Matt Schwartz wrote:
> > I am hoping not to have to use sqlite tables. I like the simplicity of
> > file-based configuration.
>
> just for the record:
>
> besides table-specific features, all smtpd features are usable from file
> configurations since I write the features for the file backend _then_ we
> adapt the other backends.
>
>
>
> > On Mon, Aug 27, 2018 at 9:47 AM Reio Remma wrote:
> > >
> > > Iirc I got the .forward file working with sqlite tables, where the user
> > > query also returned the virtual user???s maildir as an extra parameter.
> > >
> > > Good luck,
> > > Reio
> > >
> > > > On 27 Aug 2018, at 16:11, Matt Schwartz
> > > > wrote:
> > > >
> > > > Hello misc@,
> > > >
> > > > Below is my configuration file. I am trying to use the userbase
> > > > parameter and when I try to send an email to myself, I get the 550
> > > > Invalid Recipient error. I am trying to get the usrbase parameter
> > > > working so that I can add a .forward file for virtual users as per the
> > > > table(5) man page. If I don't use the userbase parameter, mail
> > > > delivery works just fine. I am not certain what I am doing wrong here.
> > > >
> > > > #smtpd.conf
> > > > pki mail cert "/etc/ssl/smtpd.crt"
> > > > pki mail key "/etc/ssl/private/smtpd.key"
> > > >
> > > > table aliases file:/etc/mail/aliases
> > > > table addrnames file:/etc/mail/addrnames
> > > > table credentials file:/etc/mail/credentials
> > > > table domains file:/etc/mail/domains
> > > > table virtuals file:/etc/mail/virtuals
> > > > table usrbase file:/etc/mail/usrbase
> > > > table rejects file:/etc/mail/rejects
> > > >
> > > > # Listeners
> > > > #
> > > > listen on lo0
> > > > listen on lo0 port 10028 tag DKIM
> > > > listen on vio0 tls pki mail hostnames
> > > > listen on vio0 port 587 tls-require pki mail auth \
> > > >hostnames
> > > >
> > > > # Actions
> > > > #
> > > > action "local" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > > %{rcpt}'" alias
> > > > action "domain" mda "/usr/local/bin/rspamc -d %{dest} --mime --exec
> > > > '/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{dest} -a
> > > > %{rcpt}'" userbase virtual
> > > > action "dkim" relay host smtp://127.0.0.1:10027
> > > > action "relay" relay
> > > >
> > > > # Incoming
> > > > #
> > > > match from any mail-from for any reject
> > > > match from local for local action "local"
> > > > match from any for domain action "domain"
> > > >
> > > > # Outgoing
> > > > #
> > > > match tag DKIM for any action "relay"
> > > > match from local for any action "dkim"
> > > > match auth from any for any action "dkim"
> > > >
> > > > #usrbase
> > > > m...@example.org 2000:2000:/var/vmail/example.org/matt
> > > >
> > > > #virtuals
> > > > m...@example.org vmail
> > > >
> > > > Thanks in advance,
> > > > Matt
> > > >
> > > > --
> > > > You received this mail because you are subscribed to misc@opensmtpd.org
> > > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > > >
> > >
> > >
> > > --
> > > You received this mail because you are subscribed to misc@opensmtpd.org
> > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> > >
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
> >
>
> --
> Gilles Chehade
>
> https://www.poolp.org @poolpOrg
--
You received this mail because you
Re: very confused on userbase parameter
Hello!
Are you using multiple domains? I just tested it in its simplest form
(in 6.0.3) with one domain and it worked without virtuals.
table userinfo { reio = 5000:5000:/home/vmail/turin.mrstuudio.ee/reio }
accept tagged Filtered for domain userbase deliver
to lmtp "/var/run/dovecot/lmtp" rcpt-to
OpenSMTPD successfully read the .forward file from
5000:5000:/home/vmail/turin.mrstuudio.ee/reio/.forward
If you're using multiple domains, then you need a somewhat convoluted
system with virtuals and userbase.
The trouble is that OpenSMTPD is checking only the user name without the
domain part from userbase.
Good luck,
Reio
On 01.09.2018 18:59, Matt Schwartz wrote:
I am afraid that I am hopelessly confused on the userbase parameter.
If I were to have the following:
# credentials
user1
# userinfo
# vmail user is 2000
user1 2000:2000:/var/vmail/user1
# virtuals
us...@domain1.com vmail
# smtpd.conf
table credentials file:/etc/mail/credentials
table virtuals file:/etc/mail/virtuals
table userinfo file:/etc/mail/userinfo
action "action01" maildir userbase virtuals
match from any for domain "domain1.com" action "action01"
In theory, shouldn't this deliver email addressed to us...@domain1.com
to /var/vmail/user1/Maildir/new?
Thanks in advance,
Matt
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: very confused on userbase parameter
On Sat, Sep 01, 2018 at 11:59:20AM -0400, Matt Schwartz wrote: > I am afraid that I am hopelessly confused on the userbase parameter. > If I were to have the following: > > # credentials > user1 > > # userinfo > # vmail user is 2000 > user1 2000:2000:/var/vmail/user1 > > # virtuals > us...@domain1.com vmail > > [...] > > In theory, shouldn't this deliver email addressed to us...@domain1.com > to /var/vmail/user1/Maildir/new? > you got the configuration file wrong again, despite having it right with the comment itself: > # vmail user is 2000 > user1 2000:2000:/var/vmail/user1 I'll describe how things work in this mail so it serves as reference for future questions regarding aliases, virtual and userbase: Aliases and virtuals are mutually exclusive features that operate at the same level, converting an e-mail address into a local user. Userbases operate at a lower level, allowing to lookup system details of a local user such as uid, gid and home directory. You don't have to have aliases or virtuals, but you MUST have a userbase which defaults to the system user database when you don't specify one. Aliases and virtuals can be seen as functions that take an e-mail as the input and produce usernames that _MUST_ exist in the underlying userbase as the output, otherwise the recipient will be rejected. The difference between aliases and virtuals is subtle but simple: - aliases assume that all users on the system are allowed to get e-mails and that the user-part of recipient e-mail addresses are the usernames on the system. the mechanism allows you to provide an OPTIONAL list of transformations in case some recipients have user-parts that are not a system user, and it assumes that if no alias is found, then user-parts must be looked up as real usernames. - virtuals assume that users are NOT allowed to get e-mails, unless they are EXPLICITELY allowed on a list. either a transform is found and the recipient is converted into a username, or the recipient is rejected. You can receive e-mail if you're not in the aliases list, if you have an account on the system with a username matching the user-part. You can't receive e-mail if you're not in the virtuals list, EVEN if you have an account matching the user-part. Now with that being said, converting a recipient into a username doesn't help us much if that username doesn't exist for real. We need a uid, gid and a home directory, so no matter if you used aliases, virtuals or none of them, the username behind a recipient must be found in the user base. If I take your example: > # vmail user is 2000 > user1 2000:2000:/var/vmail/user1 > > # virtuals > us...@domain1.com vmail you have resolved us...@domain1.com into the user 'vmail'. then we lookup the user 'vmail' in the userbase and ... nope, not found. Hope it clears it for everyone. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
