On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:
> Hello,
>
>
Semi complete example at the bottom. I'll leave it to you to reverse translate
to the old syntax. I didn't notice till after I was done and am too lazy to
change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user'
keyword that can be used in an action:
user username
Specify the username for performing the delivery, to be
looked up with getpwnam(3).
This is used for virtual hosting where a single username
is in charge of handling delivery for all virtual users.
This option is not usable with the mbox delivery method.
Not sure if its available in whichever version you are using, but may make
things easier enough to warrant an upgrade.
> While trying to learn opensmtpd, amongst other things I am struggeling with
> the virtual user handling - for a non virtual domain setup.
>
> From what I have been able to understand so far it seems, as if there is no
> way to deliver mails to a lmtp socket, if there is not at least some
> reference/mapping to a system user?
>
> accept from any for domain "example.com" recipient <vusers> alias <aliases>
> deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody
>
> where vusers contains:
vusers would need to be `key => value' pairs
> b...@example.com
This is a list. More suitable for a vdomains table.
>
> However, despite being listed in vusers, when trying to send a mail to bob,
> it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
> makes it work. But then I do not need the vusers table, so I am wondering,
> is it possible to get along without the need for a system user?
> Now the man page mentions a userbase parameter, and I assume, the according
> table has to be in the format of the userinfo table mentioned in tables(5)?
> What then effectively again refers to a system user - just with a mapping in
> between.
>
> My attempts with a single userlist instead so far either resulted in a
> 'invalid use of table "susers" as USERBASE parameter' or simply a syntax
> error.
>
> Is that assumption correct? Is there no way of keeping virtual users
> completely off the system or did I get something terribly wrong? Even when
> not using mbox/Maildir at all, where this requirement could make sense?
>
They are off the system, but some real user has to own the mailbox, etc...
> And since user filtering will eventually be done at an earlier stage, I
> would like smtpd to be able to unconditionally forward any mail unaltered
> (except aliases) to the lmtp socket.
>
> So, in addition to bob@example as for the tests com I would like to be able
> to use *@example.com or just example.com to not do any user checking at all.
> Depending on the syntax requirements.
>
> Is it possible to deactivate the user checking one way or the other?
you could use a catchall
/etc/mail/vusers
@ catchall
>
> Thanks for any insight or heads up on what I may have missed or
> misunderstood.
>
>
> Ede
>
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m
chown -R vmail.vmail /var/vmail
/etc/mail/userinfo
bob 5000:5000:/var/vmail/bob
/etc/mail/vusers
b...@example.com bob
/etc/mail/smtpd.conf snippet
action "a01" lmtp "/var/cyrus/lmtp" rcpt-to userbase <userinfo> virtual
<vusers>
# may need to finesse the above. I'm not using cyrus or userbase table, so not
100 percent
# sure if it will work as is.
match from all for domain <domains> action "a01"
it sorta works...
deathstar$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 deathstar.my.domain ESMTP OpenSMTPD
ehlo p.com
250-deathstar.my.domain Hello p.com [127.0.0.1], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250 HELP
mail from:<me>
250 2.0.0 Ok
rcpt to:<bob>
250 2.1.5 Destination address valid: Recipient ok
data
354 Enter mail, end with "." on a line by itself
to: u
from: me
hi bob.
.
250 2.0.0 0a7d910f Message accepted for delivery
a19e5552f2afe6dc smtp connected address=127.0.0.1 host=localhost
debug: aliases_virtual_get: 'bob' resolved to 1 nodes
debug: aliases_virtual_get: 'bob' resolved to 1 nodes
warn: smtpd: parent_forward_open: /var/mail/bob: No such file or directory
smtp: 0x1903053fd000: fd 13 from queue
smtp: 0x1903053fd000: message fd 13
smtp: 0x1903053fd000: message begin
debug: 0x19034b71f000: adding Date
debug: 0x19034b71f000: adding Message-ID
debug: 0x1903053fd000: end of message, error=0
a19e5552f2afe6dc smtp message msgid=0a7d910f size=335 nrcpt=1 proto=ESMTP
a19e5552f2afe6dc smtp envelope evpid=0a7d910fa2469b23
from=<m...@deathstar.my.domain> to=<b...@deathstar.my.domain>
debug: scheduler: evp:0a7d910fa2469b23 scheduled (mda)
mda: new user a19e5554bded3360 for "userinfo:bob" delivering as "root"
debug: lka: userinfo userinfo:bob
debug: mda: new session a19e555520bf2fa5 for user "userinfo:bob" evpid
0a7d910fa2469b23
debug: mda: no more envelope for "userinfo:bob"
debug: mda: got message fd 13 for session a19e555520bf2fa5 evpid
0a7d910fa2469b23
debug: mda: querying mda fd for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
debug: smtpd: forking mda for session a19e555520bf2fa5: bob as root
debug: mda: got mda fd 14 for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
debug: mda: end-of-file for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
debug: mda: all data sent for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
debug: smtpd: mda process done for session a19e555520bf2fa5: exited abnormally
a19e5554bded3360 mda delivery evpid=0a7d910fa2469b23
from=<m...@deathstar.my.domain> to=<b...@deathstar.my.domain>
rcpt=<b...@deathstar.my.domain> user=bob delay=16s result=PermFail stat=Error
("mail.local: unknown name: bob")
debug: mda: session a19e555520bf2fa5 done
debug: mda: user "bob" becomes runnable
debug: mda: all done for user "userinfo:bob"
So probably don't want to use mail.local to deliver the message or make sure
/var/mail/bob exists in this particular example.
