553 ORCPT address syntax errors on OpenBSD-6.6-current
I'm starting to get several log entries for several errors of type: 553ORCPT address syntax error The error is intermittent since the server is able to process other incoming mails without error. For instance, I just sent myself an email from GMail, and it came through successfully. Typical log entry will look like: Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected address=198.2.185.67 host=mail67.suw111.mcdlv.net Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected reason=quit Mail logs prior to latest update to 6.6-current are free of these errors, so presumably the regression has been introduced in the latest snapshot (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb 1 23:32:22 MST 2020). In fact, it looks as though it is related to this recent commit: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 In which case, it may be suggested that the change is being perhaps a little too strict.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
On 2/3/2020 8:11 AM, Gilles Chehade wrote:
On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote:
I'm starting to get several log entries for several errors of type:
553ORCPT address syntax error
The error is intermittent since the server is able to process other incoming
mails without error. For instance, I just sent myself an email from GMail,
and it came through successfully.
Typical log entry will look like:
Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected
address=198.2.185.67 host=mail67.suw111.mcdlv.net
Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp
failed-command command="RCPT TO:
ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error"
Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected
reason=quit
Mail logs prior to latest update to 6.6-current are free of these errors, so
presumably the regression has been introduced in the latest snapshot
(OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In
fact, it looks as though it is related to this recent commit:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423
In which case, it may be suggested that the change is being perhaps a little
too strict.
indeed addresses in ORCPT are prefixed with a character that's not allowed in
the mailaddr character set. the fix has been committed, thanks
Thank you for your prompt response.
Now I am getting different errors after patching smtpd:
Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected
address=207.244.88.153 host=hermes.apache.org
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message
msgid=d9c025c9 size=6821 nrcpt=1 proto=SMTP
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope
evpid=d9c025c9d5c66d45
from=
to=
Feb 3 09:02:32 callistus mail.local: may only be run by the superuser
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery
evpid=d9c025c9d5c66d45
from=
to= rcp
t= user=lists delay=1s result=PermFail stat=Error
("mail.local: may only be run by the superuser")
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp
disconnected reason=quit
No doubt I've done something wrong.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
mail.local needs to be updated too
February 3, 2020 6:11 PM, "Scott Vanderbilt" wrote:
> On 2/3/2020 8:11 AM, Gilles Chehade wrote:
>
>> On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote:
>>> I'm starting to get several log entries for several errors of type:
>>>
>>> 553ORCPT address syntax error
>>>
>>> The error is intermittent since the server is able to process other incoming
>>> mails without error. For instance, I just sent myself an email from GMail,
>>> and it came through successfully.
>>>
>>> Typical log entry will look like:
>>>
>>> Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected
>>> address=198.2.185.67 host=mail67.suw111.mcdlv.net
>>> Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls
>>> ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
>>> Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp
>>> failed-command command="RCPT TO:
>>> ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error"
>>> Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected
>>> reason=quit
>>>
>>> Mail logs prior to latest update to 6.6-current are free of these errors, so
>>> presumably the regression has been introduced in the latest snapshot
>>> (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In
>>> fact, it looks as though it is related to this recent commit:
>>> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423
>>>
>>> In which case, it may be suggested that the change is being perhaps a little
>>> too strict.
>>
>> indeed addresses in ORCPT are prefixed with a character that's not allowed in
>> the mailaddr character set. the fix has been committed, thanks
>
> Thank you for your prompt response.
>
> Now I am getting different errors after patching smtpd:
>
> Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected
> address=207.244.88.153
> host=hermes.apache.org
> Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message
> msgid=d9c025c9 size=6821
> nrcpt=1 proto=SMTP
> Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope
> evpid=d9c025c9d5c66d45
> from=
> to=
> Feb 3 09:02:32 callistus mail.local: may only be run by the superuser
> Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery
> evpid=d9c025c9d5c66d45
> from=
> to= rcp
> t= user=lists delay=1s result=PermFail stat=Error
> ("mail.local: may only be
> run by the superuser")
> Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp disconnected
> reason=quit
>
> No doubt I've done something wrong.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
Many thanks to Gilles for the clue. Updating mail.local corrects the issue.
On 2/3/2020 10:06 AM, gil...@poolp.org wrote:
mail.local needs to be updated too
February 3, 2020 6:11 PM, "Scott Vanderbilt" wrote:
On 2/3/2020 8:11 AM, Gilles Chehade wrote:
On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote:
I'm starting to get several log entries for several errors of type:
553ORCPT address syntax error
The error is intermittent since the server is able to process other incoming
mails without error. For instance, I just sent myself an email from GMail,
and it came through successfully.
Typical log entry will look like:
Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected
address=198.2.185.67 host=mail67.suw111.mcdlv.net
Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp
failed-command command="RCPT TO:
ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error"
Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected
reason=quit
Mail logs prior to latest update to 6.6-current are free of these errors, so
presumably the regression has been introduced in the latest snapshot
(OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In
fact, it looks as though it is related to this recent commit:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423
In which case, it may be suggested that the change is being perhaps a little
too strict.
indeed addresses in ORCPT are prefixed with a character that's not allowed in
the mailaddr character set. the fix has been committed, thanks
Thank you for your prompt response.
Now I am getting different errors after patching smtpd:
Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected
address=207.244.88.153
host=hermes.apache.org
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message
msgid=d9c025c9 size=6821
nrcpt=1 proto=SMTP
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope
evpid=d9c025c9d5c66d45
from=
to=
Feb 3 09:02:32 callistus mail.local: may only be run by the superuser
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery
evpid=d9c025c9d5c66d45
from=
to= rcp
t= user=lists delay=1s result=PermFail stat=Error
("mail.local: may only be
run by the superuser")
Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp disconnected
reason=quit
No doubt I've done something wrong.
Re: gmail and opportunistic encryption failing
Matt, I can find no such problem on my server from the same time period. Test e-mail went through without hesitation. Gmail is very dynamic and you can get rate-limited if you try to send mail that they consider spam. I regularly flush gmail-bound mail that gmail has already rejected at least once so that it doesn't contribute to my bounce rate. gmail servers usually reply with helpful comments though. ED. > On 2020, Jan 31, at 2:03 PM, Matt Schwartz wrote: > > Hello list, > > Today I just noticed something in my maillog that I figured I should report. > The log output is sanitized. > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp connected > address= host=mail.example.com > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp authentication > user=u...@example.com result=ok > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp message > msgid=69f7f6f7 size=1935 nrcpt=1 proto=ESMTP > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp envelope > evpid=69f7f6f7bd1f34a9 from= to= > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp disconnected > reason=quit > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting > address=smtp://173.194.206.27:25 host=qj-in-f27.1e100.net > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected > Jan 31 13:31:23 meow smtpd[12615]: smtp-out: Error on session > fe92e7693154957a: opportunistic TLS failed, downgrading to plain > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting > address=smtp+notls://173.194.206.27:25 host=qj-in-f27.1e100.net > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected > Jan 31 13:31:24 meow smtpd[12615]: fe92e7693154957a mta delivery > evpid=69f7f6f7bd1f34a9 from= to= rcpt=<-> > source="" relay="173.194.206.27 (qj-in-f27.1e100.net)" delay=1s > result="Ok" stat="250 2.0.0 OK 1580495484 x5si6993135qki.322 - gsmtp" > Jan 31 13:31:34 meow smtpd[12615]: fe92e7693154957a mta disconnected > reason=quit messages=1 > > I am inclined to believe that this is gmail's screw-up because test emails > sent to Outlook, GMX, Yahoo, and AOL deliver over TLS 1.2 perfectly. I am > wondering if this is happening to others. If it isn't, I will try changing my > server's IP address. I am running OpenSMTPD 6.6.2 on OpenBSD-current. > > Thanks, > Matt
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
Same here, since yesterday sysupgrade Jan On Feb 03 06:37:38, li...@datagenic.com wrote: > I'm starting to get several log entries for several errors of type: > > 553ORCPT address syntax error > > The error is intermittent since the server is able to process other incoming > mails without error. For instance, I just sent myself an email from GMail, > and it came through successfully. > > Typical log entry will look like: > > Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected > address=198.2.185.67 host=mail67.suw111.mcdlv.net > Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command > command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" > result="553 ORCPT address syntax error" > Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected > reason=quit > > Mail logs prior to latest update to 6.6-current are free of these errors, so > presumably the regression has been introduced in the latest snapshot > (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb 1 23:32:22 MST 2020). In > fact, it looks as though it is related to this recent commit: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 > > In which case, it may be suggested that the change is being perhaps a little > too strict. > >
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: > I'm starting to get several log entries for several errors of type: > > 553ORCPT address syntax error > > The error is intermittent since the server is able to process other incoming > mails without error. For instance, I just sent myself an email from GMail, > and it came through successfully. > > Typical log entry will look like: > > Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected > address=198.2.185.67 host=mail67.suw111.mcdlv.net > Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp > failed-command command="RCPT TO: > ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" > Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected > reason=quit > > Mail logs prior to latest update to 6.6-current are free of these errors, so > presumably the regression has been introduced in the latest snapshot > (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In > fact, it looks as though it is related to this recent commit: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 > > In which case, it may be suggested that the change is being perhaps a little > too strict. > indeed addresses in ORCPT are prefixed with a character that's not allowed in the mailaddr character set. the fix has been committed, thanks
