Re: Virtual User handling

2019-09-06 Thread Edgar Pettijohn

On Sep 6, 2019 12:40 PM, Ede Wolf  wrote:
>
> Am 06.09.19 um 18:59 schrieb Edgar Pettijohn:
> > Sounds like the mail.lmtp program is missing or not where it belongs. 
> > Should live somewhere in /usr/local/libexec. Find it and let us know where 
> > it is and somebody can probably tell you where it needs to be. Or it just 
> > didn't get built for some reason.
>
> So it is a binary, thats useful information. Having specified /opt/smtpd 
> as prefix during ./configure, it is located here:
>
> /opt/smptd/libexec/opensmtpd/mail.lmtp
>

Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build 
tools bug.

> Since libexec is usually not path aynway, I wonder, how to make smtpd 
> recognize it, if --prefix is not honored?
>
>
> > Your copy is apparently different from mine.
>
>
> Nope. I've cited smtpd.conf (from the opensmtpd homepage), you have 
> looked into tables. Since userbase is the only location I've come along 
> that uses the userinfo table, I've went with the attribute, not the 
> argument.
>

Agreed. Must be a bug in the documentation or the daemon. My bet is the manual 
is wrong.

Edgar
> Thanks again for helping out!
>
> Ede
>


Re: Virtual User handling

2019-09-06 Thread Edgar Pettijohn

On Sep 6, 2019 10:46 AM, Ede Wolf  wrote:
>
>
> > Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
> > is translating the aliases and which rules it's matching etc.
>
> This is a really helpful command. Maybe using that I can be a bit more 
> precise in defining my confusion.
>
> My simple setup, git pulled and build yesterday:
>
>
> action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
> match from any for domain "example.com" rcpt-to  action deliver
>
>
> With "musers" only containing good ole b...@example.com and "lmtpd" being 
> a regular system user. Bob is not known to the system. And shall not.
>
> Now, the man page reads:
>
> user username
> Specify the username for performing the delivery, to be looked up with 
> getpwnam(3).
>
> and:
>
> userbase 
> Use the mapping table for user lookups instead of the getpwnam(3) function.
> ->The userbase does not apply for the user option.<-
>

Your copy is apparently different from mine.

Userinfo tables

User info tables are used in rule context to specify an alternate user base, 
mapping virtual users to local system users by UID, GID and home directory.

action name method userbase 

A userinfo table looks as follows:

joe 1000:100:/home/virtual/joe jack 1000:100:/home/virtual/jack 

In this example, both joe and jack are virtual users mapped to the local system 
user with UID 1000 and GID 100, but different home directories. These 
directories may contain a forward(5) file. This can be used in conjunction with 
an alias table that maps an email address or the domain part to the desired 
virtual username. For example:

j...@example.org joe j...@example.com jack 

It has to map to a system user.
If you want it to be lmtpd just replace the 1000:100 above with lmtpds uid:gid

> So my "user" attribute is lmtpd, a regular system user. But:
>
> af0267593be5b0a1 smtp connected address=
> expand: 0x5598b9f68328: expand_insert() called for 
> address:b...@example.com[parent=(nil), rule=(nil)]
> expand: 0x5598b9f68328: inserted node 0x5598b9f6a020
> expand: lka_expand: address: b...@example.com [depth=0]
> lookup: match "1.2.3.4" as NETADDR in table static: -> true
> lookup: match "example.com" as DOMAIN in table static: -> true
> lookup: match "b...@example.com" as MAILADDR in table static:musers -> true
> rule #1 matched: match from any for domain  rcpt-to musers 
> action deliver
> expand: 0x5598b9f68328: expand_insert() called for 
> username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, 
> dispatcher=0x5598b9f79750]
> expand: 0x5598b9f68328: inserted node 0x5598b9f6a580
>
> expand: lka_expand: username: bob [depth=1, sameuser=0]
> lookup: lookup "bob" as USERINFO in table getpwnam: -> none
> expand: lka_expand: user-part does not match system user
> expand: 0x5598b9f68328: clearing expand tree
> af0267593be5b0a1 smtp failed-command command="RCPT TO:" 
> result="550 Invalid recipient: "
>
> The problem is obviously: "lookup "bob" as USERINFO in table 
> getpwnam: -> none"
>
>
>
> Now the local delivery should be done with the user lmtpd, why is user 
> "bob" then looked up at all via USERINFO getpwman, instead of lmtpd, 
> when userinfo shall not be used with the "user" attribute.
>
> Wether "userbase" is invoked via getpwnam or a USERINFO table, should 
> make no difference? It should not be used, when the "user" attribute is 
> being used?
>
> Automagically I should add, I have not defined the userbase parameter 
> anywhere in my config.
>
> Hopefully I've been able to narrow down my lack of comprehention. There 
> is something in the manpage I get wrong.
>
> Thanks
>
> Ede
>


Re: Virtual User handling

2019-09-06 Thread Ede Wolf
Side note. While I would still like to understand, what I am 
misunderstanding, practically, I've had some more success with using a 
virtual catchall table, as recommended before by Edgar. However, there 
is still one local error I do not yet comprehend:


"Error being: stat=Error (temporary failure: "mail.lmtp: No such file or 
directoryconnect")"


And I am not sure, what is smtpd looking for or missing exactly? It 
likey has to do with me using non standard paths, but that again may be 
helpful for understanding.


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual  
user lmtpd

match from any for domain "example.com" action deliver

with vusers reading:
@ lmtpd


Here is a more complete log:


2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net
expand: 0x56169b994348: expand_insert() called for 
address:m...@example.com[parent=(nil), rule=(nil)]

expand: 0x56169b994348: inserted node 0x56169b996040
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain  action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b993b40: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b993b40: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: inserted node 0x56169b996b00
expand: 0x56169b993b40: clearing expand tree
expand: 0x56169b993b40: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b98d140: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b98d140: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: setting sameuser = 1
expand: 0x56169b994348: inserted node 0x56169b997060
expand: 0x56169b98d140: clearing expand tree
expand: 0x56169b98d140: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"

expand: no .forward for user lmtpd, just deliver
expand: 0x56169b994348: clearing expand tree
smtp: 0x56047ce92b90: fd 14 from queue
smtp: 0x56047ce92b90: message fd 14
smtp: 0x56047ce92b90: message begin
debug: 0x56047ce92b90: end of message, error=0
2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP
2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 
from= to=

debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda)
mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" 
evpid fd6b9892d5ac7196

debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd
debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196
debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited 
abnormally
2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 
from= to= rcpt= 
user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: 
"mail.lmtp: No such file or directoryconnect")

debug: mda: session 2c4cbc6e7f005bc1 done
debug: mda: user "lmtpd" becomes runnable
debug: mda: all done for user ":lmtpd"



Am 06.09.19 um 17:46 schrieb Ede Wolf:


Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how 
OpenSMTPD is translating the aliases and which rules it's matching etc.


This is a really helpful command. Maybe using that I can be a bit more 
precise in defining my confusion.


My simple setup, git pulled and build yesterday:


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
match from any for domain "example.com" rcpt-to  action deliver


With "musers" only containing good ole 

Re: Virtual User handling

2019-09-06 Thread Ede Wolf



Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
is translating the aliases and which rules it's matching etc.


This is a really helpful command. Maybe using that I can be a bit more 
precise in defining my confusion.


My simple setup, git pulled and build yesterday:


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
match from any for domain "example.com" rcpt-to  action deliver


With "musers" only containing good ole b...@example.com and "lmtpd" being 
a regular system user. Bob is not known to the system. And shall not.


Now, the man page reads:

user username
Specify the username for performing the delivery, to be looked up with 
getpwnam(3).


and:

userbase 
Use the mapping table for user lookups instead of the getpwnam(3) function.
->The userbase does not apply for the user option.<-

So my "user" attribute is lmtpd, a regular system user. But:

af0267593be5b0a1 smtp connected address=
expand: 0x5598b9f68328: expand_insert() called for 
address:b...@example.com[parent=(nil), rule=(nil)]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a020
expand: lka_expand: address: b...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
lookup: match "b...@example.com" as MAILADDR in table static:musers -> true
rule #1 matched: match from any for domain  rcpt-to musers 
action deliver
expand: 0x5598b9f68328: expand_insert() called for 
username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, 
dispatcher=0x5598b9f79750]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a580

expand: lka_expand: username: bob [depth=1, sameuser=0]
lookup: lookup "bob" as USERINFO in table getpwnam: -> none
expand: lka_expand: user-part does not match system user
expand: 0x5598b9f68328: clearing expand tree
af0267593be5b0a1 smtp failed-command command="RCPT TO:" 
result="550 Invalid recipient: "


The problem is obviously: "lookup "bob" as USERINFO in table 
getpwnam: -> none"




Now the local delivery should be done with the user lmtpd, why is user 
"bob" then looked up at all via USERINFO getpwman, instead of lmtpd, 
when userinfo shall not be used with the "user" attribute.


Wether "userbase" is invoked via getpwnam or a USERINFO table, should 
make no difference? It should not be used, when the "user" attribute is 
being used?


Automagically I should add, I have not defined the userbase parameter 
anywhere in my config.


Hopefully I've been able to narrow down my lack of comprehention. There 
is something in the manpage I get wrong.


Thanks

Ede