Re: Virtual User handling

2019-09-08 Thread Ede Wolf

Hooray,

I think I have it now. The lmtpd user was member of the goup "mail", 
that is required to access the socket, however, it was not it's primary 
group. Seems like opensmtpd does not like the non primary groups.


I've changed this and it seems to work now - besides mary not having a 
mailbox, but that is on the other side of the socket and ok:


b2e883cb2493b807 mda delivery evpid=bb707c97fa5b562b 
from= to= rcpt= 
user=lmtpd delay=2m40s result=TempFail stat=Error (temporary failure: 
"mail.lmtp: LMTP server error: 550-Mailbox unknown.  Either there is no 
mailbox associated with this")



What is still bite me, why the error changed from

mail.lmtp: No such file or directoryconnect

to

mail.lmtp: Permission deniedconnect


All that I can remember I've done was a restart (or poweron today, after 
I've powered off yesterday).


Anyway, thanks to all for your time, support and hints. I'll silently 
try to figure out the cause for the change in the errormessage and then 
we may move on to filtering.


Thanks very much again!


Ede


Am 08.09.19 um 17:22 schrieb Reio Remma:

On 07.09.2019 12:53, Ede Wolf wrote:
Excellent idea, however, the error stays the same. No change, despite copying 
the whole opensmtpd folder to /usr/local/libexec

result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or 
directoryconnect")


I purposefully mistyped the Dovecot LMTP socket in my config and got the same 
message.

Sep  7 13:26:28 host smtpd[26873]: 7cde0d1cf207f8f3 mda delivery evpid=b96774ed55a5492e from=<> 
to=<> rcpt=<> user=3 delay=0s result=TempFail stat=Error (temporary failure: "mail.lmtp: 
No such file or directoryconnect")

I suspect your problem is that there is no Cyrus LMTP listening in 
/run/cyrus/socket/lmtp:

action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd

Do you actually use Cyrus IMAP?

Good luck,
Reio







Re: Virtual User handling

2019-09-08 Thread Reio Remma
> On 07.09.2019 12:53, Ede Wolf wrote:
> Excellent idea, however, the error stays the same. No change, despite copying 
> the whole opensmtpd folder to /usr/local/libexec
> 
> result=TempFail stat=Error (temporary failure: "mail.lmtp: No such file or 
> directoryconnect")

I purposefully mistyped the Dovecot LMTP socket in my config and got the same 
message.

Sep  7 13:26:28 host smtpd[26873]: 7cde0d1cf207f8f3 mda delivery 
evpid=b96774ed55a5492e from=<> to=<> rcpt=<> user=3 delay=0s result=TempFail 
stat=Error (temporary failure: "mail.lmtp: No such file or directoryconnect")

I suspect your problem is that there is no Cyrus LMTP listening in 
/run/cyrus/socket/lmtp:

action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd

Do you actually use Cyrus IMAP?

Good luck,
Reio




Re: Virtual User handling

2019-09-08 Thread Ede Wolf





https://manpages.debian.org/testing/cyrus-common/cyrus-lmtpd.8.en.html



Sorry. Great idea, but AFAIK the cyrus lmtpd is activated on demand by 
the cyrus master process. But I can verify, that either the unix- or the 
tcp socket are there. And the unix socket is writeable by the opensmtpd 
lmtpd user.


Additionally, I believe the error message from smtpd to be pretty clear 
about mail.lmtp not being found.


But of course, as this may be a follow up error, I will try to verify 
the lmtp socket with postfix.


Thanks

Ede




Re: Virtual User handling

2019-09-08 Thread Edgar Pettijohn

On Sep 8, 2019 7:58 AM, Ede Wolf  wrote:
>
>
> > 
> > 
> > Looks like lmtpd isn't running.
> > 
>
> Not sure wether there is such a thing as a lmtpd service? lmtpd is the 
> name of the user, that is supposed to connect to the socket.
>
> A bit unlucky naming maybe, but the "d" stands for deliver, not daemon.
>
> But may I am missing something else
>

https://manpages.debian.org/testing/cyrus-common/cyrus-lmtpd.8.en.html

Re: Virtual User handling

2019-09-08 Thread Ede Wolf






Looks like lmtpd isn't running.



Not sure wether there is such a thing as a lmtpd service? lmtpd is the 
name of the user, that is supposed to connect to the socket.


A bit unlucky naming maybe, but the "d" stands for deliver, not daemon.

But may I am missing something else



Re: Virtual User handling

2019-09-07 Thread Edgar Pettijohn
On Sat, Sep 07, 2019 at 11:53:58AM +0200, Ede Wolf wrote:
> > > So it is a binary, thats useful information. Having specified /opt/smtpd
> > > as prefix during ./configure, it is located here:
> > > 
> > > /opt/smptd/libexec/opensmtpd/mail.lmtp
> > > 
> > 
> > Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build 
> > tools bug.
> > 
> 
> Excellent idea, however, the error stays the same. No change, despite
> copying the whole opensmtpd folder to /usr/local/libexec
> 
> 
> Even strace does not reveal the path it is looking for:
> 
> 
> expand: 0x56284c3f4338: expand_insert() called for
> address:m...@example.com[parent=(nil), rule=(nil)]
> expand: 0x56284c3f4338: inserted node 0x56284c3f6030
> expand: lka_expand: address: m...@example.com [depth=0]
> lookup: match "37.120.186.114" as NETADDR in table static: -> true
> lookup: match "example.com" as DOMAIN in table static: -> true
> rule #1 matched: match from any for domain  action deliver
> lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "mary" as ALIAS in table static:vusers -> none
> lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56284c3f3b10: expand_insert() called for
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56284c3f3b10: inserted node 0x56284c3f6590
> expand: 0x56284c3f4338: expand_insert() called for
> username:lmtpd[parent=0x56284c3f6030, rule=0x56284c403e50,
> dispatcher=0x56284c405750]
> expand: 0x56284c3f4338: inserted node 0x56284c3f6af0
> expand: 0x56284c3f3b10: clearing expand tree
> expand: 0x56284c3f3b10: freeing expand tree
> debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
> lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
> lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56284c3ed110: expand_insert() called for
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56284c3ed110: inserted node 0x56284c3f6590
> expand: 0x56284c3f4338: expand_insert() called for
> username:lmtpd[parent=0x56284c3f6af0, rule=0x56284c403e50,
> dispatcher=0x56284c405750]
> expand: 0x56284c3f4338: setting sameuser = 1
> expand: 0x56284c3f4338: inserted node 0x56284c3f7050
> expand: 0x56284c3ed110: clearing expand tree
> expand: 0x56284c3ed110: freeing expand tree
> debug: aliases_virtual_get: '@' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
> "115:115:/opt/smptd/var/lmtpd"
> [{EPOLLIN, {u32=6, u64=6}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
> close(12)   = 0
> close(13)   = 0
> recvmsg(6, {msg_name=NULL, msg_namelen=0, 
> msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\237\25\0\0[\300\213\3725\333\374!\0lmtpd\0\0"...,
> iov_len=65535}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
> stat("/opt/smptd/var/lmtpd", {st_mode=S_IFDIR
> openat(AT_FDCWD, "/opt/smptd/var/lmtpd/.forward", O_RDONLY
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e5fdc) = 0
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN
> epoll_wait(3, [{EPOLLOUT, {u32=6, u64=6}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
> sendmsg(6, {msg_name=NULL, msg_namelen=0, 
> msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\234\25\0\0[\300\213\3725\333\374!\1lmtpd\0\0"...,
> iov_len=4392}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
> epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=6, u64=6}}expand: no forward
> for user lmtpd, just deliver
> ) = 0
> epoll_wait(3, expand: 0x56284c3f4338: clearing expand tree
> smtp: 0x564267537b60: fd 14 from queue
> smtp: 0x564267537b60: message fd 14
> smtp: 0x564267537b60: message begin
> debug: 0x564267537b60: end of message, error=0
> 21fcdb35fa8bc05b smtp message msgid=22c2f515 size=245 nrcpt=1 proto=ESMTP
> 21fcdb35fa8bc05b smtp envelope evpid=22c2f5151c4decec
> from= to=
> debug: scheduler: evp:22c2f5151c4decec scheduled (mda)
> mda: new user 21fcdb36b331cade for ":lmtpd" delivering as "lmtpd"
> debug: lka: userinfo :lmtpd
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: ->
> "115:115:/opt/smptd/var/lmtpd"
> debug: mda: new session 21fcdb37f01f7374 for user ":lmtpd" evpid
> 22c2f5151c4decec
> debug: mda: no more envelope for ":lmtpd"
> debug: mda: got message fd 14 for session 21fcdb37f01f7374 evpid
> 22c2f5151c4decec
> debug: mda: querying mda fd for session 21fcdb37f01f7374 evpid
> 22c2f5151c4decec
> [{EPOLLIN, {u32=7, u64=7}}], 32, -1) = 1
> epoll_ctl(3, EPOLL_CTL_DEL, 7, 0x7ffeb16e607c) = 0
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
> socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 

Re: Virtual User handling

2019-09-07 Thread Ede Wolf

So it is a binary, thats useful information. Having specified /opt/smtpd
as prefix during ./configure, it is located here:

/opt/smptd/libexec/opensmtpd/mail.lmtp



Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build 
tools bug.



Excellent idea, however, the error stays the same. No change, despite 
copying the whole opensmtpd folder to /usr/local/libexec



Even strace does not reveal the path it is looking for:


expand: 0x56284c3f4338: expand_insert() called for 
address:m...@example.com[parent=(nil), rule=(nil)]

expand: 0x56284c3f4338: inserted node 0x56284c3f6030
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "37.120.186.114" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain  action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3f3b10: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56284c3f3b10: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for 
username:lmtpd[parent=0x56284c3f6030, rule=0x56284c403e50, 
dispatcher=0x56284c405750]

expand: 0x56284c3f4338: inserted node 0x56284c3f6af0
expand: 0x56284c3f3b10: clearing expand tree
expand: 0x56284c3f3b10: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56284c3ed110: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56284c3ed110: inserted node 0x56284c3f6590
expand: 0x56284c3f4338: expand_insert() called for 
username:lmtpd[parent=0x56284c3f6af0, rule=0x56284c403e50, 
dispatcher=0x56284c405750]

expand: 0x56284c3f4338: setting sameuser = 1
expand: 0x56284c3f4338: inserted node 0x56284c3f7050
expand: 0x56284c3ed110: clearing expand tree
expand: 0x56284c3ed110: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"

[{EPOLLIN, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12)   = 0
close(13)   = 0
recvmsg(6, {msg_name=NULL, msg_namelen=0, 
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\237\25\0\0[\300\213\3725\333\374!\0lmtpd\0\0"..., 
iov_len=65535}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392

stat("/opt/smptd/var/lmtpd", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
openat(AT_FDCWD, "/opt/smptd/var/lmtpd/.forward", 
O_RDONLY|O_NONBLOCK|O_NOFOLLOW) = -1 ENOENT (No such file or directory)

epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e5fdc) = 0
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN|EPOLLOUT, {u32=6, u64=6}}) = 0
epoll_wait(3, [{EPOLLOUT, {u32=6, u64=6}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 6, 0x7ffeb16e607c) = 0
sendmsg(6, {msg_name=NULL, msg_namelen=0, 
msg_iov=[{iov_base="4\0\0\0(\21\0\0\0\0\0\0\234\25\0\0[\300\213\3725\333\374!\1lmtpd\0\0"..., 
iov_len=4392}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 4392
epoll_ctl(3, EPOLL_CTL_ADD, 6, {EPOLLIN, {u32=6, u64=6}}expand: no 
.forward for user lmtpd, just deliver

) = 0
epoll_wait(3, expand: 0x56284c3f4338: clearing expand tree
smtp: 0x564267537b60: fd 14 from queue
smtp: 0x564267537b60: message fd 14
smtp: 0x564267537b60: message begin
debug: 0x564267537b60: end of message, error=0
21fcdb35fa8bc05b smtp message msgid=22c2f515 size=245 nrcpt=1 proto=ESMTP
21fcdb35fa8bc05b smtp envelope evpid=22c2f5151c4decec 
from= to=

debug: scheduler: evp:22c2f5151c4decec scheduled (mda)
mda: new user 21fcdb36b331cade for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 21fcdb37f01f7374 for user ":lmtpd" 
evpid 22c2f5151c4decec

debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 21fcdb37f01f7374 evpid 
22c2f5151c4decec
debug: mda: querying mda fd for session 21fcdb37f01f7374 evpid 
22c2f5151c4decec

[{EPOLLIN, {u32=7, u64=7}}], 32, -1) = 1
epoll_ctl(3, EPOLL_CTL_DEL, 7, 0x7ffeb16e607c) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 13
close(12)   = 0
close(13)   = 0
recvmsg(7, 

Re: Virtual User handling

2019-09-06 Thread Edgar Pettijohn

On Sep 6, 2019 12:40 PM, Ede Wolf  wrote:
>
> Am 06.09.19 um 18:59 schrieb Edgar Pettijohn:
> > Sounds like the mail.lmtp program is missing or not where it belongs. 
> > Should live somewhere in /usr/local/libexec. Find it and let us know where 
> > it is and somebody can probably tell you where it needs to be. Or it just 
> > didn't get built for some reason.
>
> So it is a binary, thats useful information. Having specified /opt/smtpd 
> as prefix during ./configure, it is located here:
>
> /opt/smptd/libexec/opensmtpd/mail.lmtp
>

Throw it in /usr/local/libexec/smtpd/ and see what happens. May be a build 
tools bug.

> Since libexec is usually not path aynway, I wonder, how to make smtpd 
> recognize it, if --prefix is not honored?
>
>
> > Your copy is apparently different from mine.
>
>
> Nope. I've cited smtpd.conf (from the opensmtpd homepage), you have 
> looked into tables. Since userbase is the only location I've come along 
> that uses the userinfo table, I've went with the attribute, not the 
> argument.
>

Agreed. Must be a bug in the documentation or the daemon. My bet is the manual 
is wrong.

Edgar
> Thanks again for helping out!
>
> Ede
>


Re: Virtual User handling

2019-09-06 Thread Ede Wolf

Am 06.09.19 um 18:59 schrieb Edgar Pettijohn:

Sounds like the mail.lmtp program is missing or not where it belongs. Should 
live somewhere in /usr/local/libexec. Find it and let us know where it is and 
somebody can probably tell you where it needs to be. Or it just didn't get 
built for some reason.


So it is a binary, thats useful information. Having specified /opt/smtpd 
as prefix during ./configure, it is located here:


/opt/smptd/libexec/opensmtpd/mail.lmtp

Since libexec is usually not path aynway, I wonder, how to make smtpd 
recognize it, if --prefix is not honored?



> Your copy is apparently different from mine.


Nope. I've cited smtpd.conf (from the opensmtpd homepage), you have 
looked into tables. Since userbase is the only location I've come along 
that uses the userinfo table, I've went with the attribute, not the 
argument.


Thanks again for helping out!

Ede



Re: Virtual User handling

2019-09-06 Thread Edgar Pettijohn

On Sep 6, 2019 10:46 AM, Ede Wolf  wrote:
>
>
> > Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
> > is translating the aliases and which rules it's matching etc.
>
> This is a really helpful command. Maybe using that I can be a bit more 
> precise in defining my confusion.
>
> My simple setup, git pulled and build yesterday:
>
>
> action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
> match from any for domain "example.com" rcpt-to  action deliver
>
>
> With "musers" only containing good ole b...@example.com and "lmtpd" being 
> a regular system user. Bob is not known to the system. And shall not.
>
> Now, the man page reads:
>
> user username
> Specify the username for performing the delivery, to be looked up with 
> getpwnam(3).
>
> and:
>
> userbase 
> Use the mapping table for user lookups instead of the getpwnam(3) function.
> ->The userbase does not apply for the user option.<-
>

Your copy is apparently different from mine.

Userinfo tables

User info tables are used in rule context to specify an alternate user base, 
mapping virtual users to local system users by UID, GID and home directory.

action name method userbase 

A userinfo table looks as follows:

joe 1000:100:/home/virtual/joe jack 1000:100:/home/virtual/jack 

In this example, both joe and jack are virtual users mapped to the local system 
user with UID 1000 and GID 100, but different home directories. These 
directories may contain a forward(5) file. This can be used in conjunction with 
an alias table that maps an email address or the domain part to the desired 
virtual username. For example:

j...@example.org joe j...@example.com jack 

It has to map to a system user.
If you want it to be lmtpd just replace the 1000:100 above with lmtpds uid:gid

> So my "user" attribute is lmtpd, a regular system user. But:
>
> af0267593be5b0a1 smtp connected address=
> expand: 0x5598b9f68328: expand_insert() called for 
> address:b...@example.com[parent=(nil), rule=(nil)]
> expand: 0x5598b9f68328: inserted node 0x5598b9f6a020
> expand: lka_expand: address: b...@example.com [depth=0]
> lookup: match "1.2.3.4" as NETADDR in table static: -> true
> lookup: match "example.com" as DOMAIN in table static: -> true
> lookup: match "b...@example.com" as MAILADDR in table static:musers -> true
> rule #1 matched: match from any for domain  rcpt-to musers 
> action deliver
> expand: 0x5598b9f68328: expand_insert() called for 
> username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, 
> dispatcher=0x5598b9f79750]
> expand: 0x5598b9f68328: inserted node 0x5598b9f6a580
>
> expand: lka_expand: username: bob [depth=1, sameuser=0]
> lookup: lookup "bob" as USERINFO in table getpwnam: -> none
> expand: lka_expand: user-part does not match system user
> expand: 0x5598b9f68328: clearing expand tree
> af0267593be5b0a1 smtp failed-command command="RCPT TO:" 
> result="550 Invalid recipient: "
>
> The problem is obviously: "lookup "bob" as USERINFO in table 
> getpwnam: -> none"
>
>
>
> Now the local delivery should be done with the user lmtpd, why is user 
> "bob" then looked up at all via USERINFO getpwman, instead of lmtpd, 
> when userinfo shall not be used with the "user" attribute.
>
> Wether "userbase" is invoked via getpwnam or a USERINFO table, should 
> make no difference? It should not be used, when the "user" attribute is 
> being used?
>
> Automagically I should add, I have not defined the userbase parameter 
> anywhere in my config.
>
> Hopefully I've been able to narrow down my lack of comprehention. There 
> is something in the manpage I get wrong.
>
> Thanks
>
> Ede
>


Re: Virtual User handling

2019-09-06 Thread Edgar Pettijohn
Sounds like the mail.lmtp program is missing or not where it belongs. Should 
live somewhere in /usr/local/libexec. Find it and let us know where it is and 
somebody can probably tell you where it needs to be. Or it just didn't get 
built for some reason.

Edgar
On Sep 6, 2019 11:40 AM, Ede Wolf  wrote:
>
> Side note. While I would still like to understand, what I am 
> misunderstanding, practically, I've had some more success with using a 
> virtual catchall table, as recommended before by Edgar. However, there 
> is still one local error I do not yet comprehend:
>
> "Error being: stat=Error (temporary failure: "mail.lmtp: No such file or 
> directoryconnect")"
>
> And I am not sure, what is smtpd looking for or missing exactly? It 
> likey has to do with me using non standard paths, but that again may be 
> helpful for understanding.
>
> action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual  
> user lmtpd
> match from any for domain "example.com" action deliver
>
> with vusers reading:
> @ lmtpd
>
>
> Here is a more complete log:
>
>
> 2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net
> expand: 0x56169b994348: expand_insert() called for 
> address:m...@example.com[parent=(nil), rule=(nil)]
> expand: 0x56169b994348: inserted node 0x56169b996040
> expand: lka_expand: address: m...@example.com [depth=0]
> lookup: match "1.2.3.4" as NETADDR in table static: -> true
> lookup: match "example.com" as DOMAIN in table static: -> true
> rule #1 matched: match from any for domain  action deliver
> lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "mary" as ALIAS in table static:vusers -> none
> lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56169b993b40: expand_insert() called for 
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56169b993b40: inserted node 0x56169b9965a0
> expand: 0x56169b994348: expand_insert() called for 
> username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, 
> dispatcher=0x56169b9a5780]
> expand: 0x56169b994348: inserted node 0x56169b996b00
> expand: 0x56169b993b40: clearing expand tree
> expand: 0x56169b993b40: freeing expand tree
> debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
> lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
> lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
> lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
> expand: 0x56169b98d140: expand_insert() called for 
> username:lmtpd[parent=(nil), rule=(nil)]
> expand: 0x56169b98d140: inserted node 0x56169b9965a0
> expand: 0x56169b994348: expand_insert() called for 
> username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, 
> dispatcher=0x56169b9a5780]
> expand: 0x56169b994348: setting sameuser = 1
> expand: 0x56169b994348: inserted node 0x56169b997060
> expand: 0x56169b98d140: clearing expand tree
> expand: 0x56169b98d140: freeing expand tree
> debug: aliases_virtual_get: '@' resolved to 1 nodes
> expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
> "115:115:/opt/smptd/var/lmtpd"
> expand: no .forward for user lmtpd, just deliver
> expand: 0x56169b994348: clearing expand tree
> smtp: 0x56047ce92b90: fd 14 from queue
> smtp: 0x56047ce92b90: message fd 14
> smtp: 0x56047ce92b90: message begin
> debug: 0x56047ce92b90: end of message, error=0
> 2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP
> 2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 
> from= to=
> debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda)
> mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd"
> debug: lka: userinfo :lmtpd
> lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
> "115:115:/opt/smptd/var/lmtpd"
> debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" 
> evpid fd6b9892d5ac7196
> debug: mda: no more envelope for ":lmtpd"
> debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid 
> fd6b9892d5ac7196
> debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid 
> fd6b9892d5ac7196
> debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd
> debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid 
> fd6b9892d5ac7196
> debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196
> debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid 
> fd6b9892d5ac7196
> debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited 
> abnormally
> 2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 
> from= to= rcpt= 
> user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: 
> "mail.lmtp: No such file or directoryconnect")
> debug: mda: session 2c4cbc6e7f005bc1 done
> debug: mda: user "lmtpd" becomes runnable
> debug: mda: all done for user ":lmtpd"
>
>
>
> Am 06.09.19 um 17:46 

Re: Virtual User handling

2019-09-06 Thread Ede Wolf
Side note. While I would still like to understand, what I am 
misunderstanding, practically, I've had some more success with using a 
virtual catchall table, as recommended before by Edgar. However, there 
is still one local error I do not yet comprehend:


"Error being: stat=Error (temporary failure: "mail.lmtp: No such file or 
directoryconnect")"


And I am not sure, what is smtpd looking for or missing exactly? It 
likey has to do with me using non standard paths, but that again may be 
helpful for understanding.


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to virtual  
user lmtpd

match from any for domain "example.com" action deliver

with vusers reading:
@ lmtpd


Here is a more complete log:


2c4cbc6c10aebcab smtp connected address=1.2.3.4 host=friendly.nospam.net
expand: 0x56169b994348: expand_insert() called for 
address:m...@example.com[parent=(nil), rule=(nil)]

expand: 0x56169b994348: inserted node 0x56169b996040
expand: lka_expand: address: m...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
rule #1 matched: match from any for domain  action deliver
lookup: lookup "m...@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "mary" as ALIAS in table static:vusers -> none
lookup: lookup "@example.com" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b993b40: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b993b40: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996040, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: inserted node 0x56169b996b00
expand: 0x56169b993b40: clearing expand tree
expand: 0x56169b993b40: freeing expand tree
debug: aliases_virtual_get: '@example.com' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=1, sameuser=0]
lookup: lookup "lmtpd@" as ALIAS in table static:vusers -> none
lookup: lookup "lmtpd" as ALIAS in table static:vusers -> none
lookup: lookup "@" as ALIAS in table static:vusers -> "lmtpd"
expand: 0x56169b98d140: expand_insert() called for 
username:lmtpd[parent=(nil), rule=(nil)]

expand: 0x56169b98d140: inserted node 0x56169b9965a0
expand: 0x56169b994348: expand_insert() called for 
username:lmtpd[parent=0x56169b996b00, rule=0x56169b9a3e80, 
dispatcher=0x56169b9a5780]

expand: 0x56169b994348: setting sameuser = 1
expand: 0x56169b994348: inserted node 0x56169b997060
expand: 0x56169b98d140: clearing expand tree
expand: 0x56169b98d140: freeing expand tree
debug: aliases_virtual_get: '@' resolved to 1 nodes
expand: lka_expand: username: lmtpd [depth=2, sameuser=1]
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"

expand: no .forward for user lmtpd, just deliver
expand: 0x56169b994348: clearing expand tree
smtp: 0x56047ce92b90: fd 14 from queue
smtp: 0x56047ce92b90: message fd 14
smtp: 0x56047ce92b90: message begin
debug: 0x56047ce92b90: end of message, error=0
2c4cbc6c10aebcab smtp message msgid=fd6b9892 size=247 nrcpt=1 proto=SMTP
2c4cbc6c10aebcab smtp envelope evpid=fd6b9892d5ac7196 
from= to=

debug: scheduler: evp:fd6b9892d5ac7196 scheduled (mda)
mda: new user 2c4cbc6d6d8e081f for ":lmtpd" delivering as "lmtpd"
debug: lka: userinfo :lmtpd
lookup: lookup "lmtpd" as USERINFO in table getpwnam: -> 
"115:115:/opt/smptd/var/lmtpd"
debug: mda: new session 2c4cbc6e7f005bc1 for user ":lmtpd" 
evpid fd6b9892d5ac7196

debug: mda: no more envelope for ":lmtpd"
debug: mda: got message fd 14 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: mda: querying mda fd for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: smtpd: forking mda for session 2c4cbc6e7f005bc1: lmtpd as lmtpd
debug: mda: got mda fd 15 for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196

debug: mda: end-of-file for session 2c4cbc6e7f005bc1 evpid fd6b9892d5ac7196
debug: mda: all data sent for session 2c4cbc6e7f005bc1 evpid 
fd6b9892d5ac7196
debug: smtpd: mda process done for session 2c4cbc6e7f005bc1: exited 
abnormally
2c4cbc6d6d8e081f mda delivery evpid=fd6b9892d5ac7196 
from= to= rcpt= 
user=lmtpd delay=11s result=TempFail stat=Error (temporary failure: 
"mail.lmtp: No such file or directoryconnect")

debug: mda: session 2c4cbc6e7f005bc1 done
debug: mda: user "lmtpd" becomes runnable
debug: mda: all done for user ":lmtpd"



Am 06.09.19 um 17:46 schrieb Ede Wolf:


Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how 
OpenSMTPD is translating the aliases and which rules it's matching etc.


This is a really helpful command. Maybe using that I can be a bit more 
precise in defining my confusion.


My simple setup, git pulled and build yesterday:


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
match from any for domain "example.com" rcpt-to  action deliver


With "musers" only containing good ole 

Re: Virtual User handling

2019-09-06 Thread Ede Wolf



Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
is translating the aliases and which rules it's matching etc.


This is a really helpful command. Maybe using that I can be a bit more 
precise in defining my confusion.


My simple setup, git pulled and build yesterday:


action "deliver" lmtp "/run/cyrus/socket/lmtp" rcpt-to user lmtpd
match from any for domain "example.com" rcpt-to  action deliver


With "musers" only containing good ole b...@example.com and "lmtpd" being 
a regular system user. Bob is not known to the system. And shall not.


Now, the man page reads:

user username
Specify the username for performing the delivery, to be looked up with 
getpwnam(3).


and:

userbase 
Use the mapping table for user lookups instead of the getpwnam(3) function.
->The userbase does not apply for the user option.<-

So my "user" attribute is lmtpd, a regular system user. But:

af0267593be5b0a1 smtp connected address=
expand: 0x5598b9f68328: expand_insert() called for 
address:b...@example.com[parent=(nil), rule=(nil)]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a020
expand: lka_expand: address: b...@example.com [depth=0]
lookup: match "1.2.3.4" as NETADDR in table static: -> true
lookup: match "example.com" as DOMAIN in table static: -> true
lookup: match "b...@example.com" as MAILADDR in table static:musers -> true
rule #1 matched: match from any for domain  rcpt-to musers 
action deliver
expand: 0x5598b9f68328: expand_insert() called for 
username:bob[parent=0x5598b9f6a020, rule=0x5598b9f77e30, 
dispatcher=0x5598b9f79750]

expand: 0x5598b9f68328: inserted node 0x5598b9f6a580

expand: lka_expand: username: bob [depth=1, sameuser=0]
lookup: lookup "bob" as USERINFO in table getpwnam: -> none
expand: lka_expand: user-part does not match system user
expand: 0x5598b9f68328: clearing expand tree
af0267593be5b0a1 smtp failed-command command="RCPT TO:" 
result="550 Invalid recipient: "


The problem is obviously: "lookup "bob" as USERINFO in table 
getpwnam: -> none"




Now the local delivery should be done with the user lmtpd, why is user 
"bob" then looked up at all via USERINFO getpwman, instead of lmtpd, 
when userinfo shall not be used with the "user" attribute.


Wether "userbase" is invoked via getpwnam or a USERINFO table, should 
make no difference? It should not be used, when the "user" attribute is 
being used?


Automagically I should add, I have not defined the userbase parameter 
anywhere in my config.


Hopefully I've been able to narrow down my lack of comprehention. There 
is something in the manpage I get wrong.


Thanks

Ede



Re: Virtual User handling

2019-09-02 Thread Edgar Pettijohn

On Sep 2, 2019 3:18 AM, Reio Remma  wrote:
>
> On 02/09/2019 10:35, Ede Wolf wrote:
> > Hello Edgar,
> >
> > thanks very much for your in depth reply and the effort you've put 
> > into it.
> >
> > As for the "user" keyword, the way I understand this, it that it 
> > equals the "as" statement in the old version.
> >
> > ... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-
>
> I'm using multiple virtual domains myself and delivering to Dovecot via 
> LMTP with no user parameter. I _suspect_ it's more useful when you let 
> OpenSMTPD to deliver straight to mailboxes.
>
> > Back to your reply: That catchall from your example in "@ catchall" is 
> > not a keyword, is it? But a local user accout?
>
> @example.com need to be aliased to a real mail account to receive all these.
>
> > > but some real user has to own the mailbox...
> >

When smtpd goes looking for a . forward file it gets mad if there isn't a 
mailbox to look in. :)

> > Care to explain, why is that? From my unknowledgable point of view, 
> > the mailbox handling should be done on the other side of the lmtpd 
> > socket. This misconception is at the very heart of my question.
>
> Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
> is translating the aliases and which rules it's matching etc.
>
> Good luck,
> Reio
>
>


Re: Virtual User handling

2019-09-02 Thread Reio Remma

On 30/08/2019 18:00, Ede Wolf wrote:

Hello,

While trying to learn opensmtpd, amongst other things I am struggeling 
with the virtual user handling - for a non virtual domain setup.


From what I have been able to understand so far it seems, as if there 
is no way to deliver mails to a lmtp socket, if there is not at least 
some reference/mapping to a system user?


accept from any for domain "example.com" recipient  alias 
 deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody


where vusers contains:
b...@example.com

However, despite being listed in vusers, when trying to send a mail to 
bob, it gets rejected with "550 Invalid recipient". Creating a 
systemuser "bob" makes it work. But then I do not need the vusers 
table, so I am wondering, is it possible to get along without the need 
for a system user?
Now the man page mentions a userbase parameter, and I assume, the 
according table has to be in the format of the userinfo table 
mentioned in tables(5)?
What then effectively again refers to a system user - just with a 
mapping in between.


For virtual aliases you need to have a mapping of a virtual address to a 
user:


table vusers { b...@example.com = bob }

You might try this:

accept from any for domain "example.com" virtual  deliver to 
lmtp "/run/cyrus/lmtp" rcpt-to


The userbase parameter is handy if you deliver to mailboxes straight 
from OpenSMTPD or you want OpenSMTPD to read the users .forward files:


table userinfo { bob = 5000:5000:/var/mail/example.com/bob }

accept from any for domain "example.com" virtual  userbase 
 deliver to lmtp "/run/cyrus/lmtp" rcpt-to


Good luck,
Reio




Re: Virtual User handling

2019-09-02 Thread Reio Remma

On 02/09/2019 10:35, Ede Wolf wrote:

Hello Edgar,

thanks very much for your in depth reply and the effort you've put 
into it.


As for the "user" keyword, the way I understand this, it that it 
equals the "as" statement in the old version.


... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-


I'm using multiple virtual domains myself and delivering to Dovecot via 
LMTP with no user parameter. I _suspect_ it's more useful when you let 
OpenSMTPD to deliver straight to mailboxes.


Back to your reply: That catchall from your example in "@ catchall" is 
not a keyword, is it? But a local user accout?


@example.com need to be aliased to a real mail account to receive all these.


> but some real user has to own the mailbox...

Care to explain, why is that? From my unknowledgable point of view, 
the mailbox handling should be done on the other side of the lmtpd 
socket. This misconception is at the very heart of my question.


Maybe run 'smtpd -dv -T expand -T lookup -T rules' and see how OpenSMTPD 
is translating the aliases and which rules it's matching etc.


Good luck,
Reio




Re: Virtual User handling

2019-09-02 Thread Ede Wolf

Hello Edgar,

thanks very much for your in depth reply and the effort you've put into it.

As for the "user" keyword, the way I understand this, it that it equals 
the "as" statement in the old version.


... lmtp "/run/cyrus/lmtp" rcpt-to ->as nobody<-

Does however not work as I imangined. I am currently trying to get 6.4.2 
up and running this week, see next thread.


Back to your reply: That catchall from your example in "@ catchall" is 
not a keyword, is it? But a local user accout?


> but some real user has to own the mailbox...

Care to explain, why is that? From my unknowledgable point of view, the 
mailbox handling should be done on the other side of the lmtpd socket. 
This misconception is at the very heart of my question.


The idea being that smtpd connects to the lmtp socket as user "nobody" 
(in my example) and delivers the mail to whatever is watining on the 
other side. So the only privileges required should be to connect to the 
socket, what in turn requires a system user.


Basically I am hoping to get the same behaviour for lmtp devilvery as 
for relay, where I can specify a mail-from list and it works like a 
charm, from a 6.5 installation:


action "relay" relay host smtp+notls://192.168.1.1:25
match mail-from  for domain "example.com" action "relay"

Maybe with 6.4.2p with will also work with lmtp. Will hopefully be able 
to test that later this week and report back



Thanks again

Ede


Am 31.08.19 um 19:14 schrieb Edgar Pettijohn:

On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote:

On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:

Hello,




Semi complete example at the bottom. I'll leave it to you to reverse translate
to the old syntax. I didn't notice till after I was done and am too lazy to
change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user'
keyword that can be used in an action:

  user username
  Specify the username for performing the delivery, to be
  looked up with getpwnam(3).

  This is used for virtual hosting where a single username
  is in charge of handling delivery for all virtual users.

  This option is not usable with the mbox delivery method.

Not sure if its available in whichever version you are using, but may make
things easier enough to warrant an upgrade.
  

While trying to learn opensmtpd, amongst other things I am struggeling with
the virtual user handling - for a non virtual domain setup.

 From what I have been able to understand so far it seems, as if there is no
way to deliver mails to a lmtp socket, if there is not at least some
reference/mapping to a system user?

accept from any for domain "example.com" recipient  alias 
deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody

where vusers contains:


vusers would need to be `key => value' pairs


b...@example.com


This is a list. More suitable for a vdomains table.



However, despite being listed in vusers, when trying to send a mail to bob,
it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
makes it work. But then I do not need the vusers table, so I am wondering,
is it possible to get along without the need for a system user?
Now the man page mentions a userbase parameter, and I assume, the according
table has to be in the format of the userinfo table mentioned in tables(5)?
What then effectively again refers to a system user - just with a mapping in
between.

My attempts with a single userlist instead so far either resulted in a
'invalid use of table "susers" as USERBASE parameter' or simply a syntax
error.

Is that assumption correct? Is there no way of keeping virtual users
completely off the system or did I get something terribly wrong? Even when
not using mbox/Maildir at all, where this requirement could make sense?



They are off the system, but some real user has to own the mailbox, etc...
  

And since user filtering will eventually be done at an earlier stage, I
would like smtpd to be able to unconditionally forward any mail unaltered
(except aliases) to the lmtp socket.

So, in addition to bob@example as for the tests com I would like to be able
to use *@example.com or just example.com to not do any user checking at all.
Depending on the syntax requirements.

Is it possible to deactivate the user checking one way or the other?


you could use a catchall

/etc/mail/vusers

@   catchall



Thanks for any insight or heads up on what I may have missed or
misunderstood.


Ede



groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m
chown -R vmail.vmail /var/vmail

/etc/mail/userinfo

bob 5000:5000:/var/vmail/bob

/etc/mail/vusers

b...@example.combob

/etc/mail/smtpd.conf snippet

action "a01" lmtp "/var/cyrus/lmtp" rcpt-to  userbase  virtual 

# may need to finesse the above. I'm not using cyrus or userbase table, so not 
100 percent
# sure if it will work as is.

match from all for 

Re: Virtual User handling

2019-08-31 Thread Edgar Pettijohn
On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote:
> On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:
> > Hello,
> > 
> >
> 
> Semi complete example at the bottom. I'll leave it to you to reverse translate
> to the old syntax. I didn't notice till after I was done and am too lazy to 
> change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' 
> keyword that can be used in an action:
> 
>  user username
>  Specify the username for performing the delivery, to be
>  looked up with getpwnam(3).
> 
>  This is used for virtual hosting where a single username
>  is in charge of handling delivery for all virtual users.
> 
>  This option is not usable with the mbox delivery method.
> 
> Not sure if its available in whichever version you are using, but may make 
> things easier enough to warrant an upgrade.
>  
> > While trying to learn opensmtpd, amongst other things I am struggeling with
> > the virtual user handling - for a non virtual domain setup.
> > 
> > From what I have been able to understand so far it seems, as if there is no
> > way to deliver mails to a lmtp socket, if there is not at least some
> > reference/mapping to a system user?
> > 
> > accept from any for domain "example.com" recipient  alias 
> > deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody
> > 
> > where vusers contains:
> 
> vusers would need to be `key => value' pairs
> 
> > b...@example.com
> 
> This is a list. More suitable for a vdomains table.
> 
> > 
> > However, despite being listed in vusers, when trying to send a mail to bob,
> > it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
> > makes it work. But then I do not need the vusers table, so I am wondering,
> > is it possible to get along without the need for a system user?
> > Now the man page mentions a userbase parameter, and I assume, the according
> > table has to be in the format of the userinfo table mentioned in tables(5)?
> > What then effectively again refers to a system user - just with a mapping in
> > between.
> > 
> > My attempts with a single userlist instead so far either resulted in a
> > 'invalid use of table "susers" as USERBASE parameter' or simply a syntax
> > error.
> > 
> > Is that assumption correct? Is there no way of keeping virtual users
> > completely off the system or did I get something terribly wrong? Even when
> > not using mbox/Maildir at all, where this requirement could make sense?
> >
> 
> They are off the system, but some real user has to own the mailbox, etc...
>  
> > And since user filtering will eventually be done at an earlier stage, I
> > would like smtpd to be able to unconditionally forward any mail unaltered
> > (except aliases) to the lmtp socket.
> > 
> > So, in addition to bob@example as for the tests com I would like to be able
> > to use *@example.com or just example.com to not do any user checking at all.
> > Depending on the syntax requirements.
> > 
> > Is it possible to deactivate the user checking one way or the other?
> 
> you could use a catchall
> 
> /etc/mail/vusers
> 
> @ catchall
> 
> > 
> > Thanks for any insight or heads up on what I may have missed or
> > misunderstood.
> > 
> > 
> > Ede
> >
> 
> groupadd -g 5000 vmail
> useradd -g vmail -u 5000 vmail -d /var/vmail -m
> chown -R vmail.vmail /var/vmail
> 
> /etc/mail/userinfo
> 
> bob   5000:5000:/var/vmail/bob
> 
> /etc/mail/vusers
> 
> b...@example.com  bob
> 
> /etc/mail/smtpd.conf snippet
> 
> action "a01" lmtp "/var/cyrus/lmtp" rcpt-to  userbase  virtual 
>  
> # may need to finesse the above. I'm not using cyrus or userbase table, so 
> not 100 percent
> # sure if it will work as is.
> 
> match from all for domain  action "a01"

Another option (that I use):

/etc/mail/vusers

b...@example.comvmail

action "a01" lmtp "/var/cyrus/lmtp" rcpt-to virtual 
match from all for domain  action "a01"

No need for the userbase. I'm not really sure where a userbase table comes into 
play. Maybe someone out there using it can provide an example use case.

> 
> it sorta works...
> deathstar$ telnet localhost 25 
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 deathstar.my.domain ESMTP OpenSMTPD
> ehlo p.com
> 250-deathstar.my.domain Hello p.com [127.0.0.1], pleased to meet you
> 250-8BITMIME
> 250-ENHANCEDSTATUSCODES
> 250-SIZE 36700160
> 250-DSN
> 250 HELP
> mail from:
> 250 2.0.0 Ok
> rcpt to: 
> 250 2.1.5 Destination address valid: Recipient ok
> data
> 354 Enter mail, end with "." on a line by itself
> to: u
> from: me
> 
> hi bob.
> 
> .
> 250 2.0.0 0a7d910f Message accepted for delivery
> 
> a19e5552f2afe6dc smtp connected address=127.0.0.1 host=localhost
> debug: aliases_virtual_get: 'bob' resolved to 1 nodes
> debug: aliases_virtual_get: 'bob' resolved to 1 nodes
> warn: smtpd: parent_forward_open: /var/mail/bob: No such file or directory
> 

Re: Virtual User handling

2019-08-30 Thread Edgar Pettijohn
On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:
> Hello,
> 
>

Semi complete example at the bottom. I'll leave it to you to reverse translate
to the old syntax. I didn't notice till after I was done and am too lazy to 
change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user' 
keyword that can be used in an action:

 user username
 Specify the username for performing the delivery, to be
 looked up with getpwnam(3).

 This is used for virtual hosting where a single username
 is in charge of handling delivery for all virtual users.

 This option is not usable with the mbox delivery method.

Not sure if its available in whichever version you are using, but may make 
things easier enough to warrant an upgrade.
 
> While trying to learn opensmtpd, amongst other things I am struggeling with
> the virtual user handling - for a non virtual domain setup.
> 
> From what I have been able to understand so far it seems, as if there is no
> way to deliver mails to a lmtp socket, if there is not at least some
> reference/mapping to a system user?
> 
> accept from any for domain "example.com" recipient  alias 
> deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody
> 
> where vusers contains:

vusers would need to be `key => value' pairs

> b...@example.com

This is a list. More suitable for a vdomains table.

> 
> However, despite being listed in vusers, when trying to send a mail to bob,
> it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
> makes it work. But then I do not need the vusers table, so I am wondering,
> is it possible to get along without the need for a system user?
> Now the man page mentions a userbase parameter, and I assume, the according
> table has to be in the format of the userinfo table mentioned in tables(5)?
> What then effectively again refers to a system user - just with a mapping in
> between.
> 
> My attempts with a single userlist instead so far either resulted in a
> 'invalid use of table "susers" as USERBASE parameter' or simply a syntax
> error.
> 
> Is that assumption correct? Is there no way of keeping virtual users
> completely off the system or did I get something terribly wrong? Even when
> not using mbox/Maildir at all, where this requirement could make sense?
>

They are off the system, but some real user has to own the mailbox, etc...
 
> And since user filtering will eventually be done at an earlier stage, I
> would like smtpd to be able to unconditionally forward any mail unaltered
> (except aliases) to the lmtp socket.
> 
> So, in addition to bob@example as for the tests com I would like to be able
> to use *@example.com or just example.com to not do any user checking at all.
> Depending on the syntax requirements.
> 
> Is it possible to deactivate the user checking one way or the other?

you could use a catchall

/etc/mail/vusers

@   catchall

> 
> Thanks for any insight or heads up on what I may have missed or
> misunderstood.
> 
> 
> Ede
>

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m
chown -R vmail.vmail /var/vmail

/etc/mail/userinfo

bob 5000:5000:/var/vmail/bob

/etc/mail/vusers

b...@example.combob

/etc/mail/smtpd.conf snippet

action "a01" lmtp "/var/cyrus/lmtp" rcpt-to  userbase  virtual 
 
# may need to finesse the above. I'm not using cyrus or userbase table, so not 
100 percent
# sure if it will work as is.

match from all for domain  action "a01"

it sorta works...
deathstar$ telnet localhost 25 
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 deathstar.my.domain ESMTP OpenSMTPD
ehlo p.com
250-deathstar.my.domain Hello p.com [127.0.0.1], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250 HELP
mail from:
250 2.0.0 Ok
rcpt to: 
250 2.1.5 Destination address valid: Recipient ok
data
354 Enter mail, end with "." on a line by itself
to: u
from: me

hi bob.

.
250 2.0.0 0a7d910f Message accepted for delivery

a19e5552f2afe6dc smtp connected address=127.0.0.1 host=localhost
debug: aliases_virtual_get: 'bob' resolved to 1 nodes
debug: aliases_virtual_get: 'bob' resolved to 1 nodes
warn: smtpd: parent_forward_open: /var/mail/bob: No such file or directory
smtp: 0x1903053fd000: fd 13 from queue
smtp: 0x1903053fd000: message fd 13
smtp: 0x1903053fd000: message begin
debug: 0x19034b71f000: adding Date
debug: 0x19034b71f000: adding Message-ID
debug: 0x1903053fd000: end of message, error=0
a19e5552f2afe6dc smtp message msgid=0a7d910f size=335 nrcpt=1 proto=ESMTP
a19e5552f2afe6dc smtp envelope evpid=0a7d910fa2469b23 
from= to=
debug: scheduler: evp:0a7d910fa2469b23 scheduled (mda)
mda: new user a19e5554bded3360 for "userinfo:bob" delivering as "root"
debug: lka: userinfo userinfo:bob
debug: mda: new session a19e20bf2fa5 for user "userinfo:bob" evpid 
0a7d910fa2469b23
debug: mda: no more envelope for "userinfo:bob"
debug: