Re: Virtual User handling
Hooray, I think I have it now. The lmtpd user was member of the goup "mail", that is required to access the socket, however, it was not it's primary group. Seems like opensmtpd does not like the non primary groups. I've changed this and it seems to work now - besides mary not having a mailbox, but that is on the other side of the socket and ok: b2e883cb2493b807 mda delivery evpid=bb707c97fa5b562b from= to= rcpt= user=lmtpd delay=2m40s result=TempFail stat=Error (temporary failure: "mail.lmtp: LMTP server error: 550-Mailbox unknown. Either there is no mailbox associated with this") What is still bite me, why the error changed from mail.lmtp: No such file or directoryconnect to mail.lmtp: Permission deniedconnect All that I can remember I've done was a restart (or poweron today, after I've powered off yesterday). Anyway, thanks to all for your time, support and hints. I'll silently try to figure out the cause for the change in the errormessage and then we may move on to filtering. Thanks very much again! Ede Am 08.09.19 um 17:22 schrieb Reio Remma: On 07.09.2019 12:53, Ede Wolf wrote: Excellent idea, however, the error stays the same. No change, despite copying the whole opensmtpd folder to /usr/local/libexec result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect") I purposefully mistyped the Dovecot LMTP socket in my config and got the same message. Sep 7 13:26:28 host smtpd[26873]: 7cde0d1cf207f8f3 mda delivery evpid=b96774ed55a5492e from=<> to=<> rcpt=<> user=3 delay=0s result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect") I suspect your problem is that there is no Cyrus LMTP listening in /run/cyrus/socket/lmtp: action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd Do you actually use Cyrus IMAP? Good luck, Reio
Re: Virtual User handling
> On 07.09.2019 12:53, Ede Wolf wrote: > Excellent idea, however, the error stays the same. No change, despite copying > the whole opensmtpd folder to /usr/local/libexec > > result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or > directoryconnect") I purposefully mistyped the Dovecot LMTP socket in my config and got the same message. Sep 7 13:26:28 host smtpd[26873]: 7cde0d1cf207f8f3 mda delivery evpid=b96774ed55a5492e from=<> to=<> rcpt=<> user=3 delay=0s result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect") I suspect your problem is that there is no Cyrus LMTP listening in /run/cyrus/socket/lmtp: action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd Do you actually use Cyrus IMAP? Good luck, Reio
Re: Virtual User handling
https://manpages.debian.org/testing/cyrus-common/cyrus-lmtpd.8.en.html Sorry. Great idea, but AFAIK the cyrus lmtpd is activated on demand by the cyrus master process. But I can verify, that either the unix- or the tcp socket are there. And the unix socket is writeable by the opensmtpd lmtpd user. Additionally, I believe the error message from smtpd to be pretty clear about mail.lmtp not being found. But of course, as this may be a follow up error, I will try to verify the lmtp socket with postfix. Thanks Ede
Re: Virtual User handling
On Sep 8, 2019 7:58 AM, Ede Wolf wrote: > > > > > > > > Looks like lmtpd isn't running. > > > > Not sure wether there is such a thing as a lmtpd service? lmtpd is the > name of the user, that is supposed to connect to the socket. > > A bit unlucky naming maybe, but the "d" stands for deliver, not daemon. > > But may I am missing something else > https://manpages.debian.org/testing/cyrus-common/cyrus-lmtpd.8.en.html
Re: Virtual User handling
Looks like lmtpd isn't running. Not sure wether there is such a thing as a lmtpd service? lmtpd is the name of the user, that is supposed to connect to the socket. A bit unlucky naming maybe, but the "d" stands for deliver, not daemon. But may I am missing something else
Re: Virtual User handling
On Sat, Sep 07, 2019 at 11:53:58AM +0200, Ede Wolf wrote:
> > > So it is a binary, thats useful information. Having specified /opt/smtpd
> > > as prefix during ./configure, it is located here:
> > >
> > > /opt/smptd/libexec/opensmtpd/mail.lmtp
> > >
> >
> > Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build
> > tools bug.
> >
>
> Excellent idea, however, the error stays the same. No change, despite
> copying the whole opensmtpd folder to /usr/local/libexec
>
>
> Even strace does not reveal the path it is looking for:
>
>
> expand: 0x56284c3f4338: expand_insert() called for
> address:m...@example.com[parent=(nil), rule=(nil)]
> expand: 0x56284c3f4338: inserted node 0x56284c3f6030
> expand: lka_expand: address: m...@example.com [depth=0]
> lookup: match "37.120.186.114" as NETADDR in table static: -> true
> lookup: match "example.com" as DOMAIN in table static: -> true
> rule #1 matched: match from any for domain action deliver
> lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "mary" as ALIAS in table static:vusers -> none
> lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56284c3f3b10: expand_insert() called for
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56284c3f3b10: inserted node 0x56284c3f6590
> expand: 0x56284c3f4338: expand_insert() called for
> username:lmtpd[parent=0x56284c3f6030, rule=0x56284c403e50,
> dispatcher=0x56284c405750]
> expand: 0x56284c3f4338: inserted node 0x56284c3f6af0
> expand: 0x56284c3f3b10: clearing expand tree
> expand: 0x56284c3f3b10: freeing expand tree
> debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
> lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
> lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56284c3ed110: expand_insert() called for
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56284c3ed110: inserted node 0x56284c3f6590
> expand: 0x56284c3f4338: expand_insert() called for
> username:lmtpd[parent=0x56284c3f6af0, rule=0x56284c403e50,
> dispatcher=0x56284c405750]
> expand: 0x56284c3f4338: setting sameuser = 1
> expand: 0x56284c3f4338: inserted node 0x56284c3f7050
> expand: 0x56284c3ed110: clearing expand tree
> expand: 0x56284c3ed110: freeing expand tree
> debug: aliases_virtual_get: '@' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
> "115:115:/opt/smptd/var/lmtpd"
> [{EPOLLIN, {u32=6, u64=6}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
> close(12) = 0
> close(13) = 0
> recvmsg(6, {msg_name=NULL, msg_namelen=0,
> msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\237\25\0\0[\300\213\3725\333\374!\0lmtpd\0\0"...,
> iov_len=65535}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
> stat("/opt/smptd/var/lmtpd", {st_mode=S_IFDIR
> openat(AT_FDCWD, "/opt/smptd/var/lmtpd/.forward", O_RDONLY
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e5fdc) = 0
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN
> epoll_wait(3, [{EPOLLOUT, {u32=6, u64=6}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
> sendmsg(6, {msg_name=NULL, msg_namelen=0,
> msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\234\25\0\0[\300\213\3725\333\374!\1lmtpd\0\0"...,
> iov_len=4392}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=6, u64=6}}expand: no forward
> for user lmtpd, just deliver
> ) = 0
> epoll_wait(3, expand: 0x56284c3f4338: clearing expand tree
> smtp: 0x564267537b60: fd 14 from queue
> smtp: 0x564267537b60: message fd 14
> smtp: 0x564267537b60: message begin
> debug: 0x564267537b60: end of message, error=0
> 21fcdb35fa8bc05b smtp message msgid=22c2f515 size=245 nrcpt=1 proto=ESMTP
> 21fcdb35fa8bc05b smtp envelope evpid=22c2f5151c4decec
> from= to=
> debug: scheduler: evp:22c2f5151c4decec scheduled (mda)
> mda: new user 21fcdb36b331cade for ":lmtpd" delivering as "lmtpd"
> debug: lka: userinfo :lmtpd
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
> "115:115:/opt/smptd/var/lmtpd"
> debug: mda: new session 21fcdb37f01f7374 for user ":lmtpd" evpid
> 22c2f5151c4decec
> debug: mda: no more envelope for ":lmtpd"
> debug: mda: got message fd 14 for session 21fcdb37f01f7374 evpid
> 22c2f5151c4decec
> debug: mda: querying mda fd for session 21fcdb37f01f7374 evpid
> 22c2f5151c4decec
> [{EPOLLIN, {u32=7, u64=7}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 7, 0x7ffeb16e607c) = 0
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) =
Re: Virtual User handling
So it is a binary, thats useful information. Having specified /opt/smtpd
as prefix during ./configure, it is located here:
/opt/smptd/libexec/opensmtpd/mail.lmtp
Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build
tools bug.
Excellent idea, however, the error stays the same. No change, despite
copying the whole opensmtpd folder to /usr/local/libexec
Even strace does not reveal the path it is looking for:
expand: 0x56284c3f4338: expand_insert() called for
address:m...@example.com[parent=(nil), rule=(nil)]
expand: 0x56284c3f4338: inserted node 0x56284c3f6030
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "37.120.186.114" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3f3b10: expand_insert() called for
username:lmtpd[parent=(nil), rule=(nil)]
expand: 0x56284c3f3b10: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for
username:lmtpd[parent=0x56284c3f6030, rule=0x56284c403e50,
dispatcher=0x56284c405750]
expand: 0x56284c3f4338: inserted node 0x56284c3f6af0
expand: 0x56284c3f3b10: clearing expand tree
expand: 0x56284c3f3b10: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3ed110: expand_insert() called for
username:lmtpd[parent=(nil), rule=(nil)]
expand: 0x56284c3ed110: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for
username:lmtpd[parent=0x56284c3f6af0, rule=0x56284c403e50,
dispatcher=0x56284c405750]
expand: 0x56284c3f4338: setting sameuser = 1
expand: 0x56284c3f4338: inserted node 0x56284c3f7050
expand: 0x56284c3ed110: clearing expand tree
expand: 0x56284c3ed110: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
"115:115:/opt/smptd/var/lmtpd"
[{EPOLLIN, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12) = 0
close(13) = 0
recvmsg(6, {msg_name=NULL, msg_namelen=0,
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\237\25\0\0[\300\213\3725\333\374!\0lmtpd\0\0"...,
iov_len=65535}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
stat("/opt/smptd/var/lmtpd", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
openat(AT_FDCWD, "/opt/smptd/var/lmtpd/.forward",
O_RDONLY|O_NONBLOCK|O_NOFOLLOW) = -1 ENOENT (No such file or directory)
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e5fdc) = 0
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_wait(3, [{EPOLLOUT, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
sendmsg(6, {msg_name=NULL, msg_namelen=0,
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\234\25\0\0[\300\213\3725\333\374!\1lmtpd\0\0"...,
iov_len=4392}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=6, u64=6}}expand: no
.forward for user lmtpd, just deliver
) = 0
epoll_wait(3, expand: 0x56284c3f4338: clearing expand tree
smtp: 0x564267537b60: fd 14 from queue
smtp: 0x564267537b60: message fd 14
smtp: 0x564267537b60: message begin
debug: 0x564267537b60: end of message, error=0
21fcdb35fa8bc05b smtp message msgid=22c2f515 size=245 nrcpt=1 proto=ESMTP
21fcdb35fa8bc05b smtp envelope evpid=22c2f5151c4decec
from= to=
debug: scheduler: evp:22c2f5151c4decec scheduled (mda)
mda: new user 21fcdb36b331cade for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 21fcdb37f01f7374 for user ":lmtpd"
evpid 22c2f5151c4decec
debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 21fcdb37f01f7374 evpid
22c2f5151c4decec
debug: mda: querying mda fd for session 21fcdb37f01f7374 evpid
22c2f5151c4decec
[{EPOLLIN, {u32=7, u64=7}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 7, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12) = 0
close(13) = 0
recvmsg(7, {
Re: Virtual User handling
On Sep 6, 2019 12:40 PM, Ede Wolf wrote: > > Am 06.09.19 um 18:59 schrieb Edgar Pettijohn: > > Sounds like the mail.lmtp program is missing or not where it belongs. > > Should live somewhere in /usr/local/libexec. Find it and let us know where > > it is and somebody can probably tell you where it needs to be. Or it just > > didn't get built for some reason. > > So it is a binary, thats useful information. Having specified /opt/smtpd > as prefix during ./configure, it is located here: > > /opt/smptd/libexec/opensmtpd/mail.lmtp > Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build tools bug. > Since libexec is usually not path aynway, I wonder, how to make smtpd > recognize it, if --prefix is not honored? > > > > Your copy is apparently different from mine. > > > Nope. I've cited smtpd.conf (from the opensmtpd homepage), you have > looked into tables. Since userbase is the only location I've come along > that uses the userinfo table, I've went with the attribute, not the > argument. > Agreed. Must be a bug in the documentation or the daemon. My bet is the manual is wrong. Edgar > Thanks again for helping out! > > Ede >
Re: Virtual User handling
Am 06.09.19 um 18:59 schrieb Edgar Pettijohn: Sounds like the mail.lmtp program is missing or not where it belongs. Should live somewhere in /usr/local/libexec. Find it and let us know where it is and somebody can probably tell you where it needs to be. Or it just didn't get built for some reason. So it is a binary, thats useful information. Having specified /opt/smtpd as prefix during ./configure, it is located here: /opt/smptd/libexec/opensmtpd/mail.lmtp Since libexec is usually not path aynway, I wonder, how to make smtpd recognize it, if --prefix is not honored? > Your copy is apparently different from mine. Nope. I've cited smtpd.conf (from the opensmtpd homepage), you have looked into tables. Since userbase is the only location I've come along that uses the userinfo table, I've went with the attribute, not the argument. Thanks again for helping out! Ede
Re: Virtual User handling
On Sep 6, 2019 10:46 AM, Ede Wolf wrote: > > > > Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD > > is translating the aliases and which rules it's matching etc. > > This is a really helpful command. Maybe using that I can be a bit more > precise in defining my confusion. > > My simple setup, git pulled and build yesterday: > > > action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd > match from any for domain "example.com" rcpt-to action deliver > > > With "musers" only containing good ole b...@example.com and "lmtpd" being > a regular system user. Bob is not known to the system. And shall not. > > Now, the man page reads: > > user username > Specify the username for performing the delivery, to be looked up with > getpwnam(3). > > and: > > userbase > Use the mapping table for user lookups instead of the getpwnam(3) function. > ->The userbase does not apply for the user option.<- > Your copy is apparently different from mine. Userinfo tables User info tables are used in rule context to specify an alternate user base, mapping virtual users to local system users by UID, GID and home directory. action name method userbase A userinfo table looks as follows: joe 1000:100:/home/virtual/joe jack 1000:100:/home/virtual/jack In this example, both joe and jack are virtual users mapped to the local system user with UID 1000 and GID 100, but different home directories. These directories may contain a forward(5) file. This can be used in conjunction with an alias table that maps an email address or the domain part to the desired virtual username. For example: j...@example.org joe j...@example.com jack It has to map to a system user. If you want it to be lmtpd just replace the 1000:100 above with lmtpds uid:gid > So my "user" attribute is lmtpd, a regular system user. But: > > af0267593be5b0a1 smtp connected address= > expand: 0x5598b9f68328: expand_insert() called for > address:b...@example.com[parent=(nil), rule=(nil)] > expand: 0x5598b9f68328: inserted node 0x5598b9f6a020 > expand: lka_expand: address: b...@example.com [depth=0] > lookup: match "1.2.3.4" as NETADDR in table static: -> true > lookup: match "example.com" as DOMAIN in table static: -> true > lookup: match "b...@example.com" as MAILADDR in table static:musers -> true > rule #1 matched: match from any for domain rcpt-to musers > action deliver > expand: 0x5598b9f68328: expand_insert() called for > username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, > dispatcher=0x5598b9f79750] > expand: 0x5598b9f68328: inserted node 0x5598b9f6a580 > > expand: lka_expand: username: bob [depth=1, sameuser=0] > lookup: lookup "bob" as USERINFO in table getpwnam: -> none > expand: lka_expand: user-part does not match system user > expand: 0x5598b9f68328: clearing expand tree > af0267593be5b0a1 smtp failed-command command="RCPT TO:" > result="550 Invalid recipient: " > > The problem is obviously: "lookup "bob" as USERINFO in table > getpwnam: -> none" > > > > Now the local delivery should be done with the user lmtpd, why is user > "bob" then looked up at all via USERINFO getpwman, instead of lmtpd, > when userinfo shall not be used with the "user" attribute. > > Wether "userbase" is invoked via getpwnam or a USERINFO table, should > make no difference? It should not be used, when the "user" attribute is > being used? > > Automagically I should add, I have not defined the userbase parameter > anywhere in my config. > > Hopefully I've been able to narrow down my lack of comprehention. There > is something in the manpage I get wrong. > > Thanks > > Ede >
Re: Virtual User handling
Sounds like the mail.lmtp program is missing or not where it belongs. Should live somewhere in /usr/local/libexec. Find it and let us know where it is and somebody can probably tell you where it needs to be. Or it just didn't get built for some reason. Edgar On Sep 6, 2019 11:40 AM, Ede Wolf wrote: > > Side note. While I would still like to understand, what I am > misunderstanding, practically, I've had some more success with using a > virtual catchall table, as recommended before by Edgar. However, there > is still one local error I do not yet comprehend: > > "Error being: stat=Error (temporary failure: "mail.lmtp: No such file or > directoryconnect")" > > And I am not sure, what is smtpd looking for or missing exactly? It > likey has to do with me using non standard paths, but that again may be > helpful for understanding. > > action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual > user lmtpd > match from any for domain "example.com" action deliver > > with vusers reading: > @ lmtpd > > > Here is a more complete log: > > > 2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net > expand: 0x56169b994348: expand_insert() called for > address:m...@example.com[parent=(nil), rule=(nil)] > expand: 0x56169b994348: inserted node 0x56169b996040 > expand: lka_expand: address: m...@example.com [depth=0] > lookup: match "1.2.3.4" as NETADDR in table static: -> true > lookup: match "example.com" as DOMAIN in table static: -> true > rule #1 matched: match from any for domain action deliver > lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none > lookup: lookup "mary" as ALIAS in table static:vusers -> none > lookup: lookup "@example.com" as ALIAS in table static:vusers -> none > lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd" > expand: 0x56169b993b40: expand_insert() called for > username:lmtpd[parent=(nil), rule=(nil)] > expand: 0x56169b993b40: inserted node 0x56169b9965a0 > expand: 0x56169b994348: expand_insert() called for > username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, > dispatcher=0x56169b9a5780] > expand: 0x56169b994348: inserted node 0x56169b996b00 > expand: 0x56169b993b40: clearing expand tree > expand: 0x56169b993b40: freeing expand tree > debug: aliases_virtual_get: '@example.com' resolved to 1 nodes > expand: lka_expand: username: lmtpd [depth=1, sameuser=0] > lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none > lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none > lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd" > expand: 0x56169b98d140: expand_insert() called for > username:lmtpd[parent=(nil), rule=(nil)] > expand: 0x56169b98d140: inserted node 0x56169b9965a0 > expand: 0x56169b994348: expand_insert() called for > username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, > dispatcher=0x56169b9a5780] > expand: 0x56169b994348: setting sameuser = 1 > expand: 0x56169b994348: inserted node 0x56169b997060 > expand: 0x56169b98d140: clearing expand tree > expand: 0x56169b98d140: freeing expand tree > debug: aliases_virtual_get: '@' resolved to 1 nodes > expand: lka_expand: username: lmtpd [depth=2, sameuser=1] > lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> > "115:115:/opt/smptd/var/lmtpd" > expand: no .forward for user lmtpd, just deliver > expand: 0x56169b994348: clearing expand tree > smtp: 0x56047ce92b90: fd 14 from queue > smtp: 0x56047ce92b90: message fd 14 > smtp: 0x56047ce92b90: message begin > debug: 0x56047ce92b90: end of message, error=0 > 2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP > 2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 > from= to= > debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda) > mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd" > debug: lka: userinfo :lmtpd > lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> > "115:115:/opt/smptd/var/lmtpd" > debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" > evpid fd6b9892d5ac7196 > debug: mda: no more envelope for ":lmtpd" > debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid > fd6b9892d5ac7196 > debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid > fd6b9892d5ac7196 > debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd > debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid > fd6b9892d5ac7196 > debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 > debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid > fd6b9892d5ac7196 > debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited > abnormally > 2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 > from= to= rcpt= > user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: > "mail.lmtp: No such file or directoryconnect") > debug: mda: session 2c4cbc6e7f005bc1 done > debug: mda: user "lmtpd" becomes runnable > debug: mda: all done for user ":lmtpd" > > > > Am 06.09.19 um 17:46 sc
Re: Virtual User handling
Side note. While I would still like to understand, what I am misunderstanding, practically, I've had some more success with using a virtual catchall table, as recommended before by Edgar. However, there is still one local error I do not yet comprehend: "Error being: stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect")" And I am not sure, what is smtpd looking for or missing exactly? It likey has to do with me using non standard paths, but that again may be helpful for understanding. action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual user lmtpd match from any for domain "example.com" action deliver with vusers reading: @ lmtpd Here is a more complete log: 2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net expand: 0x56169b994348: expand_insert() called for address:m...@example.com[parent=(nil), rule=(nil)] expand: 0x56169b994348: inserted node 0x56169b996040 expand: lka_expand: address: m...@example.com [depth=0] lookup: match "1.2.3.4" as NETADDR in table static: -> true lookup: match "example.com" as DOMAIN in table static: -> true rule #1 matched: match from any for domain action deliver lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none lookup: lookup "mary" as ALIAS in table static:vusers -> none lookup: lookup "@example.com" as ALIAS in table static:vusers -> none lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd" expand: 0x56169b993b40: expand_insert() called for username:lmtpd[parent=(nil), rule=(nil)] expand: 0x56169b993b40: inserted node 0x56169b9965a0 expand: 0x56169b994348: expand_insert() called for username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, dispatcher=0x56169b9a5780] expand: 0x56169b994348: inserted node 0x56169b996b00 expand: 0x56169b993b40: clearing expand tree expand: 0x56169b993b40: freeing expand tree debug: aliases_virtual_get: '@example.com' resolved to 1 nodes expand: lka_expand: username: lmtpd [depth=1, sameuser=0] lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd" expand: 0x56169b98d140: expand_insert() called for username:lmtpd[parent=(nil), rule=(nil)] expand: 0x56169b98d140: inserted node 0x56169b9965a0 expand: 0x56169b994348: expand_insert() called for username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, dispatcher=0x56169b9a5780] expand: 0x56169b994348: setting sameuser = 1 expand: 0x56169b994348: inserted node 0x56169b997060 expand: 0x56169b98d140: clearing expand tree expand: 0x56169b98d140: freeing expand tree debug: aliases_virtual_get: '@' resolved to 1 nodes expand: lka_expand: username: lmtpd [depth=2, sameuser=1] lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> "115:115:/opt/smptd/var/lmtpd" expand: no .forward for user lmtpd, just deliver expand: 0x56169b994348: clearing expand tree smtp: 0x56047ce92b90: fd 14 from queue smtp: 0x56047ce92b90: message fd 14 smtp: 0x56047ce92b90: message begin debug: 0x56047ce92b90: end of message, error=0 2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP 2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 from= to= debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda) mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd" debug: lka: userinfo :lmtpd lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> "115:115:/opt/smptd/var/lmtpd" debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" evpid fd6b9892d5ac7196 debug: mda: no more envelope for ":lmtpd" debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196 debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited abnormally 2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 from= to= rcpt= user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect") debug: mda: session 2c4cbc6e7f005bc1 done debug: mda: user "lmtpd" becomes runnable debug: mda: all done for user ":lmtpd" Am 06.09.19 um 17:46 schrieb Ede Wolf: Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD is translating the aliases and which rules it's matching etc. This is a really helpful command. Maybe using that I can be a bit more precise in defining my confusion. My simple setup, git pulled and build yesterday: action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd match from any for domain "example.com" rcpt-to action deliver With "musers" only containing good ole b
Re: Virtual User handling
Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD is translating the aliases and which rules it's matching etc. This is a really helpful command. Maybe using that I can be a bit more precise in defining my confusion. My simple setup, git pulled and build yesterday: action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd match from any for domain "example.com" rcpt-to action deliver With "musers" only containing good ole b...@example.com and "lmtpd" being a regular system user. Bob is not known to the system. And shall not. Now, the man page reads: user username Specify the username for performing the delivery, to be looked up with getpwnam(3). and: userbase Use the mapping table for user lookups instead of the getpwnam(3) function. ->The userbase does not apply for the user option.<- So my "user" attribute is lmtpd, a regular system user. But: af0267593be5b0a1 smtp connected address= expand: 0x5598b9f68328: expand_insert() called for address:b...@example.com[parent=(nil), rule=(nil)] expand: 0x5598b9f68328: inserted node 0x5598b9f6a020 expand: lka_expand: address: b...@example.com [depth=0] lookup: match "1.2.3.4" as NETADDR in table static: -> true lookup: match "example.com" as DOMAIN in table static: -> true lookup: match "b...@example.com" as MAILADDR in table static:musers -> true rule #1 matched: match from any for domain rcpt-to musers action deliver expand: 0x5598b9f68328: expand_insert() called for username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, dispatcher=0x5598b9f79750] expand: 0x5598b9f68328: inserted node 0x5598b9f6a580 expand: lka_expand: username: bob [depth=1, sameuser=0] lookup: lookup "bob" as USERINFO in table getpwnam: -> none expand: lka_expand: user-part does not match system user expand: 0x5598b9f68328: clearing expand tree af0267593be5b0a1 smtp failed-command command="RCPT TO:" result="550 Invalid recipient: " The problem is obviously: "lookup "bob" as USERINFO in table getpwnam: -> none" Now the local delivery should be done with the user lmtpd, why is user "bob" then looked up at all via USERINFO getpwman, instead of lmtpd, when userinfo shall not be used with the "user" attribute. Wether "userbase" is invoked via getpwnam or a USERINFO table, should make no difference? It should not be used, when the "user" attribute is being used? Automagically I should add, I have not defined the userbase parameter anywhere in my config. Hopefully I've been able to narrow down my lack of comprehention. There is something in the manpage I get wrong. Thanks Ede
Re: Virtual User handling
On Sep 2, 2019 3:18 AM, Reio Remma wrote: > > On 02/09/2019 10:35, Ede Wolf wrote: > > Hello Edgar, > > > > thanks very much for your in depth reply and the effort you've put > > into it. > > > > As for the "user" keyword, the way I understand this, it that it > > equals the "as" statement in the old version. > > > > ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- > > I'm using multiple virtual domains myself and delivering to Dovecot via > LMTP with no user parameter. I _suspect_ it's more useful when you let > OpenSMTPD to deliver straight to mailboxes. > > > Back to your reply: That catchall from your example in "@ catchall" is > > not a keyword, is it? But a local user accout? > > @example.com need to be aliased to a real mail account to receive all these. > > > > but some real user has to own the mailbox... > > When smtpd goes looking for a . forward file it gets mad if there isn't a mailbox to look in. :) > > Care to explain, why is that? From my unknowledgable point of view, > > the mailbox handling should be done on the other side of the lmtpd > > socket. This misconception is at the very heart of my question. > > Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD > is translating the aliases and which rules it's matching etc. > > Good luck, > Reio > >
Re: Virtual User handling
On 30/08/2019 18:00, Ede Wolf wrote:
Hello,
While trying to learn opensmtpd, amongst other things I am struggeling
with the virtual user handling - for a non virtual domain setup.
From what I have been able to understand so far it seems, as if there
is no way to deliver mails to a lmtp socket, if there is not at least
some reference/mapping to a system user?
accept from any for domain "example.com" recipient alias
deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody
where vusers contains:
b...@example.com
However, despite being listed in vusers, when trying to send a mail to
bob, it gets rejected with "550 Invalid recipient". Creating a
systemuser "bob" makes it work. But then I do not need the vusers
table, so I am wondering, is it possible to get along without the need
for a system user?
Now the man page mentions a userbase parameter, and I assume, the
according table has to be in the format of the userinfo table
mentioned in tables(5)?
What then effectively again refers to a system user - just with a
mapping in between.
For virtual aliases you need to have a mapping of a virtual address to a
user:
table vusers { b...@example.com = bob }
You might try this:
accept from any for domain "example.com" virtual deliver to
lmtp "/run/cyrus/lmtp" rcpt-to
The userbase parameter is handy if you deliver to mailboxes straight
from OpenSMTPD or you want OpenSMTPD to read the users .forward files:
table userinfo { bob = 5000:5000:/var/mail/example.com/bob }
accept from any for domain "example.com" virtual userbase
deliver to lmtp "/run/cyrus/lmtp" rcpt-to
Good luck,
Reio
Re: Virtual User handling
On 02/09/2019 10:35, Ede Wolf wrote: Hello Edgar, thanks very much for your in depth reply and the effort you've put into it. As for the "user" keyword, the way I understand this, it that it equals the "as" statement in the old version. ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- I'm using multiple virtual domains myself and delivering to Dovecot via LMTP with no user parameter. I _suspect_ it's more useful when you let OpenSMTPD to deliver straight to mailboxes. Back to your reply: That catchall from your example in "@ catchall" is not a keyword, is it? But a local user accout? @example.com need to be aliased to a real mail account to receive all these. > but some real user has to own the mailbox... Care to explain, why is that? From my unknowledgable point of view, the mailbox handling should be done on the other side of the lmtpd socket. This misconception is at the very heart of my question. Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD is translating the aliases and which rules it's matching etc. Good luck, Reio
Re: Virtual User handling
Hello Edgar, thanks very much for your in depth reply and the effort you've put into it. As for the "user" keyword, the way I understand this, it that it equals the "as" statement in the old version. ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<- Does however not work as I imangined. I am currently trying to get 6.4.2 up and running this week, see next thread. Back to your reply: That catchall from your example in "@ catchall" is not a keyword, is it? But a local user accout? > but some real user has to own the mailbox... Care to explain, why is that? From my unknowledgable point of view, the mailbox handling should be done on the other side of the lmtpd socket. This misconception is at the very heart of my question. The idea being that smtpd connects to the lmtp socket as user "nobody" (in my example) and delivers the mail to whatever is watining on the other side. So the only privileges required should be to connect to the socket, what in turn requires a system user. Basically I am hoping to get the same behaviour for lmtp devilvery as for relay, where I can specify a mail-from list and it works like a charm, from a 6.5 installation: action "relay" relay host smtp+notls://192.168.1.1:25 match mail-from for domain "example.com" action "relay" Maybe with 6.4.2p with will also work with lmtp. Will hopefully be able to test that later this week and report back Thanks again Ede Am 31.08.19 um 19:14 schrieb Edgar Pettijohn: On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote: On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote: Hello, Semi complete example at the bottom. I'll leave it to you to reverse translate to the old syntax. I didn't notice till after I was done and am too lazy to change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' keyword that can be used in an action: user username Specify the username for performing the delivery, to be looked up with getpwnam(3). This is used for virtual hosting where a single username is in charge of handling delivery for all virtual users. This option is not usable with the mbox delivery method. Not sure if its available in whichever version you are using, but may make things easier enough to warrant an upgrade. While trying to learn opensmtpd, amongst other things I am struggeling with the virtual user handling - for a non virtual domain setup. From what I have been able to understand so far it seems, as if there is no way to deliver mails to a lmtp socket, if there is not at least some reference/mapping to a system user? accept from any for domain "example.com" recipient alias deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody where vusers contains: vusers would need to be `key => value' pairs b...@example.com This is a list. More suitable for a vdomains table. However, despite being listed in vusers, when trying to send a mail to bob, it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" makes it work. But then I do not need the vusers table, so I am wondering, is it possible to get along without the need for a system user? Now the man page mentions a userbase parameter, and I assume, the according table has to be in the format of the userinfo table mentioned in tables(5)? What then effectively again refers to a system user - just with a mapping in between. My attempts with a single userlist instead so far either resulted in a 'invalid use of table "susers" as USERBASE parameter' or simply a syntax error. Is that assumption correct? Is there no way of keeping virtual users completely off the system or did I get something terribly wrong? Even when not using mbox/Maildir at all, where this requirement could make sense? They are off the system, but some real user has to own the mailbox, etc... And since user filtering will eventually be done at an earlier stage, I would like smtpd to be able to unconditionally forward any mail unaltered (except aliases) to the lmtp socket. So, in addition to bob@example as for the tests com I would like to be able to use *@example.com or just example.com to not do any user checking at all. Depending on the syntax requirements. Is it possible to deactivate the user checking one way or the other? you could use a catchall /etc/mail/vusers @ catchall Thanks for any insight or heads up on what I may have missed or misunderstood. Ede groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/vmail -m chown -R vmail.vmail /var/vmail /etc/mail/userinfo bob 5000:5000:/var/vmail/bob /etc/mail/vusers b...@example.combob /etc/mail/smtpd.conf snippet action "a01" lmtp &
Re: Virtual User handling
On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote: > On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote: > > Hello, > > > > > > Semi complete example at the bottom. I'll leave it to you to reverse translate > to the old syntax. I didn't notice till after I was done and am too lazy to > change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' > keyword that can be used in an action: > > user username > Specify the username for performing the delivery, to be > looked up with getpwnam(3). > > This is used for virtual hosting where a single username > is in charge of handling delivery for all virtual users. > > This option is not usable with the mbox delivery method. > > Not sure if its available in whichever version you are using, but may make > things easier enough to warrant an upgrade. > > > While trying to learn opensmtpd, amongst other things I am struggeling with > > the virtual user handling - for a non virtual domain setup. > > > > From what I have been able to understand so far it seems, as if there is no > > way to deliver mails to a lmtp socket, if there is not at least some > > reference/mapping to a system user? > > > > accept from any for domain "example.com" recipient alias > > deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody > > > > where vusers contains: > > vusers would need to be `key => value' pairs > > > b...@example.com > > This is a list. More suitable for a vdomains table. > > > > > However, despite being listed in vusers, when trying to send a mail to bob, > > it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" > > makes it work. But then I do not need the vusers table, so I am wondering, > > is it possible to get along without the need for a system user? > > Now the man page mentions a userbase parameter, and I assume, the according > > table has to be in the format of the userinfo table mentioned in tables(5)? > > What then effectively again refers to a system user - just with a mapping in > > between. > > > > My attempts with a single userlist instead so far either resulted in a > > 'invalid use of table "susers" as USERBASE parameter' or simply a syntax > > error. > > > > Is that assumption correct? Is there no way of keeping virtual users > > completely off the system or did I get something terribly wrong? Even when > > not using mbox/Maildir at all, where this requirement could make sense? > > > > They are off the system, but some real user has to own the mailbox, etc... > > > And since user filtering will eventually be done at an earlier stage, I > > would like smtpd to be able to unconditionally forward any mail unaltered > > (except aliases) to the lmtp socket. > > > > So, in addition to bob@example as for the tests com I would like to be able > > to use *@example.com or just example.com to not do any user checking at all. > > Depending on the syntax requirements. > > > > Is it possible to deactivate the user checking one way or the other? > > you could use a catchall > > /etc/mail/vusers > > @ catchall > > > > > Thanks for any insight or heads up on what I may have missed or > > misunderstood. > > > > > > Ede > > > > groupadd -g 5000 vmail > useradd -g vmail -u 5000 vmail -d /var/vmail -m > chown -R vmail.vmail /var/vmail > > /etc/mail/userinfo > > bob 5000:5000:/var/vmail/bob > > /etc/mail/vusers > > b...@example.com bob > > /etc/mail/smtpd.conf snippet > > action "a01" lmtp "/var/cyrus/lmtp" rcpt-to userbase virtual > > # may need to finesse the above. I'm not using cyrus or userbase table, so > not 100 percent > # sure if it will work as is. > > match from all for domain action "a01" Another option (that I use): /etc/mail/vusers b...@example.comvmail action "a01" lmtp "/var/cyrus/lmtp" rcpt-to virtual match from all for domain action "a01" No need for the userbase. I'm not really sure where a userbase table comes into play. Maybe someone out there using it can provide an example use case. > > it sorta works... > deathstar$ telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 deathstar.my.domain ESMTP OpenSMTPD > ehlo p.com > 2
Re: Virtual User handling
On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote: > Hello, > > Semi complete example at the bottom. I'll leave it to you to reverse translate to the old syntax. I didn't notice till after I was done and am too lazy to change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' keyword that can be used in an action: user username Specify the username for performing the delivery, to be looked up with getpwnam(3). This is used for virtual hosting where a single username is in charge of handling delivery for all virtual users. This option is not usable with the mbox delivery method. Not sure if its available in whichever version you are using, but may make things easier enough to warrant an upgrade. > While trying to learn opensmtpd, amongst other things I am struggeling with > the virtual user handling - for a non virtual domain setup. > > From what I have been able to understand so far it seems, as if there is no > way to deliver mails to a lmtp socket, if there is not at least some > reference/mapping to a system user? > > accept from any for domain "example.com" recipient alias > deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody > > where vusers contains: vusers would need to be `key => value' pairs > b...@example.com This is a list. More suitable for a vdomains table. > > However, despite being listed in vusers, when trying to send a mail to bob, > it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" > makes it work. But then I do not need the vusers table, so I am wondering, > is it possible to get along without the need for a system user? > Now the man page mentions a userbase parameter, and I assume, the according > table has to be in the format of the userinfo table mentioned in tables(5)? > What then effectively again refers to a system user - just with a mapping in > between. > > My attempts with a single userlist instead so far either resulted in a > 'invalid use of table "susers" as USERBASE parameter' or simply a syntax > error. > > Is that assumption correct? Is there no way of keeping virtual users > completely off the system or did I get something terribly wrong? Even when > not using mbox/Maildir at all, where this requirement could make sense? > They are off the system, but some real user has to own the mailbox, etc... > And since user filtering will eventually be done at an earlier stage, I > would like smtpd to be able to unconditionally forward any mail unaltered > (except aliases) to the lmtp socket. > > So, in addition to bob@example as for the tests com I would like to be able > to use *@example.com or just example.com to not do any user checking at all. > Depending on the syntax requirements. > > Is it possible to deactivate the user checking one way or the other? you could use a catchall /etc/mail/vusers @ catchall > > Thanks for any insight or heads up on what I may have missed or > misunderstood. > > > Ede > groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/vmail -m chown -R vmail.vmail /var/vmail /etc/mail/userinfo bob 5000:5000:/var/vmail/bob /etc/mail/vusers b...@example.combob /etc/mail/smtpd.conf snippet action "a01" lmtp "/var/cyrus/lmtp" rcpt-to userbase virtual # may need to finesse the above. I'm not using cyrus or userbase table, so not 100 percent # sure if it will work as is. match from all for domain action "a01" it sorta works... deathstar$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 deathstar.my.domain ESMTP OpenSMTPD ehlo p.com 250-deathstar.my.domain Hello p.com [127.0.0.1], pleased to meet you 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 36700160 250-DSN 250 HELP mail from: 250 2.0.0 Ok rcpt to: 250 2.1.5 Destination address valid: Recipient ok data 354 Enter mail, end with "." on a line by itself to: u from: me hi bob. . 250 2.0.0 0a7d910f Message accepted for delivery a19e5552f2afe6dc smtp connected address=127.0.0.1 host=localhost debug: aliases_virtual_get: 'bob' resolved to 1 nodes debug: aliases_virtual_get: 'bob' resolved to 1 nodes warn: smtpd: parent_forward_open: /var/mail/bob: No such file or directory smtp: 0x1903053fd000: fd 13 from queue smtp: 0x1903053fd000: message fd 13 smtp: 0x1903053fd000: message begin debug: 0x19034b71f000: adding Date debug: 0x19034b71f000: adding Message-ID debug: 0x1903053fd000: end of message, error=0 a19e5552f2afe6dc smtp message msgid=0a7d910f size=335 nrcpt=1 proto=ESMTP a19e5552f2afe6dc smtp envelope evpid=0a7d910fa2469b23 from= t
Virtual User handling
Hello, While trying to learn opensmtpd, amongst other things I am struggeling with the virtual user handling - for a non virtual domain setup. From what I have been able to understand so far it seems, as if there is no way to deliver mails to a lmtp socket, if there is not at least some reference/mapping to a system user? accept from any for domain "example.com" recipient alias deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody where vusers contains: b...@example.com However, despite being listed in vusers, when trying to send a mail to bob, it gets rejected with "550 Invalid recipient". Creating a systemuser "bob" makes it work. But then I do not need the vusers table, so I am wondering, is it possible to get along without the need for a system user? Now the man page mentions a userbase parameter, and I assume, the according table has to be in the format of the userinfo table mentioned in tables(5)? What then effectively again refers to a system user - just with a mapping in between. My attempts with a single userlist instead so far either resulted in a 'invalid use of table "susers" as USERBASE parameter' or simply a syntax error. Is that assumption correct? Is there no way of keeping virtual users completely off the system or did I get something terribly wrong? Even when not using mbox/Maildir at all, where this requirement could make sense? And since user filtering will eventually be done at an earlier stage, I would like smtpd to be able to unconditionally forward any mail unaltered (except aliases) to the lmtp socket. So, in addition to bob@example as for the tests com I would like to be able to use *@example.com or just example.com to not do any user checking at all. Depending on the syntax requirements. Is it possible to deactivate the user checking one way or the other? Thanks for any insight or heads up on what I may have missed or misunderstood. Ede
