Re: New syntax and virtual aliases to remote addresses.

2019-09-02 Thread Reio Remma

On 02/09/2019 18:36, Reio Remma wrote:

On 02/09/2019 17:05, gil...@poolp.org wrote:

September 2, 2019 3:35 PM, "Reio Remma"  wrote:

Hello!

I was able to have virtual aliases pointing to external addresses 
with the old syntax, but it

doesn't seem to work like that with new rules:

Not awake enough to process what follows but the new syntax certainly 
allows this

as my whole infrastructure depends on it ;-)

I suspect that there's a problem with the ruleset that prevents 
external addresses

from matching a rule themselves.


Looking at you config at 
https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/


Now I ended up switcing to tls-require on port 25. I wonder how much 
spam that will take down! :)


I also notice you're not using match auth anywhere, I think this might 
make the difference for mails from remote addresses to virtuals 
aliased to another remote address. I didn't have auth in the old config.


Reio




action filter_incoming relay host smtp://127.0.0.1:10024
action sign_outgoing   relay host smtp://127.0.0.1:10026
action relay_outgoing  relay
action deliver_lmtp    lmtp "/var/run/dovecot/lmtp" rcpt-to virtual 
 userbase 


match tag FILTERED for domain  action deliver_lmtp
match tag SIGNED   for any action relay_outgoing
match auth from any    for domain  action deliver_lmtp
match from any for domain  rcpt-to  
action filter_incoming

match auth from any    for any action sign_outgoing

Old rules were:

accept tagged Filtered for domain  virtual  
userbase  deliver to lmtp

"/var/run/dovecot/lmtp" rcpt-to
accept from local  for domain  virtual  
userbase  deliver to lmtp

"/var/run/dovecot/lmtp" rcpt-to
accept from !local for domain  recipient  
relay via smtp://127.0.0.1:10024

accept tagged Signed   for any relay
accept from local  for any relay via smtp://127.0.0.1:10026

recipi...@mydomain.com used to be nicely redirected to a remote 
recipi...@someotherdomain.com, but

with the new syntax it doesn't hit any rules.

I found that adding "match tag FILTERED for any action 
relay_outgoing" after "match tag FILTERED

for domain  action deliver_lmtp" solves the issue.

I suspect that the old "accept tagged Filtered" went straight to MTA 
after expanding the virtual

alias?

Does it sound right to "match tag FILTERED for any" after dealing 
with FILTERED for our domains?


Can I do anything about DKIM breaking for forwarded mails?

Thanks,
Reio





--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee





Re: Building 6.4.2p1 without ssl?

2019-09-02 Thread gilles
September 2, 2019 9:48 AM, "Ede Wolf"  wrote:

> Hello,
> 
> trying to compile opensmtp it fails with openssl errors, so I've tried to 
> specify --without-libssl
> at configure time, as at least for testing and learning the basics it is not 
> really that important,
> but it does not seem to get honored.
> 
> Any idea, what I may have to change?
> 
> Thanks
> 
> Ede
> 
> In case anybody has an idea for building with openssl, here are the final 
> words of the compiler:
> 

OpenSMTPD no longer supports OpenSSL but I made it build again, so the
next release (6.6.0) due in a few weeks will build fine for you on any
supported system that ships with OpenSSL 1.1.x.

There is no way to disable TLS support, this is a mandatory dependency
just like libevent.

Gilles



Re: Virtual User handling

2019-09-02 Thread Edgar Pettijohn

On Sep 2, 2019 3:18 AM, Reio Remma  wrote:
>
> On 02/09/2019 10:35, Ede Wolf wrote:
> > Hello Edgar,
> >
> > thanks very much for your in depth reply and the effort you've put 
> > into it.
> >
> > As for the "user" keyword, the way I understand this, it that it 
> > equals the "as" statement in the old version.
> >
> > ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-
>
> I'm using multiple virtual domains myself and delivering to Dovecot via 
> LMTP with no user parameter. I _suspect_ it's more useful when you let 
> OpenSMTPD to deliver straight to mailboxes.
>
> > Back to your reply: That catchall from your example in "@ catchall" is 
> > not a keyword, is it? But a local user accout?
>
> @example.com need to be aliased to a real mail account to receive all these.
>
> > > but some real user has to own the mailbox...
> >

When smtpd goes looking for a . forward file it gets mad if there isn't a 
mailbox to look in. :)

> > Care to explain, why is that? From my unknowledgable point of view, 
> > the mailbox handling should be done on the other side of the lmtpd 
> > socket. This misconception is at the very heart of my question.
>
> Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
> is translating the aliases and which rules it's matching etc.
>
> Good luck,
> Reio
>
>


Re: Building 6.4.2p1 without ssl?

2019-09-02 Thread Edgar Pettijohn
Look through the archives. There was someone recently building on Debian with a 
similar issue. 
On Sep 2, 2019 2:48 AM, Ede Wolf  wrote:
>
> Hello,
>
> trying to compile opensmtp it fails with openssl errors, so I've tried 
> to specify --without-libssl at configure time, as at least for testing 
> and learning the basics it is not really that important, but it does not 
> seem to get honored.
>
> Any idea, what I may have to change?
>
> Thanks
>
> Ede
>
>
>
> In case anybody has an idea for building with openssl, here are the 
> final words of the compiler:
>
>
> # gcc --version
> gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0
>
> # openssl version
> OpenSSL 1.1.1c  28 May 2019
>
>
>
> ..
>
> gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
> -I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
> -fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
> -Wuninitialized -Wsign-compare -Wformat-security 
> -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
> -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
> -D_DEFAULT_SOURCE  -c -o fmt_scaled.o fmt_scaled.c
> fmt_scaled.c: In function 'fmt_scaled':
> fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated 
> writing between 1 and 17 bytes into a region of size between 0 and 5 
> [-Wformat-truncation=]
>     (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
>  ^
> fmt_scaled.c:243:46: note: directive argument in the range 
> [-9007199254740991, 9007199254740991]
>     (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
>    ^~
> In file included from /usr/include/stdio.h:867,
>   from openbsd-compat.h:189,
>   from includes.h:67,
>   from fmt_scaled.c:41:
> /usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' 
> output between 5 and 40 bytes into a destination of size 7
>     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
>    ^~~~
>  __bos (__s), __fmt, __va_arg_pack ());
>  ~
> gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
> -I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
> -fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
> -Wuninitialized -Wsign-compare -Wformat-security 
> -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
> -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
> -D_DEFAULT_SOURCE  -c -o fparseln.o fparseln.c
> rm -f libopenbsd-compat.a
> /usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o 
> bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o 
> imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o 
> setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o 
> strsep.o vis.o xmalloc.o  crypt_checkpass.o  bsd-closefrom.o   bsd-err.o 
> errc.o  fmt_scaled.o  fparseln.o
> ranlib libopenbsd-compat.a
> make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat'
> Making all in mk
> make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk'
> Making all in smtpd
> make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd'
> gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
> -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
> -I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
> -DPATH_CHROOT=\"/opt/smptd/var/empty\" 
> -DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
> -DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
> -DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL 
> -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
> -fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
> -Wuninitialized -Wsign-compare -Wformat-security 
> -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
> -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
> -D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o 
> ./../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' 
> './'`../../smtpd/aliases.c
> ./../smtpd/aliases.c: In function 'aliases_get':
> ./../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not 
> used [-Wunused-but-set-variable]
>    struct table    *userbase = NULL;
>     ^~~~
> ./../smtpd/aliases.c: In function 'aliases_virtual_get':
> ./../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not 
> used [-Wunused-but-set-variable]
>    struct table    *userbase = NULL;
>     ^~~~
> gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
> -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
> -I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
> 

Re: OpenSMTP as a library

2019-09-02 Thread Manfred Rebentisch
Hello,

Am 02.09.19 um 16:03 schrieb gil...@poolp.org:
> 
> Nope, OpenSMTPD is a standalone daemon and doesn't ship or build any kind of 
> library.
> 
> However, the code is ISC licensed and the client code is isolated in smtpc.c, 
> so feel
> free to reuse.
> 

Thank you! I will have a look to it!

Manfred

-- 
Manfred Rebentisch



pEpkey.asc
Description: application/pgp-keys


Re: New syntax and virtual aliases to remote addresses.

2019-09-02 Thread gilles
September 2, 2019 3:35 PM, "Reio Remma"  wrote:
> Hello!
> 
> I was able to have virtual aliases pointing to external addresses with the 
> old syntax, but it
> doesn't seem to work like that with new rules:
> 

Not awake enough to process what follows but the new syntax certainly allows 
this
as my whole infrastructure depends on it ;-)

I suspect that there's a problem with the ruleset that prevents external 
addresses
from matching a rule themselves.


> action filter_incoming relay host smtp://127.0.0.1:10024
> action sign_outgoing   relay host smtp://127.0.0.1:10026
> action relay_outgoing  relay
> action deliver_lmtplmtp "/var/run/dovecot/lmtp" rcpt-to virtual 
>  userbase 
> 
> match tag FILTERED for domain  action deliver_lmtp
> match tag SIGNED   for any action relay_outgoing
> match auth from anyfor domain  action deliver_lmtp
> match from any for domain  rcpt-to  action 
> filter_incoming
> match auth from anyfor any action sign_outgoing
> 
> Old rules were:
> 
> accept tagged Filtered for domain  virtual  userbase 
>  deliver to lmtp
> "/var/run/dovecot/lmtp" rcpt-to
> accept from local  for domain  virtual  userbase 
>  deliver to lmtp
> "/var/run/dovecot/lmtp" rcpt-to
> accept from !local for domain  recipient  relay via 
> smtp://127.0.0.1:10024
> accept tagged Signed   for any relay
> accept from local  for any relay via smtp://127.0.0.1:10026
> 
> recipi...@mydomain.com used to be nicely redirected to a remote 
> recipi...@someotherdomain.com, but
> with the new syntax it doesn't hit any rules.
> 
> I found that adding "match tag FILTERED for any action relay_outgoing" after 
> "match tag FILTERED
> for domain  action deliver_lmtp" solves the issue.
> 
> I suspect that the old "accept tagged Filtered" went straight to MTA after 
> expanding the virtual
> alias?
> 
> Does it sound right to "match tag FILTERED for any" after dealing with 
> FILTERED for our domains?
> 
> Can I do anything about DKIM breaking for forwarded mails?
> 
> Thanks,
> Reio



Re: OpenSMTP as a library

2019-09-02 Thread gilles
September 2, 2019 3:59 PM, "Manfred Rebentisch"  wrote:

> Hello,
> I am new to OpenSMTP and in this mailinglist.
> 

Hello and welcome,


> Is it possible to use OpenSMTP as a library to use mail send
> functionality from my C / C++ software?
> 
> I want to replace the old and unsupported esmtp library.
> 

Nope, OpenSMTPD is a standalone daemon and doesn't ship or build any kind of 
library.

However, the code is ISC licensed and the client code is isolated in smtpc.c, 
so feel
free to reuse.

> Thank you for an answer in advance
> 

Np,



OpenSMTP as a library

2019-09-02 Thread Manfred Rebentisch
Hello,
I am new to OpenSMTP and in this mailinglist.

Is it possible to use OpenSMTP as a library to use mail send
functionality from my C / C++ software?

I want to replace the old and unsupported esmtp library.

Thank you for an answer in advance

Manfred


-- 
Manfred Rebentisch



pEpkey.asc
Description: application/pgp-keys


New syntax and virtual aliases to remote addresses.

2019-09-02 Thread Reio Remma

Hello!

I was able to have virtual aliases pointing to external addresses with 
the old syntax, but it doesn't seem to work like that with new rules:


action filter_incoming relay host smtp://127.0.0.1:10024
action sign_outgoing   relay host smtp://127.0.0.1:10026
action relay_outgoing  relay
action deliver_lmtp    lmtp "/var/run/dovecot/lmtp" rcpt-to virtual 
 userbase 


match tag FILTERED for domain  action deliver_lmtp
match tag SIGNED   for any action relay_outgoing
match auth from any    for domain  action deliver_lmtp
match from any for domain  rcpt-to  action 
filter_incoming

match auth from any    for any action sign_outgoing

Old rules were:

accept tagged Filtered for domain  virtual  userbase 
 deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to
accept from local  for domain  virtual  userbase 
 deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to
accept from !local for domain  recipient  relay 
via smtp://127.0.0.1:10024

accept tagged Signed   for any relay
accept from local  for any relay via smtp://127.0.0.1:10026

recipi...@mydomain.com used to be nicely redirected to a remote 
recipi...@someotherdomain.com, but with the new syntax it doesn't hit 
any rules.


I found that adding "match tag FILTERED for any action relay_outgoing" 
after "match tag FILTERED for domain  action deliver_lmtp" 
solves the issue.


I suspect that the old "accept tagged Filtered" went straight to MTA 
after expanding the virtual alias?


Does it sound right to "match tag FILTERED for any" after dealing with 
FILTERED for our domains?


Can I do anything about DKIM breaking for forwarded mails?

Thanks,
Reio



Re: Virtual User handling

2019-09-02 Thread Reio Remma

On 30/08/2019 18:00, Ede Wolf wrote:

Hello,

While trying to learn opensmtpd, amongst other things I am struggeling 
with the virtual user handling - for a non virtual domain setup.


From what I have been able to understand so far it seems, as if there 
is no way to deliver mails to a lmtp socket, if there is not at least 
some reference/mapping to a system user?


accept from any for domain "example.com" recipient  alias 
 deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody


where vusers contains:
b...@example.com

However, despite being listed in vusers, when trying to send a mail to 
bob, it gets rejected with "550 Invalid recipient". Creating a 
systemuser "bob" makes it work. But then I do not need the vusers 
table, so I am wondering, is it possible to get along without the need 
for a system user?
Now the man page mentions a userbase parameter, and I assume, the 
according table has to be in the format of the userinfo table 
mentioned in tables(5)?
What then effectively again refers to a system user - just with a 
mapping in between.


For virtual aliases you need to have a mapping of a virtual address to a 
user:


table vusers { b...@example.com = bob }

You might try this:

accept from any for domain "example.com" virtual  deliver to 
lmtp "/run/cyrus/lmtp" rcpt-to


The userbase parameter is handy if you deliver to mailboxes straight 
from OpenSMTPD or you want OpenSMTPD to read the users .forward files:


table userinfo { bob = 5000:5000:/var/mail/example.com/bob }

accept from any for domain "example.com" virtual  userbase 
 deliver to lmtp "/run/cyrus/lmtp" rcpt-to


Good luck,
Reio




Re: Virtual User handling

2019-09-02 Thread Reio Remma

On 02/09/2019 10:35, Ede Wolf wrote:

Hello Edgar,

thanks very much for your in depth reply and the effort you've put 
into it.


As for the "user" keyword, the way I understand this, it that it 
equals the "as" statement in the old version.


... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-


I'm using multiple virtual domains myself and delivering to Dovecot via 
LMTP with no user parameter. I _suspect_ it's more useful when you let 
OpenSMTPD to deliver straight to mailboxes.


Back to your reply: That catchall from your example in "@ catchall" is 
not a keyword, is it? But a local user accout?


@example.com need to be aliased to a real mail account to receive all these.


> but some real user has to own the mailbox...

Care to explain, why is that? From my unknowledgable point of view, 
the mailbox handling should be done on the other side of the lmtpd 
socket. This misconception is at the very heart of my question.


Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
is translating the aliases and which rules it's matching etc.


Good luck,
Reio




Re: Building 6.4.2p1 without ssl?

2019-09-02 Thread Reio Remma
I would suggest getting the latest portable branch from Github - that 
compiles nicely with OpenSSL.


Good luck,
Reio

On 02/09/2019 10:48, Ede Wolf wrote:

Hello,

trying to compile opensmtp it fails with openssl errors, so I've tried 
to specify --without-libssl at configure time, as at least for testing 
and learning the basics it is not really that important, but it does 
not seem to get honored.


Any idea, what I may have to change?

Thanks

Ede



In case anybody has an idea for building with openssl, here are the 
final words of the compiler:



# gcc --version
gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0

# openssl version
OpenSSL 1.1.1c  28 May 2019



...

gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake 
-march=skylake -fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall 
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fmt_scaled.o fmt_scaled.c

fmt_scaled.c: In function 'fmt_scaled':
fmt_scaled.c:243:52: warning: '%1lld' directive output may be 
truncated writing between 1 and 17 bytes into a region of size between 
0 and 5 [-Wformat-truncation=]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
    ^
fmt_scaled.c:243:46: note: directive argument in the range 
[-9007199254740991, 9007199254740991]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
  ^~
In file included from /usr/include/stdio.h:867,
 from openbsd-compat.h:189,
 from includes.h:67,
 from fmt_scaled.c:41:
/usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' 
output between 5 and 40 bytes into a destination of size 7

   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~
    __bos (__s), __fmt, __va_arg_pack ());
    ~
gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake 
-march=skylake -fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall 
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fparseln.o fparseln.c

rm -f libopenbsd-compat.a
/usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o 
bsd-misc.o bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o 
getopt.o imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o 
recallocarray.o setproctitle.o setresguid.o strlcat.o strlcpy.o 
strmode.o strtonum.o strsep.o vis.o xmalloc.o crypt_checkpass.o  
bsd-closefrom.o   bsd-err.o errc.o fmt_scaled.o  fparseln.o

ranlib libopenbsd-compat.a
make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat'
Making all in mk
make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk'
Making all in smtpd
make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd'
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
-DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H 
-DIO_SSL -DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o 
../../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' || echo 
'./'`../../smtpd/aliases.c

../../smtpd/aliases.c: In function 'aliases_get':
../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table    *userbase = NULL;
   ^~~~
../../smtpd/aliases.c: In function 'aliases_virtual_get':
../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table    *userbase = NULL;
   ^~~~
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 

Building 6.4.2p1 without ssl?

2019-09-02 Thread Ede Wolf

Hello,

trying to compile opensmtp it fails with openssl errors, so I've tried 
to specify --without-libssl at configure time, as at least for testing 
and learning the basics it is not really that important, but it does not 
seem to get honored.


Any idea, what I may have to change?

Thanks

Ede



In case anybody has an idea for building with openssl, here are the 
final words of the compiler:



# gcc --version
gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0

# openssl version
OpenSSL 1.1.1c  28 May 2019



...

gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fmt_scaled.o fmt_scaled.c

fmt_scaled.c: In function 'fmt_scaled':
fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated 
writing between 1 and 17 bytes into a region of size between 0 and 5 
[-Wformat-truncation=]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
^
fmt_scaled.c:243:46: note: directive argument in the range 
[-9007199254740991, 9007199254740991]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
  ^~
In file included from /usr/include/stdio.h:867,
 from openbsd-compat.h:189,
 from includes.h:67,
 from fmt_scaled.c:41:
/usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' 
output between 5 and 40 bytes into a destination of size 7

   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
  ^~~~
__bos (__s), __fmt, __va_arg_pack ());
~
gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fparseln.o fparseln.c

rm -f libopenbsd-compat.a
/usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o 
bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o 
imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o 
setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o 
strsep.o vis.o xmalloc.o  crypt_checkpass.o  bsd-closefrom.o   bsd-err.o 
errc.o  fmt_scaled.o  fparseln.o

ranlib libopenbsd-compat.a
make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat'
Making all in mk
make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk'
Making all in smtpd
make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd'
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
-DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL 
-DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o 
../../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' || echo 
'./'`../../smtpd/aliases.c

../../smtpd/aliases.c: In function 'aliases_get':
../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table*userbase = NULL;
   ^~~~
../../smtpd/aliases.c: In function 'aliases_virtual_get':
../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table*userbase = NULL;
   ^~~~
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
-DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL 
-DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall 

Re: Virtual User handling

2019-09-02 Thread Ede Wolf

Hello Edgar,

thanks very much for your in depth reply and the effort you've put into it.

As for the "user" keyword, the way I understand this, it that it equals 
the "as" statement in the old version.


... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-

Does however not work as I imangined. I am currently trying to get 6.4.2 
up and running this week, see next thread.


Back to your reply: That catchall from your example in "@ catchall" is 
not a keyword, is it? But a local user accout?


> but some real user has to own the mailbox...

Care to explain, why is that? From my unknowledgable point of view, the 
mailbox handling should be done on the other side of the lmtpd socket. 
This misconception is at the very heart of my question.


The idea being that smtpd connects to the lmtp socket as user "nobody" 
(in my example) and delivers the mail to whatever is watining on the 
other side. So the only privileges required should be to connect to the 
socket, what in turn requires a system user.


Basically I am hoping to get the same behaviour for lmtp devilvery as 
for relay, where I can specify a mail-from list and it works like a 
charm, from a 6.5 installation:


action "relay" relay host smtp+notls://192.168.1.1:25
match mail-from  for domain "example.com" action "relay"

Maybe with 6.4.2p with will also work with lmtp. Will hopefully be able 
to test that later this week and report back



Thanks again

Ede


Am 31.08.19 um 19:14 schrieb Edgar Pettijohn:

On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote:

On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:

Hello,




Semi complete example at the bottom. I'll leave it to you to reverse translate
to the old syntax. I didn't notice till after I was done and am too lazy to
change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user'
keyword that can be used in an action:

  user username
  Specify the username for performing the delivery, to be
  looked up with getpwnam(3).

  This is used for virtual hosting where a single username
  is in charge of handling delivery for all virtual users.

  This option is not usable with the mbox delivery method.

Not sure if its available in whichever version you are using, but may make
things easier enough to warrant an upgrade.
  

While trying to learn opensmtpd, amongst other things I am struggeling with
the virtual user handling - for a non virtual domain setup.

 From what I have been able to understand so far it seems, as if there is no
way to deliver mails to a lmtp socket, if there is not at least some
reference/mapping to a system user?

accept from any for domain "example.com" recipient  alias 
deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody

where vusers contains:


vusers would need to be `key => value' pairs


b...@example.com


This is a list. More suitable for a vdomains table.



However, despite being listed in vusers, when trying to send a mail to bob,
it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
makes it work. But then I do not need the vusers table, so I am wondering,
is it possible to get along without the need for a system user?
Now the man page mentions a userbase parameter, and I assume, the according
table has to be in the format of the userinfo table mentioned in tables(5)?
What then effectively again refers to a system user - just with a mapping in
between.

My attempts with a single userlist instead so far either resulted in a
'invalid use of table "susers" as USERBASE parameter' or simply a syntax
error.

Is that assumption correct? Is there no way of keeping virtual users
completely off the system or did I get something terribly wrong? Even when
not using mbox/Maildir at all, where this requirement could make sense?



They are off the system, but some real user has to own the mailbox, etc...
  

And since user filtering will eventually be done at an earlier stage, I
would like smtpd to be able to unconditionally forward any mail unaltered
(except aliases) to the lmtp socket.

So, in addition to bob@example as for the tests com I would like to be able
to use *@example.com or just example.com to not do any user checking at all.
Depending on the syntax requirements.

Is it possible to deactivate the user checking one way or the other?


you could use a catchall

/etc/mail/vusers

@   catchall



Thanks for any insight or heads up on what I may have missed or
misunderstood.


Ede



groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m
chown -R vmail.vmail /var/vmail

/etc/mail/userinfo

bob 5000:5000:/var/vmail/bob

/etc/mail/vusers

b...@example.combob

/etc/mail/smtpd.conf snippet

action "a01" lmtp "/var/cyrus/lmtp" rcpt-to  userbase  virtual 

# may need to finesse the above. I'm not using cyrus or userbase table, so not 
100 percent
# sure if it will work as is.

match from all for