Re: Portable buildung issues

2019-10-23 Thread Ede Wolf
Negative:

/data/git/opensmtp # qlist -Iv libressl
dev-libs/libressl-3.0.2

/data/git/opensmtp # qlist -Iv libevent
dev-libs/libevent-2.1.8

/data/git/opensmtp # make
make  all-recursive
make[1]: Entering directory '/data/git/opensmtp'
Making all in openbsd-compat
make[2]: Entering directory '/data/git/opensmtp/openbsd-compat'
gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -march=skylake -fomit-frame-pointer 
-O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare 
-Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign 
-Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o arc4random.o arc4random.c
arc4random.c:167:21: error: macro "arc4random_stir" passed 1 arguments, but 
takes just 0
 arc4random_stir(void)
 ^
arc4random.c:168:1: error: expected '=', ',', ';', 'asm' or '__attribute__' 
before '{' token
 {
 ^
make[2]: *** [Makefile:445: arc4random.o] Error 1
make[2]: Leaving directory '/data/git/opensmtp/openbsd-compat'
make[1]: *** [Makefile:418: all-recursive] Error 1
make[1]: Leaving directory '/data/git/opensmtp'
make: *** [Makefile:350: all] Error 2




Have not tried openssl yet. Anything I can do to help hunting this down?

Ede


On Tue, Oct 22, 2019 at 08:48:52PM +, gil...@poolp.org wrote:
> For what it's worth, it turns out LibreSSL 3.0.2 was released three days ago.
> 
> We have made it possible to build with OpenSSL but our target is still 
> LibreSSL,
> which means that code is written assuming LibreSSL and we test mostly with 
> LibreSSL.
> 
> Unsurprisingly we recommend that package maintainers have OpenSMTPD depend 
> upon LibreSSL,
> and only fallback to OpenSSL if not possible.
> 
> Some features may be lacking when doing that fallback,
> for instance ECDSA server certificates will only work if linked against 
> LibreSSL.
> 
> 
> 
> October 22, 2019 7:01 PM, "Ede Wolf"  wrote:
> 
> > Thanks for the heads up. Last time I have been using libressl 2.9.2, I'll 
> > give 3.0.1 a go, it
> > happens to be in the repos as well, just not marked as stable.
> > 
> > Ede
> > 
> > Am 22.10.19 um 16:28 schrieb Gilles Chehade:
> > 
> >> Sorry, will expand:
> >> We're in between two LibreSSL releases which is why the LibreSSL you're > 
> >> using is not compatible.
> >> When LibreSSL 3.0.2 is released, it will automagically build with it. > 
> >> LibreSSL 3.0.1 development
> >> version is already working.
> >> LibreSSL remains our target for both OpenBSD and portable but we're kind > 
> >> of in a time warp right
> >> now in between two versions.
> >> On Tue, Oct 22, 2019, 16:23 Gilles Chehade  
> >> >
> >> wrote:
> >> LibreSSL is supported and recommended, this really needs to be fixed
> >> before the 6.6.0p1 portable release.
> >> On Tue, Oct 22, 2019, 14:44 John Smith  >> > wrote:
> >> Hello,
> >> thanks very much for all your replies. In deed, I rebuild world
> >> replacing openssl with libressl, basically only for opensmtpd.
> >> So it is the github issue. I knew smtpd portable supports
> >> openssl, but it did not come to my mind, that libressl is not
> >> supported at all for the portable version, openssl being just
> >> being an extra service, so I thought I'll do it something good.
> >> I'll revert to openssl and report back. May take a day or two.
> >> Thanks again
> >> Ede



Re: Portable buildung issues

2019-10-22 Thread Ede Wolf
Thanks for the heads up. Last time I have been using libressl 2.9.2, 
I'll give 3.0.1 a go, it happens to be in the repos as well, just not 
marked as stable.


Ede



Am 22.10.19 um 16:28 schrieb Gilles Chehade:

Sorry, will expand:

We're in between two LibreSSL releases which is why the LibreSSL you're 
using is not compatible.


When LibreSSL 3.0.2 is released, it will automagically build with it. 
LibreSSL 3.0.1 development version is already working.


LibreSSL remains our target for both OpenBSD and portable but we're kind 
of in a time warp right now in between two versions.


On Tue, Oct 22, 2019, 16:23 Gilles Chehade > wrote:


LibreSSL is supported and recommended, this really needs to be fixed
before the 6.6.0p1 portable release.

On Tue, Oct 22, 2019, 14:44 John Smith mailto:lis...@nebelschwaden.de>> wrote:

Hello,

thanks very much for all your replies. In deed, I rebuild world
replacing openssl with libressl, basically only for opensmtpd.
So it is the github issue. I knew smtpd portable supports
openssl, but it did not come to my mind, that libressl is not
supported at all for the portable version, openssl being just
being an extra service, so I thought I'll do it something good.

I'll revert to openssl and report back. May take a day or two.

Thanks again

Ede







Re: Portable buildung issues

2019-10-22 Thread Ede Wolf
Sorry, it's a gentoo linux system

Ede


On Tue, Oct 22, 2019 at 11:45:43AM +, gil...@poolp.org wrote:
> we really really really need more details, I have no idea what system that is 
> :-)
> 
> October 22, 2019 1:38 PM, "John Smith"  wrote:
> 
> > Hello,
> > 
> > cloned today, I am having problems building smtpd. After configure:
> > 
> > /data/git/opensmtp # make
> > make all-recursive
> > make[1]: Entering directory '/data/git/opensmtp'
> > Making all in openbsd-compat
> > make[2]: Entering directory '/data/git/opensmtp/openbsd-compat'
> > gcc -DHAVE_CONFIG_H -I. -I.. -I../smtpd -I../openbsd-compat 
> > -I../openbsd-compat/err_h
> > -I/usr/include -march=skylake -fomit-frame-pointer -O2 -pipe -fPIC -DPIC 
> > -Wall -Wpointer-arith
> > -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess 
> > -Wno-pointer-sign
> > -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fPIE 
> > -D_BSD_SOURCE -D_DEFAULT_SOURCE
> > -c -o arc4random.o arc4random.c
> > arc4random.c:167:21: error: macro "arc4random_stir" passed 1 arguments, but 
> > takes just 0
> > arc4random_stir(void)
> > ^
> > arc4random.c:168:1: error: expected '=', ',', ';', 'asm' or '__attribute__' 
> > before '{' token
> > {
> > ^
> > make[2]: *** [Makefile:445: arc4random.o] Error 1
> > make[2]: Leaving directory '/data/git/opensmtp/openbsd-compat'
> > make[1]: *** [Makefile:418: all-recursive] Error 1
> > make[1]: Leaving directory '/data/git/opensmtp'
> > make: *** [Makefile:350: all] Error 2
> > 
> > Any idea what I might be missing? As I have a rather minimal system, some 
> > package my be lacking.
> > Any further details that are needed?
> > 
> > Thanks
> > 
> > Ede
> 



Re: Handling of mailing list (or other non system) accounts

2019-10-06 Thread Ede Wolf
Hello Edgar,

thanks for getting back. The interesting part, I've never seen this
mail/question actually make it to this list.

I have posted a follow up message, that I also have not seen make it to
the list, where the problem has been marked as solved. 

It turned out to me initially misreading the logs and to be a fetchmail
problem, as a means to test inbound functionality after successfully
using telnet, in that the newer fetchmail version needs the
"dropdelivered" argument, that has never been needed on the (admitedly
rather) old install. 

The problem occured not only with opensmtpd, but also with postfix,
that I temporarily switched back in trying to to avoid larger damage,
after all these mails have been bounced from my non legit mta. 

As precaution, I did block the way out to our smarhost, but
of course the line for outgoing mails was commented out. Bad night. 

Without this fetchmail option, both mta refused to accept any mails
handed over by fetchmail and in turn ran into a loop, that caused all
that bouncing. I have to admit to not yet really having understood
the issue. 
But it works now as expected and I am currently fighting strange
outbound behaviour, that has been the reason for deactivating the
outbound command in first place. But that'll be a different issue. 

Ede


Am Sat, 5 Oct 2019 17:45:03 -0500
schrieb Edgar Pettijohn :

> > > 
> > > Accepting mails for user known to the system works, but what I
> > > haven't though about, are mailing lists. And probably, also mails
> > > to be recieved in
> > > [B]CC could be affected.
> > > 
> > > As those are not directly adressed to any account known to the
> > > system, but
> > > f.e "misc@opensmtpd.org", opensmtpd rejects them with an "550
> > > Invalid recipient"
> 
> sounds like a good response to me
> 
> > > 
> > > That is a problem I have currently no idea on how to deal with
> > > this.
> > > 
> 
> I don't understand how not accepting mails that you have no user to
> accept is a problem. 
> 
> 
> > > Any insides?
> > > 
> 
> I think you need to provide more information about what you want to
> happen and what is happening.
> 
> > > Thanks again
> > > 
> > > Thanks Ede
> >
> 
> Edgar 
> 




Re: Virtual User handling

2019-09-08 Thread Ede Wolf

Hooray,

I think I have it now. The lmtpd user was member of the goup "mail", 
that is required to access the socket, however, it was not it's primary 
group. Seems like opensmtpd does not like the non primary groups.


I've changed this and it seems to work now - besides mary not having a 
mailbox, but that is on the other side of the socket and ok:


b2e883cb2493b807 mda delivery evpid=bb707c97fa5b562b 
from= to= rcpt= 
user=lmtpd delay=2m40s result=TempFail stat=Error (temporary failure: 
"mail.lmtp: LMTP server error: 550-Mailbox unknown.  Either there is no 
mailbox associated with this")



What is still bite me, why the error changed from

mail.lmtp: No such file or directoryconnect

to

mail.lmtp: Permission deniedconnect


All that I can remember I've done was a restart (or poweron today, after 
I've powered off yesterday).


Anyway, thanks to all for your time, support and hints. I'll silently 
try to figure out the cause for the change in the errormessage and then 
we may move on to filtering.


Thanks very much again!


Ede


Am 08.09.19 um 17:22 schrieb Reio Remma:

On 07.09.2019 12:53, Ede Wolf wrote:
Excellent idea, however, the error stays the same. No change, despite copying 
the whole opensmtpd folder to /usr/local/libexec

result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or 
directoryconnect")


I purposefully mistyped the Dovecot LMTP socket in my config and got the same 
message.

Sep  7 13:26:28 host smtpd[26873]: 7cde0d1cf207f8f3 mda delivery evpid=b96774ed55a5492e from=<> 
to=<> rcpt=<> user=3 delay=0s result=TempFail stat=Error (temporary failure: "mail.lmtp: 
No such file or directoryconnect")

I suspect your problem is that there is no Cyrus LMTP listening in 
/run/cyrus/socket/lmtp:

action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd

Do you actually use Cyrus IMAP?

Good luck,
Reio







Re: Virtual User handling

2019-09-08 Thread Ede Wolf





https://manpages.debian.org/testing/cyrus-common/cyrus-lmtpd.8.en.html



Sorry. Great idea, but AFAIK the cyrus lmtpd is activated on demand by 
the cyrus master process. But I can verify, that either the unix- or the 
tcp socket are there. And the unix socket is writeable by the opensmtpd 
lmtpd user.


Additionally, I believe the error message from smtpd to be pretty clear 
about mail.lmtp not being found.


But of course, as this may be a follow up error, I will try to verify 
the lmtp socket with postfix.


Thanks

Ede




Re: Virtual User handling

2019-09-08 Thread Ede Wolf






Looks like lmtpd isn't running.



Not sure wether there is such a thing as a lmtpd service? lmtpd is the 
name of the user, that is supposed to connect to the socket.


A bit unlucky naming maybe, but the "d" stands for deliver, not daemon.

But may I am missing something else



Re: Virtual User handling

2019-09-07 Thread Ede Wolf

So it is a binary, thats useful information. Having specified /opt/smtpd
as prefix during ./configure, it is located here:

/opt/smptd/libexec/opensmtpd/mail.lmtp



Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build 
tools bug.



Excellent idea, however, the error stays the same. No change, despite 
copying the whole opensmtpd folder to /usr/local/libexec



Even strace does not reveal the path it is looking for:


expand: 0x56284c3f4338: expand_insert() called for 
address:m...@example.com[parent=(nil), rule=(nil)]

expand: 0x56284c3f4338: inserted node 0x56284c3f6030
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "37.120.186.114" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain  action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3f3b10: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56284c3f3b10: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for 
username:lmtpd[parent=0x56284c3f6030, rule=0x56284c403e50, 
dispatcher=0x56284c405750]

expand: 0x56284c3f4338: inserted node 0x56284c3f6af0
expand: 0x56284c3f3b10: clearing expand tree
expand: 0x56284c3f3b10: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3ed110: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56284c3ed110: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for 
username:lmtpd[parent=0x56284c3f6af0, rule=0x56284c403e50, 
dispatcher=0x56284c405750]

expand: 0x56284c3f4338: setting sameuser = 1
expand: 0x56284c3f4338: inserted node 0x56284c3f7050
expand: 0x56284c3ed110: clearing expand tree
expand: 0x56284c3ed110: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"

[{EPOLLIN, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12)   = 0
close(13)   = 0
recvmsg(6, {msg_name=NULL, msg_namelen=0, 
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\237\25\0\0[\300\213\3725\333\374!\0lmtpd\0\0"..., 
iov_len=65535}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392

stat("/opt/smptd/var/lmtpd", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
openat(AT_FDCWD, "/opt/smptd/var/lmtpd/.forward", 
O_RDONLY|O_NONBLOCK|O_NOFOLLOW) = -1 ENOENT (No such file or directory)

epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e5fdc) = 0
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_wait(3, [{EPOLLOUT, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
sendmsg(6, {msg_name=NULL, msg_namelen=0, 
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\234\25\0\0[\300\213\3725\333\374!\1lmtpd\0\0"..., 
iov_len=4392}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=6, u64=6}}expand: no 
.forward for user lmtpd, just deliver

) = 0
epoll_wait(3, expand: 0x56284c3f4338: clearing expand tree
smtp: 0x564267537b60: fd 14 from queue
smtp: 0x564267537b60: message fd 14
smtp: 0x564267537b60: message begin
debug: 0x564267537b60: end of message, error=0
21fcdb35fa8bc05b smtp message msgid=22c2f515 size=245 nrcpt=1 proto=ESMTP
21fcdb35fa8bc05b smtp envelope evpid=22c2f5151c4decec 
from= to=

debug: scheduler: evp:22c2f5151c4decec scheduled (mda)
mda: new user 21fcdb36b331cade for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 21fcdb37f01f7374 for user ":lmtpd" 
evpid 22c2f5151c4decec

debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 21fcdb37f01f7374 evpid 
22c2f5151c4decec
debug: mda: querying mda fd for session 21fcdb37f01f7374 evpid 
22c2f5151c4decec

[{EPOLLIN, {u32=7, u64=7}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 7, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12)   = 0
close(13)   = 0
recvmsg(7, 

Re: Virtual User handling

2019-09-06 Thread Ede Wolf
Side note. While I would still like to understand, what I am 
misunderstanding, practically, I've had some more success with using a 
virtual catchall table, as recommended before by Edgar. However, there 
is still one local error I do not yet comprehend:


"Error being: stat=Error (temporary failure: "mail.lmtp: No such file or 
directoryconnect")"


And I am not sure, what is smtpd looking for or missing exactly? It 
likey has to do with me using non standard paths, but that again may be 
helpful for understanding.


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual  
user lmtpd

match from any for domain "example.com" action deliver

with vusers reading:
@ lmtpd


Here is a more complete log:


2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net
expand: 0x56169b994348: expand_insert() called for 
address:m...@example.com[parent=(nil), rule=(nil)]

expand: 0x56169b994348: inserted node 0x56169b996040
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain  action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b993b40: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b993b40: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: inserted node 0x56169b996b00
expand: 0x56169b993b40: clearing expand tree
expand: 0x56169b993b40: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b98d140: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b98d140: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: setting sameuser = 1
expand: 0x56169b994348: inserted node 0x56169b997060
expand: 0x56169b98d140: clearing expand tree
expand: 0x56169b98d140: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"

expand: no .forward for user lmtpd, just deliver
expand: 0x56169b994348: clearing expand tree
smtp: 0x56047ce92b90: fd 14 from queue
smtp: 0x56047ce92b90: message fd 14
smtp: 0x56047ce92b90: message begin
debug: 0x56047ce92b90: end of message, error=0
2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP
2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 
from= to=

debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda)
mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" 
evpid fd6b9892d5ac7196

debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd
debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196
debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited 
abnormally
2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 
from= to= rcpt= 
user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: 
"mail.lmtp: No such file or directoryconnect")

debug: mda: session 2c4cbc6e7f005bc1 done
debug: mda: user "lmtpd" becomes runnable
debug: mda: all done for user ":lmtpd"



Am 06.09.19 um 17:46 schrieb Ede Wolf:


Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how 
OpenSMTPD is translating the aliases and which rules it's matching etc.


This is a really helpful c

Re: Virtual User handling

2019-09-06 Thread Ede Wolf



Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
is translating the aliases and which rules it's matching etc.


This is a really helpful command. Maybe using that I can be a bit more 
precise in defining my confusion.


My simple setup, git pulled and build yesterday:


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
match from any for domain "example.com" rcpt-to  action deliver


With "musers" only containing good ole b...@example.com and "lmtpd" being 
a regular system user. Bob is not known to the system. And shall not.


Now, the man page reads:

user username
Specify the username for performing the delivery, to be looked up with 
getpwnam(3).


and:

userbase 
Use the mapping table for user lookups instead of the getpwnam(3) function.
->The userbase does not apply for the user option.<-

So my "user" attribute is lmtpd, a regular system user. But:

af0267593be5b0a1 smtp connected address=
expand: 0x5598b9f68328: expand_insert() called for 
address:b...@example.com[parent=(nil), rule=(nil)]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a020
expand: lka_expand: address: b...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
lookup: match "b...@example.com" as MAILADDR in table static:musers -> true
rule #1 matched: match from any for domain  rcpt-to musers 
action deliver
expand: 0x5598b9f68328: expand_insert() called for 
username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, 
dispatcher=0x5598b9f79750]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a580

expand: lka_expand: username: bob [depth=1, sameuser=0]
lookup: lookup "bob" as USERINFO in table getpwnam: -> none
expand: lka_expand: user-part does not match system user
expand: 0x5598b9f68328: clearing expand tree
af0267593be5b0a1 smtp failed-command command="RCPT TO:" 
result="550 Invalid recipient: "


The problem is obviously: "lookup "bob" as USERINFO in table 
getpwnam: -> none"




Now the local delivery should be done with the user lmtpd, why is user 
"bob" then looked up at all via USERINFO getpwman, instead of lmtpd, 
when userinfo shall not be used with the "user" attribute.


Wether "userbase" is invoked via getpwnam or a USERINFO table, should 
make no difference? It should not be used, when the "user" attribute is 
being used?


Automagically I should add, I have not defined the userbase parameter 
anywhere in my config.


Hopefully I've been able to narrow down my lack of comprehention. There 
is something in the manpage I get wrong.


Thanks

Ede



Re: Building 6.4.2p1 without ssl?

2019-09-03 Thread Ede Wolf

Hello,

Thanks for bringing back openssl support. I've read about it in another 
post from you:


"Note that LibreSSL is my target, OpenSSL is only supported as long as 
it doesn't get in my way and make the code full of ifdefs. I think we'll 
be fine for the years to come..."


so I've thought my setup was broken and as the 6.4.2p1 release was 
relatively recently, I suspected it to being somewhat close to git.


Completely wrong here, thanks to Reio for the heads up, the git version 
build fine with just some warnings. So I will continue my quest for 
lightweight lmtp delivery at the end of the week.


Thanks to all for your help again

Ede.



Am 02.09.19 um 16:29 schrieb gil...@poolp.org:

September 2, 2019 9:48 AM, "Ede Wolf"  wrote:


Hello,

trying to compile opensmtp it fails with openssl errors, so I've tried to 
specify --without-libssl
at configure time, as at least for testing and learning the basics it is not 
really that important,
but it does not seem to get honored.

Any idea, what I may have to change?

Thanks

Ede

In case anybody has an idea for building with openssl, here are the final words 
of the compiler:



OpenSMTPD no longer supports OpenSSL but I made it build again, so the
next release (6.6.0) due in a few weeks will build fine for you on any
supported system that ships with OpenSSL 1.1.x.

There is no way to disable TLS support, this is a mandatory dependency
just like libevent.

Gilles






Building 6.4.2p1 without ssl?

2019-09-02 Thread Ede Wolf

Hello,

trying to compile opensmtp it fails with openssl errors, so I've tried 
to specify --without-libssl at configure time, as at least for testing 
and learning the basics it is not really that important, but it does not 
seem to get honored.


Any idea, what I may have to change?

Thanks

Ede



In case anybody has an idea for building with openssl, here are the 
final words of the compiler:



# gcc --version
gcc (Gentoo 8.3.0-r1 p1.1) 8.3.0

# openssl version
OpenSSL 1.1.1c  28 May 2019



...

gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fmt_scaled.o fmt_scaled.c

fmt_scaled.c: In function 'fmt_scaled':
fmt_scaled.c:243:52: warning: '%1lld' directive output may be truncated 
writing between 1 and 17 bytes into a region of size between 0 and 5 
[-Wformat-truncation=]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
^
fmt_scaled.c:243:46: note: directive argument in the range 
[-9007199254740991, 9007199254740991]

   (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
  ^~
In file included from /usr/include/stdio.h:867,
 from openbsd-compat.h:189,
 from includes.h:67,
 from fmt_scaled.c:41:
/usr/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' 
output between 5 and 40 bytes into a destination of size 7

   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
  ^~~~
__bos (__s), __fmt, __va_arg_pack ());
~
gcc -DHAVE_CONFIG_H -I. -I..  -I../smtpd -I../openbsd-compat 
-I../openbsd-compat/err_h -I/usr/include   -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -c -o fparseln.o fparseln.c

rm -f libopenbsd-compat.a
/usr/bin/ar cru libopenbsd-compat.a base64.o bsd-getpeereid.o bsd-misc.o 
bsd-waitpid.o entropy.o event_asr_run.o fgetln.o freezero.o getopt.o 
imsg.o imsg-buffer.o pidfile.o pw_dup.o reallocarray.o recallocarray.o 
setproctitle.o setresguid.o strlcat.o strlcpy.o strmode.o strtonum.o 
strsep.o vis.o xmalloc.o  crypt_checkpass.o  bsd-closefrom.o   bsd-err.o 
errc.o  fmt_scaled.o  fparseln.o

ranlib libopenbsd-compat.a
make[2]: Leaving directory '/root/build/opensmtpd-6.4.2p1/openbsd-compat'
Making all in mk
make[2]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk'
Making all in smtpd
make[3]: Entering directory '/root/build/opensmtpd-6.4.2p1/mk/smtpd'
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
-DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL 
-DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall -Wpointer-arith 
-Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fPIE -D_BSD_SOURCE 
-D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o 
../../smtpd/smtpd-aliases.o `test -f '../../smtpd/aliases.c' || echo 
'./'`../../smtpd/aliases.c

../../smtpd/aliases.c: In function 'aliases_get':
../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table*userbase = NULL;
   ^~~~
../../smtpd/aliases.c: In function 'aliases_virtual_get':
../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not 
used [-Wunused-but-set-variable]

  struct table*userbase = NULL;
   ^~~~
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat 
-I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. 
-I/usr/include  -DSMTPD_CONFDIR=\"/opt/smptd/etc\" 
-DPATH_CHROOT=\"/opt/smptd/var/empty\" 
-DPATH_SMTPCTL=\"/opt/smptd/sbin/smtpctl\" 
-DPATH_MAILLOCAL=\"/opt/smptd/libexec/opensmtpd/mail.local\" 
-DPATH_LIBEXEC=\"/opt/smptd/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL 
-DCA_FILE=\"/etc/ssl/cert.pem\" -mtune=skylake -march=skylake 
-fomit-frame-pointer -O2 -pipe  -fPIC -DPIC -Wall 

Re: Virtual User handling

2019-09-02 Thread Ede Wolf

Hello Edgar,

thanks very much for your in depth reply and the effort you've put into it.

As for the "user" keyword, the way I understand this, it that it equals 
the "as" statement in the old version.


... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-

Does however not work as I imangined. I am currently trying to get 6.4.2 
up and running this week, see next thread.


Back to your reply: That catchall from your example in "@ catchall" is 
not a keyword, is it? But a local user accout?


> but some real user has to own the mailbox...

Care to explain, why is that? From my unknowledgable point of view, the 
mailbox handling should be done on the other side of the lmtpd socket. 
This misconception is at the very heart of my question.


The idea being that smtpd connects to the lmtp socket as user "nobody" 
(in my example) and delivers the mail to whatever is watining on the 
other side. So the only privileges required should be to connect to the 
socket, what in turn requires a system user.


Basically I am hoping to get the same behaviour for lmtp devilvery as 
for relay, where I can specify a mail-from list and it works like a 
charm, from a 6.5 installation:


action "relay" relay host smtp+notls://192.168.1.1:25
match mail-from  for domain "example.com" action "relay"

Maybe with 6.4.2p with will also work with lmtp. Will hopefully be able 
to test that later this week and report back



Thanks again

Ede


Am 31.08.19 um 19:14 schrieb Edgar Pettijohn:

On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote:

On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:

Hello,




Semi complete example at the bottom. I'll leave it to you to reverse translate
to the old syntax. I didn't notice till after I was done and am too lazy to
change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user'
keyword that can be used in an action:

  user username
  Specify the username for performing the delivery, to be
  looked up with getpwnam(3).

  This is used for virtual hosting where a single username
  is in charge of handling delivery for all virtual users.

  This option is not usable with the mbox delivery method.

Not sure if its available in whichever version you are using, but may make
things easier enough to warrant an upgrade.
  

While trying to learn opensmtpd, amongst other things I am struggeling with
the virtual user handling - for a non virtual domain setup.

 From what I have been able to understand so far it seems, as if there is no
way to deliver mails to a lmtp socket, if there is not at least some
reference/mapping to a system user?

accept from any for domain "example.com" recipient  alias 
deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody

where vusers contains:


vusers would need to be `key => value' pairs


b...@example.com


This is a list. More suitable for a vdomains table.



However, despite being listed in vusers, when trying to send a mail to bob,
it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
makes it work. But then I do not need the vusers table, so I am wondering,
is it possible to get along without the need for a system user?
Now the man page mentions a userbase parameter, and I assume, the according
table has to be in the format of the userinfo table mentioned in tables(5)?
What then effectively again refers to a system user - just with a mapping in
between.

My attempts with a single userlist instead so far either resulted in a
'invalid use of table "susers" as USERBASE parameter' or simply a syntax
error.

Is that assumption correct? Is there no way of keeping virtual users
completely off the system or did I get something terribly wrong? Even when
not using mbox/Maildir at all, where this requirement could make sense?



They are off the system, but some real user has to own the mailbox, etc...
  

And since user filtering will eventually be done at an earlier stage, I
would like smtpd to be able to unconditionally forward any mail unaltered
(except aliases) to the lmtp socket.

So, in addition to bob@example as for the tests com I would like to be able
to use *@example.com or just example.com to not do any user checking at all.
Depending on the syntax requirements.

Is it possible to deactivate the user checking one way or the other?


you could use a catchall

/etc/mail/vusers

@   catchall



Thanks for any insight or heads up on what I may have missed or
misunderstood.


Ede



groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m
chown -R vmail.vmail /var/vmail

/etc/mail/userinfo

bob 5000:5000:/var/vmail/bob

/etc/mail/vusers

b...@example.combob

/etc/mail/smtpd.conf snippet

action "a01" lmtp "/var/cyrus/lmtp" rcpt