Re: New syntax and virtual aliases to remote addresses.
On 02/09/2019 18:36, Reio Remma wrote: On 02/09/2019 17:05, gil...@poolp.org wrote: September 2, 2019 3:35 PM, "Reio Remma" wrote: Hello! I was able to have virtual aliases pointing to external addresses with the old syntax, but it doesn't seem to work like that with new rules: Not awake enough to process what follows but the new syntax certainly allows this as my whole infrastructure depends on it ;-) I suspect that there's a problem with the ruleset that prevents external addresses from matching a rule themselves. Looking at you config at https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/ Now I ended up switcing to tls-require on port 25. I wonder how much spam that will take down! :) I also notice you're not using match auth anywhere, I think this might make the difference for mails from remote addresses to virtuals aliased to another remote address. I didn't have auth in the old config. Reio action filter_incoming relay host smtp://127.0.0.1:10024 action sign_outgoing relay host smtp://127.0.0.1:10026 action relay_outgoing relay action deliver_lmtp lmtp "/var/run/dovecot/lmtp" rcpt-to virtual userbase match tag FILTERED for domain action deliver_lmtp match tag SIGNED for any action relay_outgoing match auth from any for domain action deliver_lmtp match from any for domain rcpt-to action filter_incoming match auth from any for any action sign_outgoing Old rules were: accept tagged Filtered for domain virtual userbase deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to accept from local for domain virtual userbase deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to accept from !local for domain recipient relay via smtp://127.0.0.1:10024 accept tagged Signed for any relay accept from local for any relay via smtp://127.0.0.1:10026 recipi...@mydomain.com used to be nicely redirected to a remote recipi...@someotherdomain.com, but with the new syntax it doesn't hit any rules. I found that adding "match tag FILTERED for any action relay_outgoing" after "match tag FILTERED for domain action deliver_lmtp" solves the issue. I suspect that the old "accept tagged Filtered" went straight to MTA after expanding the virtual alias? Does it sound right to "match tag FILTERED for any" after dealing with FILTERED for our domains? Can I do anything about DKIM breaking for forwarded mails? Thanks, Reio -- Tervitades Reio Remma MR Stuudio 25 aastat *MR Stuudio OÜ* Tondi 17b, 11316, Tallinn Tel +372 650 4808 Mob +372 56 22 00 33 r...@mrstuudio.ee www.mrstuudio.ee
Re: Building 6.4.2p1 without ssl?
September 2, 2019 9:48 AM, "Ede Wolf" wrote: > Hello, > > trying to compile opensmtp it fails with openssl errors, so I've tried to > specify --without-libssl > at configure time, as at least for testing and learning the basics it is not > really that important, > but it does not seem to get honored. > > Any idea, what I may have to change? > > Thanks > > Ede > > In case anybody has an idea for building with openssl, here are the final > words of the compiler: > OpenSMTPD no longer supports OpenSSL but I made it build again, so the next release (6.6.0) due in a few weeks will build fine for you on any supported system that ships with OpenSSL 1.1.x. There is no way to disable TLS support, this is a mandatory dependency just like libevent. Gilles
Re: Virtual User handling
On Sep 2, 2019 3:18 AM, Reio Remma wrote: > > On 02/09/2019 10:35, Ede Wolf wrote: > > Hello Edgar, > > > > thanks very much for your in depth reply and the effort you've put > > into it. > > > > As for the "user" keyword, the way I understand this, it that it > > equals the "as" statement in the old version. > > > > ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- > > I'm using multiple virtual domains myself and delivering to Dovecot via > LMTP with no user parameter. I _suspect_ it's more useful when you let > OpenSMTPD to deliver straight to mailboxes. > > > Back to your reply: That catchall from your example in "@ catchall" is > > not a keyword, is it? But a local user accout? > > @example.com need to be aliased to a real mail account to receive all these. > > > > but some real user has to own the mailbox... > > When smtpd goes looking for a . forward file it gets mad if there isn't a mailbox to look in. :) > > Care to explain, why is that? From my unknowledgable point of view, > > the mailbox handling should be done on the other side of the lmtpd > > socket. This misconception is at the very heart of my question. > > Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD > is translating the aliases and which rules it's matching etc. > > Good luck, > Reio > >
Re: Building 6.4.2p1 without ssl?
Look through the archives. There was someone recently building on Debian with a similar issue. On Sep 2, 2019 2:48 AM, Ede Wolf wrote: > > Hello, > > trying to compile opensmtp it fails with openssl errors, so I've tried > to specify --without-libssl at configure time, as at least for testing > and learning the basics it is not really that important, but it does not > seem to get honored. > > Any idea, what I may have to change? > > Thanks > > Ede > > > > In case anybody has an idea for building with openssl, here are the > final words of the compiler: > > > # gcc --version > gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0 > > # openssl version > OpenSSL 1.1.1c 28 May 2019 > > > > .. > > gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat > -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake > -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith > -Wuninitialized -Wsign-compare -Wformat-security > -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result > -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE > -D_DEFAULT_SOURCE -c -o fmt_scaled.o fmt_scaled.c > fmt_scaled.c: In function 'fmt_scaled': > fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated > writing between 1 and 17 bytes into a region of size between 0 and 5 > [-Wformat-truncation=] > (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", > ^ > fmt_scaled.c:243:46: note: directive argument in the range > [-9007199254740991, 9007199254740991] > (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", > ^~ > In file included from /usr/include/stdio.h:867, > from openbsd-compat.h:189, > from includes.h:67, > from fmt_scaled.c:41: > /usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' > output between 5 and 40 bytes into a destination of size 7 > return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, > ^~~~ > __bos (__s), __fmt, __va_arg_pack ()); > ~ > gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat > -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake > -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith > -Wuninitialized -Wsign-compare -Wformat-security > -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result > -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE > -D_DEFAULT_SOURCE -c -o fparseln.o fparseln.c > rm -f libopenbsd-compat.a > /usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o > bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o > imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o > setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o > strsep.o vis.o xmalloc.o crypt_checkpass.o bsd-closefrom.o bsd-err.o > errc.o fmt_scaled.o fparseln.o > ranlib libopenbsd-compat.a > make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat' > Making all in mk > make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk' > Making all in smtpd > make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd' > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat > -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. > -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" > -DPATH_CHROOT=\"/opt/smptd/var/empty\" > -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" > -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" > -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL > -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake > -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith > -Wuninitialized -Wsign-compare -Wformat-security > -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result > -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE > -D_DEFAULT_SOURCE -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o > ./../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' > './'`../../smtpd/aliases.c > ./../smtpd/aliases.c: In function 'aliases_get': > ./../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not > used [-Wunused-but-set-variable] > struct table *userbase = NULL; > ^~~~ > ./../smtpd/aliases.c: In function 'aliases_virtual_get': > ./../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not > used [-Wunused-but-set-variable] > struct table *userbase = NULL; > ^~~~ > gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat > -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. > -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" > -DPATH_CHRO
Re: OpenSMTP as a library
Hello, Am 02.09.19 um 16:03 schrieb gil...@poolp.org: > > Nope, OpenSMTPD is a standalone daemon and doesn't ship or build any kind of > library. > > However, the code is ISC licensed and the client code is isolated in smtpc.c, > so feel > free to reuse. > Thank you! I will have a look to it! Manfred -- Manfred Rebentisch pEpkey.asc Description: application/pgp-keys
Re: New syntax and virtual aliases to remote addresses.
September 2, 2019 3:35 PM, "Reio Remma" wrote: > Hello! > > I was able to have virtual aliases pointing to external addresses with the > old syntax, but it > doesn't seem to work like that with new rules: > Not awake enough to process what follows but the new syntax certainly allows this as my whole infrastructure depends on it ;-) I suspect that there's a problem with the ruleset that prevents external addresses from matching a rule themselves. > action filter_incoming relay host smtp://127.0.0.1:10024 > action sign_outgoing relay host smtp://127.0.0.1:10026 > action relay_outgoing relay > action deliver_lmtplmtp "/var/run/dovecot/lmtp" rcpt-to virtual > userbase > > match tag FILTERED for domain action deliver_lmtp > match tag SIGNED for any action relay_outgoing > match auth from anyfor domain action deliver_lmtp > match from any for domain rcpt-to action > filter_incoming > match auth from anyfor any action sign_outgoing > > Old rules were: > > accept tagged Filtered for domain virtual userbase > deliver to lmtp > "/var/run/dovecot/lmtp" rcpt-to > accept from local for domain virtual userbase > deliver to lmtp > "/var/run/dovecot/lmtp" rcpt-to > accept from !local for domain recipient relay via > smtp://127.0.0.1:10024 > accept tagged Signed for any relay > accept from local for any relay via smtp://127.0.0.1:10026 > > recipi...@mydomain.com used to be nicely redirected to a remote > recipi...@someotherdomain.com, but > with the new syntax it doesn't hit any rules. > > I found that adding "match tag FILTERED for any action relay_outgoing" after > "match tag FILTERED > for domain action deliver_lmtp" solves the issue. > > I suspect that the old "accept tagged Filtered" went straight to MTA after > expanding the virtual > alias? > > Does it sound right to "match tag FILTERED for any" after dealing with > FILTERED for our domains? > > Can I do anything about DKIM breaking for forwarded mails? > > Thanks, > Reio
Re: OpenSMTP as a library
September 2, 2019 3:59 PM, "Manfred Rebentisch" wrote: > Hello, > I am new to OpenSMTP and in this mailinglist. > Hello and welcome, > Is it possible to use OpenSMTP as a library to use mail send > functionality from my C / C++ software? > > I want to replace the old and unsupported esmtp library. > Nope, OpenSMTPD is a standalone daemon and doesn't ship or build any kind of library. However, the code is ISC licensed and the client code is isolated in smtpc.c, so feel free to reuse. > Thank you for an answer in advance > Np,
OpenSMTP as a library
Hello, I am new to OpenSMTP and in this mailinglist. Is it possible to use OpenSMTP as a library to use mail send functionality from my C / C++ software? I want to replace the old and unsupported esmtp library. Thank you for an answer in advance Manfred -- Manfred Rebentisch pEpkey.asc Description: application/pgp-keys
New syntax and virtual aliases to remote addresses.
Hello! I was able to have virtual aliases pointing to external addresses with the old syntax, but it doesn't seem to work like that with new rules: action filter_incoming relay host smtp://127.0.0.1:10024 action sign_outgoing relay host smtp://127.0.0.1:10026 action relay_outgoing relay action deliver_lmtp lmtp "/var/run/dovecot/lmtp" rcpt-to virtual userbase match tag FILTERED for domain action deliver_lmtp match tag SIGNED for any action relay_outgoing match auth from any for domain action deliver_lmtp match from any for domain rcpt-to action filter_incoming match auth from any for any action sign_outgoing Old rules were: accept tagged Filtered for domain virtual userbase deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to accept from local for domain virtual userbase deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to accept from !local for domain recipient relay via smtp://127.0.0.1:10024 accept tagged Signed for any relay accept from local for any relay via smtp://127.0.0.1:10026 recipi...@mydomain.com used to be nicely redirected to a remote recipi...@someotherdomain.com, but with the new syntax it doesn't hit any rules. I found that adding "match tag FILTERED for any action relay_outgoing" after "match tag FILTERED for domain action deliver_lmtp" solves the issue. I suspect that the old "accept tagged Filtered" went straight to MTA after expanding the virtual alias? Does it sound right to "match tag FILTERED for any" after dealing with FILTERED for our domains? Can I do anything about DKIM breaking for forwarded mails? Thanks, Reio
Re: Virtual User handling
On 30/08/2019 18:00, Ede Wolf wrote: Hello, While trying to learn opensmtpd, amongst other things I am struggeling with the virtual user handling - for a non virtual domain setup. From what I have been able to understand so far it seems, as if there is no way to deliver mails to a lmtp socket, if there is not at least some reference/mapping to a system user? accept from any for domain "example.com" recipient alias deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody where vusers contains: b...@example.com However, despite being listed in vusers, when trying to send a mail to bob, it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" makes it work. But then I do not need the vusers table, so I am wondering, is it possible to get along without the need for a system user? Now the man page mentions a userbase parameter, and I assume, the according table has to be in the format of the userinfo table mentioned in tables(5)? What then effectively again refers to a system user - just with a mapping in between. For virtual aliases you need to have a mapping of a virtual address to a user: table vusers { b...@example.com = bob } You might try this: accept from any for domain "example.com" virtual deliver to lmtp "/run/cyrus/lmtp" rcpt-to The userbase parameter is handy if you deliver to mailboxes straight from OpenSMTPD or you want OpenSMTPD to read the users .forward files: table userinfo { bob = 5000:5000:/var/mail/example.com/bob } accept from any for domain "example.com" virtual userbase deliver to lmtp "/run/cyrus/lmtp" rcpt-to Good luck, Reio
Re: Virtual User handling
On 02/09/2019 10:35, Ede Wolf wrote: Hello Edgar, thanks very much for your in depth reply and the effort you've put into it. As for the "user" keyword, the way I understand this, it that it equals the "as" statement in the old version. ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- I'm using multiple virtual domains myself and delivering to Dovecot via LMTP with no user parameter. I _suspect_ it's more useful when you let OpenSMTPD to deliver straight to mailboxes. Back to your reply: That catchall from your example in "@ catchall" is not a keyword, is it? But a local user accout? @example.com need to be aliased to a real mail account to receive all these. > but some real user has to own the mailbox... Care to explain, why is that? From my unknowledgable point of view, the mailbox handling should be done on the other side of the lmtpd socket. This misconception is at the very heart of my question. Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD is translating the aliases and which rules it's matching etc. Good luck, Reio
Re: Building 6.4.2p1 without ssl?
I would suggest getting the latest portable branch from Github - that compiles nicely with OpenSSL. Good luck, Reio On 02/09/2019 10:48, Ede Wolf wrote: Hello, trying to compile opensmtp it fails with openssl errors, so I've tried to specify --without-libssl at configure time, as at least for testing and learning the basics it is not really that important, but it does not seem to get honored. Any idea, what I may have to change? Thanks Ede In case anybody has an idea for building with openssl, here are the final words of the compiler: # gcc --version gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0 # openssl version OpenSSL 1.1.1c 28 May 2019 ... gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -c -o fmt_scaled.o fmt_scaled.c fmt_scaled.c: In function 'fmt_scaled': fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated writing between 1 and 17 bytes into a region of size between 0 and 5 [-Wformat-truncation=] (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", ^ fmt_scaled.c:243:46: note: directive argument in the range [-9007199254740991, 9007199254740991] (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", ^~ In file included from /usr/include/stdio.h:867, from openbsd-compat.h:189, from includes.h:67, from fmt_scaled.c:41: /usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' output between 5 and 40 bytes into a destination of size 7 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~ __bos (__s), __fmt, __va_arg_pack ()); ~ gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -c -o fparseln.o fparseln.c rm -f libopenbsd-compat.a /usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o strsep.o vis.o xmalloc.o crypt_checkpass.o bsd-closefrom.o bsd-err.o errc.o fmt_scaled.o fparseln.o ranlib libopenbsd-compat.a make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat' Making all in mk make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk' Making all in smtpd make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd' gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" -DPATH_CHROOT=\"/opt/smptd/var/empty\" -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o ../../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' || echo './'`../../smtpd/aliases.c ../../smtpd/aliases.c: In function 'aliases_get': ../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] struct table *userbase = NULL; ^~~~ ../../smtpd/aliases.c: In function 'aliases_virtual_get': ../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] struct table *userbase = NULL; ^~~~ gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" -DPATH_CHROOT=\"/opt/smptd/var/empty\" -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\"
Building 6.4.2p1 without ssl?
Hello, trying to compile opensmtp it fails with openssl errors, so I've tried to specify --without-libssl at configure time, as at least for testing and learning the basics it is not really that important, but it does not seem to get honored. Any idea, what I may have to change? Thanks Ede In case anybody has an idea for building with openssl, here are the final words of the compiler: # gcc --version gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0 # openssl version OpenSSL 1.1.1c 28 May 2019 ... gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -c -o fmt_scaled.o fmt_scaled.c fmt_scaled.c: In function 'fmt_scaled': fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated writing between 1 and 17 bytes into a region of size between 0 and 5 [-Wformat-truncation=] (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", ^ fmt_scaled.c:243:46: note: directive argument in the range [-9007199254740991, 9007199254740991] (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", ^~ In file included from /usr/include/stdio.h:867, from openbsd-compat.h:189, from includes.h:67, from fmt_scaled.c:41: /usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' output between 5 and 40 bytes into a destination of size 7 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~ __bos (__s), __fmt, __va_arg_pack ()); ~ gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat -I../openbsd-compat/err_h -I/usr/include -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -c -o fparseln.o fparseln.c rm -f libopenbsd-compat.a /usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o strsep.o vis.o xmalloc.o crypt_checkpass.o bsd-closefrom.o bsd-err.o errc.o fmt_scaled.o fparseln.o ranlib libopenbsd-compat.a make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat' Making all in mk make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk' Making all in smtpd make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd' gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" -DPATH_CHROOT=\"/opt/smptd/var/empty\" -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o ../../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' || echo './'`../../smtpd/aliases.c ../../smtpd/aliases.c: In function 'aliases_get': ../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] struct table*userbase = NULL; ^~~~ ../../smtpd/aliases.c: In function 'aliases_virtual_get': ../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] struct table*userbase = NULL; ^~~~ gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" -DPATH_CHROOT=\"/opt/smptd/var/empty\" -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC -Wall -Wp
Re: Virtual User handling
Hello Edgar, thanks very much for your in depth reply and the effort you've put into it. As for the "user" keyword, the way I understand this, it that it equals the "as" statement in the old version. ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- Does however not work as I imangined. I am currently trying to get 6.4.2 up and running this week, see next thread. Back to your reply: That catchall from your example in "@ catchall" is not a keyword, is it? But a local user accout? > but some real user has to own the mailbox... Care to explain, why is that? From my unknowledgable point of view, the mailbox handling should be done on the other side of the lmtpd socket. This misconception is at the very heart of my question. The idea being that smtpd connects to the lmtp socket as user "nobody" (in my example) and delivers the mail to whatever is watining on the other side. So the only privileges required should be to connect to the socket, what in turn requires a system user. Basically I am hoping to get the same behaviour for lmtp devilvery as for relay, where I can specify a mail-from list and it works like a charm, from a 6.5 installation: action "relay" relay host smtp+notls://192.168.1.1:25 match mail-from for domain "example.com" action "relay" Maybe with 6.4.2p with will also work with lmtp. Will hopefully be able to test that later this week and report back Thanks again Ede Am 31.08.19 um 19:14 schrieb Edgar Pettijohn: On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote: On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote: Hello, Semi complete example at the bottom. I'll leave it to you to reverse translate to the old syntax. I didn't notice till after I was done and am too lazy to change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' keyword that can be used in an action: user username Specify the username for performing the delivery, to be looked up with getpwnam(3). This is used for virtual hosting where a single username is in charge of handling delivery for all virtual users. This option is not usable with the mbox delivery method. Not sure if its available in whichever version you are using, but may make things easier enough to warrant an upgrade. While trying to learn opensmtpd, amongst other things I am struggeling with the virtual user handling - for a non virtual domain setup. From what I have been able to understand so far it seems, as if there is no way to deliver mails to a lmtp socket, if there is not at least some reference/mapping to a system user? accept from any for domain "example.com" recipient alias deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody where vusers contains: vusers would need to be `key => value' pairs b...@example.com This is a list. More suitable for a vdomains table. However, despite being listed in vusers, when trying to send a mail to bob, it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" makes it work. But then I do not need the vusers table, so I am wondering, is it possible to get along without the need for a system user? Now the man page mentions a userbase parameter, and I assume, the according table has to be in the format of the userinfo table mentioned in tables(5)? What then effectively again refers to a system user - just with a mapping in between. My attempts with a single userlist instead so far either resulted in a 'invalid use of table "susers" as USERBASE parameter' or simply a syntax error. Is that assumption correct? Is there no way of keeping virtual users completely off the system or did I get something terribly wrong? Even when not using mbox/Maildir at all, where this requirement could make sense? They are off the system, but some real user has to own the mailbox, etc... And since user filtering will eventually be done at an earlier stage, I would like smtpd to be able to unconditionally forward any mail unaltered (except aliases) to the lmtp socket. So, in addition to bob@example as for the tests com I would like to be able to use *@example.com or just example.com to not do any user checking at all. Depending on the syntax requirements. Is it possible to deactivate the user checking one way or the other? you could use a catchall /etc/mail/vusers @ catchall Thanks for any insight or heads up on what I may have missed or misunderstood. Ede groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/vmail -m chown -R vmail.vmail /var/vmail /etc/mail/userinfo bob 5000:5000:/var/vmail/bob /etc/mail/vusers b...@example.combob /etc/mail/smtpd.conf snippet action "a01" lmtp "/var/cyrus/lmtp" rcpt-to userbase virtual # may need to finesse the above. I'm not using cyrus or userbase table, so not 100 percent # sure if it will work as is. match from all for doma