553 ORCPT address syntax errors on OpenBSD-6.6-current
I'm starting to get several log entries for several errors of type: 553ORCPT address syntax error The error is intermittent since the server is able to process other incoming mails without error. For instance, I just sent myself an email from GMail, and it came through successfully. Typical log entry will look like: Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected address=198.2.185.67 host=mail67.suw111.mcdlv.net Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected reason=quit Mail logs prior to latest update to 6.6-current are free of these errors, so presumably the regression has been introduced in the latest snapshot (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb 1 23:32:22 MST 2020). In fact, it looks as though it is related to this recent commit: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 In which case, it may be suggested that the change is being perhaps a little too strict.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
On 2/3/2020 8:11 AM, Gilles Chehade wrote: On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: I'm starting to get several log entries for several errors of type: 553ORCPT address syntax error The error is intermittent since the server is able to process other incoming mails without error. For instance, I just sent myself an email from GMail, and it came through successfully. Typical log entry will look like: Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected address=198.2.185.67 host=mail67.suw111.mcdlv.net Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected reason=quit Mail logs prior to latest update to 6.6-current are free of these errors, so presumably the regression has been introduced in the latest snapshot (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In fact, it looks as though it is related to this recent commit: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 In which case, it may be suggested that the change is being perhaps a little too strict. indeed addresses in ORCPT are prefixed with a character that's not allowed in the mailaddr character set. the fix has been committed, thanks Thank you for your prompt response. Now I am getting different errors after patching smtpd: Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected address=207.244.88.153 host=hermes.apache.org Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message msgid=d9c025c9 size=6821 nrcpt=1 proto=SMTP Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope evpid=d9c025c9d5c66d45 from= to= Feb 3 09:02:32 callistus mail.local: may only be run by the superuser Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery evpid=d9c025c9d5c66d45 from= to= rcp t= user=lists delay=1s result=PermFail stat=Error ("mail.local: may only be run by the superuser") Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp disconnected reason=quit No doubt I've done something wrong.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
mail.local needs to be updated too February 3, 2020 6:11 PM, "Scott Vanderbilt" wrote: > On 2/3/2020 8:11 AM, Gilles Chehade wrote: > >> On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: >>> I'm starting to get several log entries for several errors of type: >>> >>> 553ORCPT address syntax error >>> >>> The error is intermittent since the server is able to process other incoming >>> mails without error. For instance, I just sent myself an email from GMail, >>> and it came through successfully. >>> >>> Typical log entry will look like: >>> >>> Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected >>> address=198.2.185.67 host=mail67.suw111.mcdlv.net >>> Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls >>> ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 >>> Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp >>> failed-command command="RCPT TO: >>> ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" >>> Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected >>> reason=quit >>> >>> Mail logs prior to latest update to 6.6-current are free of these errors, so >>> presumably the regression has been introduced in the latest snapshot >>> (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In >>> fact, it looks as though it is related to this recent commit: >>> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 >>> >>> In which case, it may be suggested that the change is being perhaps a little >>> too strict. >> >> indeed addresses in ORCPT are prefixed with a character that's not allowed in >> the mailaddr character set. the fix has been committed, thanks > > Thank you for your prompt response. > > Now I am getting different errors after patching smtpd: > > Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected > address=207.244.88.153 > host=hermes.apache.org > Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message > msgid=d9c025c9 size=6821 > nrcpt=1 proto=SMTP > Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope > evpid=d9c025c9d5c66d45 > from= > to= > Feb 3 09:02:32 callistus mail.local: may only be run by the superuser > Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery > evpid=d9c025c9d5c66d45 > from= > to= rcp > t= user=lists delay=1s result=PermFail stat=Error > ("mail.local: may only be > run by the superuser") > Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp disconnected > reason=quit > > No doubt I've done something wrong.
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
Many thanks to Gilles for the clue. Updating mail.local corrects the issue. On 2/3/2020 10:06 AM, gil...@poolp.org wrote: mail.local needs to be updated too February 3, 2020 6:11 PM, "Scott Vanderbilt" wrote: On 2/3/2020 8:11 AM, Gilles Chehade wrote: On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: I'm starting to get several log entries for several errors of type: 553ORCPT address syntax error The error is intermittent since the server is able to process other incoming mails without error. For instance, I just sent myself an email from GMail, and it came through successfully. Typical log entry will look like: Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected address=198.2.185.67 host=mail67.suw111.mcdlv.net Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected reason=quit Mail logs prior to latest update to 6.6-current are free of these errors, so presumably the regression has been introduced in the latest snapshot (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In fact, it looks as though it is related to this recent commit: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 In which case, it may be suggested that the change is being perhaps a little too strict. indeed addresses in ORCPT are prefixed with a character that's not allowed in the mailaddr character set. the fix has been committed, thanks Thank you for your prompt response. Now I am getting different errors after patching smtpd: Feb 3 09:02:31 callistus smtpd[89610]: d5b5d676a4b8123d smtp connected address=207.244.88.153 host=hermes.apache.org Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp message msgid=d9c025c9 size=6821 nrcpt=1 proto=SMTP Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp envelope evpid=d9c025c9d5c66d45 from= to= Feb 3 09:02:32 callistus mail.local: may only be run by the superuser Feb 3 09:02:32 callistus smtpd[89610]: d5b5d67c430c9962 mda delivery evpid=d9c025c9d5c66d45 from= to= rcp t= user=lists delay=1s result=PermFail stat=Error ("mail.local: may only be run by the superuser") Feb 3 09:02:32 callistus smtpd[89610]: d5b5d676a4b8123d smtp disconnected reason=quit No doubt I've done something wrong.
Re: gmail and opportunistic encryption failing
Matt, I can find no such problem on my server from the same time period. Test e-mail went through without hesitation. Gmail is very dynamic and you can get rate-limited if you try to send mail that they consider spam. I regularly flush gmail-bound mail that gmail has already rejected at least once so that it doesn't contribute to my bounce rate. gmail servers usually reply with helpful comments though. ED. > On 2020, Jan 31, at 2:03 PM, Matt Schwartz wrote: > > Hello list, > > Today I just noticed something in my maillog that I figured I should report. > The log output is sanitized. > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp connected > address= host=mail.example.com > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp authentication > user=u...@example.com result=ok > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp message > msgid=69f7f6f7 size=1935 nrcpt=1 proto=ESMTP > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp envelope > evpid=69f7f6f7bd1f34a9 from= to= > Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp disconnected > reason=quit > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting > address=smtp://173.194.206.27:25 host=qj-in-f27.1e100.net > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected > Jan 31 13:31:23 meow smtpd[12615]: smtp-out: Error on session > fe92e7693154957a: opportunistic TLS failed, downgrading to plain > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connecting > address=smtp+notls://173.194.206.27:25 host=qj-in-f27.1e100.net > Jan 31 13:31:23 meow smtpd[12615]: fe92e7693154957a mta connected > Jan 31 13:31:24 meow smtpd[12615]: fe92e7693154957a mta delivery > evpid=69f7f6f7bd1f34a9 from= to= rcpt=<-> > source="" relay="173.194.206.27 (qj-in-f27.1e100.net)" delay=1s > result="Ok" stat="250 2.0.0 OK 1580495484 x5si6993135qki.322 - gsmtp" > Jan 31 13:31:34 meow smtpd[12615]: fe92e7693154957a mta disconnected > reason=quit messages=1 > > I am inclined to believe that this is gmail's screw-up because test emails > sent to Outlook, GMX, Yahoo, and AOL deliver over TLS 1.2 perfectly. I am > wondering if this is happening to others. If it isn't, I will try changing my > server's IP address. I am running OpenSMTPD 6.6.2 on OpenBSD-current. > > Thanks, > Matt
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
Same here, since yesterday sysupgrade Jan On Feb 03 06:37:38, li...@datagenic.com wrote: > I'm starting to get several log entries for several errors of type: > > 553ORCPT address syntax error > > The error is intermittent since the server is able to process other incoming > mails without error. For instance, I just sent myself an email from GMail, > and it came through successfully. > > Typical log entry will look like: > > Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected > address=198.2.185.67 host=mail67.suw111.mcdlv.net > Feb 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp failed-command > command="RCPT TO: ORCPT=rfc822;li...@datagenic.com" > result="553 ORCPT address syntax error" > Feb 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected > reason=quit > > Mail logs prior to latest update to 6.6-current are free of these errors, so > presumably the regression has been introduced in the latest snapshot > (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb 1 23:32:22 MST 2020). In > fact, it looks as though it is related to this recent commit: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 > > In which case, it may be suggested that the change is being perhaps a little > too strict. > >
Re: 553 ORCPT address syntax errors on OpenBSD-6.6-current
On Mon, Feb 03, 2020 at 06:37:38AM -0800, Scott Vanderbilt wrote: > I'm starting to get several log entries for several errors of type: > > 553ORCPT address syntax error > > The error is intermittent since the server is able to process other incoming > mails without error. For instance, I just sent myself an email from GMail, > and it came through successfully. > > Typical log entry will look like: > > Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp connected > address=198.2.185.67 host=mail67.suw111.mcdlv.net > Feb?? 3 06:02:26 callistus smtpd[21460]: cb9690ea8af2a8ec smtp tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp > failed-command command="RCPT TO: > ORCPT=rfc822;li...@datagenic.com" result="553 ORCPT address syntax error" > Feb?? 3 06:02:27 callistus smtpd[21460]: cb9690ea8af2a8ec smtp disconnected > reason=quit > > Mail logs prior to latest update to 6.6-current are free of these errors, so > presumably the regression has been introduced in the latest snapshot > (OpenBSD 6.6-current (GENERIC.MP) #628: Sat Feb?? 1 23:32:22 MST 2020). In > fact, it looks as though it is related to this recent commit: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c.diff?r1=1.422=1.423 > > In which case, it may be suggested that the change is being perhaps a little > too strict. > indeed addresses in ORCPT are prefixed with a character that's not allowed in the mailaddr character set. the fix has been committed, thanks