Re: Virtual domains & Virtual Users...
Try removing "rcpt-to " from the 2nd match line and see what happens. I put it there because, in my setup, that is the only thing which prevents accepting mail for a valid virtual domain but invalid name. But your setup has a subsequent mapping lookup in the action line which may (or may not) accomplish the same behavior. I'm fairly confident that if you remove "rcpt-to " smtpd will correctly receive and deliver mail with a valid virtual domain AND valid name (because the address is present in ). But I'm unsure what will occur if the match line accepts the mail because the domain is valid but then the mapping lookup in the action line fails because the name is invalid and thus the address is not present in . If you try it without "rcpt-to " in the 2nd match line, make sure you test for a virtual domain with both a valid name and an invalid name. I'm curious to hear the results. -Andy On 11/23/2019 4:51 PM, Implausibility wrote: > With some help from Andrew off-list, he provided a config that works for what > I'm trying to do. It's attached below. Hopefully all you'd need to do to > duplicate my success is search-and-replace example.com for your own primary > (FQDN) mail server domain name (as long as it's called mail.youdomain.com). > > The secret is that there needs to be two tables -- one with a list of eMail > addresses to accept, and one that maps the accepted eMail addresses to a > local user mailbox. > > I'd prefer if this was more streamlined, so I didn't need to maintain two > separate lists, but I'm sure I can script around it. Any refinements would > be greatly appreciated. :D > > Thanks again Andrew! > > # ** > # $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $ > > # This is the smtpd server system-wide configuration file. > # See smtpd.conf(5) for more information. > > table aliases file:/etc/mail/aliases > table domains db:/etc/mail/domains.db > table vusers_list file:/etc/mail/vusers_list > table vusers_map file:/etc/mail/vusers_map > > action "local_mail" maildir junk alias > action "vusers_deliver" maildir junk virtual > action "outbound" relay helo mail.example.com > > pki mail.example.com cert "/etc/ssl/mail.example.comfullchain.pem" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > filter check_dyndns phase connect match rdns regex { > '.*\.dyn\..*','.*\.dsl\..*' } \ > disconnect "550 you look like a spammer" > > filter check_rdns phase connect match !rdns \ > disconnect "550 you look like a spammer" > > filter check_fcrdns phase connect match !fcrdns \ > disconnect "550 you look like a spammer" > > filter senderscore \ > proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor > 5000" > > filter rspamd proc-exec "filter-rspamd" > > listen on all tls pki mail.example.com \ > filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } > > listen on all port submission tls-require pki mail.example.com auth filter > rspamd > > match from any for domain "mail.example.com" action "local_mail" > match from any for domain rcpt-to action > "vusers_deliver" > match for local action "local_mail" > > match from any auth for any action "outbound" > match for any action "outbound" > > > > >
Re: Virtual domains & Virtual Users...
With some help from Andrew off-list, he provided a config that works for what I'm trying to do. It's attached below. Hopefully all you'd need to do to duplicate my success is search-and-replace example.com for your own primary (FQDN) mail server domain name (as long as it's called mail.youdomain.com). The secret is that there needs to be two tables -- one with a list of eMail addresses to accept, and one that maps the accepted eMail addresses to a local user mailbox. I'd prefer if this was more streamlined, so I didn't need to maintain two separate lists, but I'm sure I can script around it. Any refinements would be greatly appreciated. :D Thanks again Andrew! # ** # $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. table aliases file:/etc/mail/aliases table domains db:/etc/mail/domains.db table vusers_list file:/etc/mail/vusers_list table vusers_map file:/etc/mail/vusers_map action "local_mail" maildir junk alias action "vusers_deliver" maildir junk virtual action "outbound" relay helo mail.example.com pki mail.example.com cert "/etc/ssl/mail.example.comfullchain.pem" pki mail.example.com key "/etc/ssl/private/mail.example.com.key" filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*','.*\.dsl\..*' } \ disconnect "550 you look like a spammer" filter check_rdns phase connect match !rdns \ disconnect "550 you look like a spammer" filter check_fcrdns phase connect match !fcrdns \ disconnect "550 you look like a spammer" filter senderscore \ proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000" filter rspamd proc-exec "filter-rspamd" listen on all tls pki mail.example.com \ filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } listen on all port submission tls-require pki mail.example.com auth filter rspamd match from any for domain "mail.example.com" action "local_mail" match from any for domain rcpt-to action "vusers_deliver" match for local action "local_mail" match from any auth for any action "outbound" match for any action "outbound"
Re: Virtual domains & Virtual Users...
>> In order to get virtual users working, I've added three lines to the config: >> >>> table vusers file:/etc/mail/vusers >>> action "vusers" maildir junk virtual >>> match from any for domain rcpt-to virtual action "vusers" > > your match rule is not correct, I'm not sure what you want to do: I want to accept mail for any of my virtual domains, for eMail addresses described in the vusers table (which contains a full eMail address (us...@example2.com) followed by whitespace, and the local user whose mailbox it should be delivered to. > - rcpt-to lacks a table parameter, but I'm unsure if it's even needed here > - virtual can't be in the match rule, it must be in your action, > which is already the case I removed these items, and the error went away, but now I get 550 invalid recipient. I'm sending mail to test...@example2.com (a virtual eMail address at a virtual domain, mapped to an existing local user in the vusers table) from my old postfix mail server, external-mail-server.example.com. Maybe I need to change the order of my match commands? Here's the trace: 5c09782d5c150be6 smtp connected address=xx.xx.xx.xx host=external-mail-server.example.com lookup: match "external-mail-server.example.com" as REGEX in table static: -> false debug: looking up pki "mail.example.com" debug: session_start_ssl: switching to SSL debug: pony: rsae_priv_dec 5c09782d5c150be6 smtp tls ciphers=TLSv1:AES256-SHA:256 smtp: 0x1209188f000: smtp_cert_verify_cb: no-client-cert debug: smtp: SIZE in MAIL FROM command expand: 0xf569a012018: expand_insert() called for address:test...@example2.com[parent=0x0, rule=0x0] expand: 0xf569a012018: inserted node 0xf563c563000 expand: lka_expand: address: test...@example2.com [depth=0] lookup: match "xx.xx.xx.xx" as NETADDR in table static: -> true lookup: match "example2.com" as DOMAIN in table db:domains -> true rule #1 matched: match from any for domain domains action local_mail expand: 0xf569a012018: expand_insert() called for username:testing[parent=0xf563c563000, rule=0xf564fc2c380, dispatcher=0xf570e4aa210] expand: 0xf569a012018: inserted node 0xf5720788000 expand: lka_expand: username: testing [depth=1, sameuser=0] lookup: lookup "testing" as ALIAS in table static:aliases -> none lookup: lookup "testing" as USERINFO in table getpwnam: -> none expand: lka_expand: user-part does not match system user expand: 0xf569a012018: clearing expand tree 5c09782d5c150be6 smtp failed-command command="RCPT TO: ORCPT=rfc822;test...@example2.com" result="550 Invalid recipient: " 5c09782d5c150be6 smtp disconnected reason=quit
Re: Virtual domains & Virtual Users...
Where I said "user virtual" I meant "user vmail". I've not had enough coffee yet. On 11/23/2019 9:23 AM, Andrew Swartz wrote: > As a proof of concept, I have a setup doing that which I think you are > trying to do: > > --- > table vdomains file:/etc/mail/table_vmail_domains > table vaddr file:/etc/mail/table_vmail_addresses > table vmailstub { '@' = vmail } > listen on em0 > action "deliver_vmail" maildir > "/home/vmail/domains/%{rcpt.domain:lowercase}/%{rcpt.user:lowercase|strip}" > virtual > match from any for domain rcpt-to action "deliver_vmail" > --- > > I'm using 6.6.0. For clarity I've included only the pertinent conf > lines. This config is successfully delivering the mail to the > pure-virtual users in the desired directory heirarchy > (/home/vmail/domains/example.com/user). The only places these > pure-virtual users exist is in the "vaddr" table and the directory > heirarchy (they are also in an "auth" table for relaying, but I removed > that for clarity). > > It took me a lot of trial and error to come up with the "virtual > " at the end of the action. It seems like "user virtual" > should go there, but for unclear reasons that yields "** 550 Invalid > recipient"; when I replace "user virtual" with "virtual " > (which always returns "vmail") the mail is accepted (for users in the > vaddr table) and delivered as desired. Not an elegant solution, but it > works. > > I've not installed/integrated dovecot yet. I'm curious about > suggestions for the best way to integrated dovecot and/or manage users > in such a system. > > > -Andy > > > On 11/23/2019 7:08 AM, Implausibility wrote: >> Hi again. >> >> My mail server has been running fine since last weekend, and I'm trying to >> expand its functionality by including the ability to send and receive mail >> for my list of domains, and for eMail addresses which forward to locally >> defined users -- but I can't seem to get it working, and I think the issue >> is my (mis-)understanding of how the match parameter works... >> >> In order to get virtual users working, I've added three lines to the config: >> >>> table vusers file:/etc/mail/vusers >>> action "vusers" maildir junk virtual >>> match from any for domain rcpt-to virtual action "vusers" >> I was able to get mail delivered for local users to my virtual domains >> previously without issue. But I can't get virtual addresses working... >> >> I've tried a half a dozen varieties of the match command, and I keep getting >> 'syntax error', and it doesn't give me any hint as to what exactly the >> problem is. I want to accept eMail from any destination, to the domains >> defined in the domains table, that are sending to recipients listed in the >> vusers table, to deliver them to the maildir for access via Dovecot IMAP. >> >> Any help in getting this working would be appreciated. >> >> Here's my config: >> >>> # $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $ >>> >>> # This is the smtpd server system-wide configuration file. >>> # See smtpd.conf(5) for more information. >>> >>> table aliases file:/etc/mail/aliases >>> table domains db:/etc/mail/domains.db >>> table vusers file:/etc/mail/vusers >>> >>> # To accept external mail, replace with: listen on all >>> # >>> # listen on all >>> >>> action "local_mail" maildir junk alias >>> action "vusers" maildir junk virtual >>> action "outbound" relay helo mail.example.com >>> >>> match from any for domain action "local_mail" >>> match for local action "local_mail" >>> match for any action "outbound" >>> >>> pki mail.hottub.ca cert "/etc/ssl/mail.example.fullchain.pem" >>> pki mail.hottub.ca key "/etc/ssl/private/mail.example.key" >>> >>> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', >>> '.*\.dsl\..*' } \ >>> disconnect "550 you look like a spammer" >>> >>> filter check_rdns phase connect match !rdns \ >>> disconnect "550 you look like a spammer" >>> >>> filter check_fcrdns phase connect match !fcrdns \ >>> disconnect "550 you look like a spammer" >>> >>> filter senderscore \ >>> proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor >>> 5000" >>> >>> filter rspamd proc-exec "filter-rspamd" >>> >>> listen on all tls pki mail.example.ca \ >>> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } >>> >>> listen on all port submission tls-require pki mail.hottub.ca auth filter >>> rspamd >>> >>> match from any for domain "mail.example.ca" action "local_mail" >>> match from any for domain rcpt-to virtual action "vusers" >>> match for local action "local_mail" >>> >>> match from any auth for any action "outbound" >>> match for any action "outbound" >>> >> >
Re: Virtual domains & Virtual Users...
As a proof of concept, I have a setup doing that which I think you are trying to do: --- table vdomains file:/etc/mail/table_vmail_domains table vaddr file:/etc/mail/table_vmail_addresses table vmailstub { '@' = vmail } listen on em0 action "deliver_vmail" maildir "/home/vmail/domains/%{rcpt.domain:lowercase}/%{rcpt.user:lowercase|strip}" virtual match from any for domain rcpt-to action "deliver_vmail" --- I'm using 6.6.0. For clarity I've included only the pertinent conf lines. This config is successfully delivering the mail to the pure-virtual users in the desired directory heirarchy (/home/vmail/domains/example.com/user). The only places these pure-virtual users exist is in the "vaddr" table and the directory heirarchy (they are also in an "auth" table for relaying, but I removed that for clarity). It took me a lot of trial and error to come up with the "virtual " at the end of the action. It seems like "user virtual" should go there, but for unclear reasons that yields "** 550 Invalid recipient"; when I replace "user virtual" with "virtual " (which always returns "vmail") the mail is accepted (for users in the vaddr table) and delivered as desired. Not an elegant solution, but it works. I've not installed/integrated dovecot yet. I'm curious about suggestions for the best way to integrated dovecot and/or manage users in such a system. -Andy On 11/23/2019 7:08 AM, Implausibility wrote: > Hi again. > > My mail server has been running fine since last weekend, and I'm trying to > expand its functionality by including the ability to send and receive mail > for my list of domains, and for eMail addresses which forward to locally > defined users -- but I can't seem to get it working, and I think the issue is > my (mis-)understanding of how the match parameter works... > > In order to get virtual users working, I've added three lines to the config: > >> table vusers file:/etc/mail/vusers >> action "vusers" maildir junk virtual >> match from any for domain rcpt-to virtual action "vusers" > I was able to get mail delivered for local users to my virtual domains > previously without issue. But I can't get virtual addresses working... > > I've tried a half a dozen varieties of the match command, and I keep getting > 'syntax error', and it doesn't give me any hint as to what exactly the > problem is. I want to accept eMail from any destination, to the domains > defined in the domains table, that are sending to recipients listed in the > vusers table, to deliver them to the maildir for access via Dovecot IMAP. > > Any help in getting this working would be appreciated. > > Here's my config: > >> # $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $ >> >> # This is the smtpd server system-wide configuration file. >> # See smtpd.conf(5) for more information. >> >> table aliases file:/etc/mail/aliases >> table domains db:/etc/mail/domains.db >> table vusers file:/etc/mail/vusers >> >> # To accept external mail, replace with: listen on all >> # >> # listen on all >> >> action "local_mail" maildir junk alias >> action "vusers" maildir junk virtual >> action "outbound" relay helo mail.example.com >> >> match from any for domain action "local_mail" >> match for local action "local_mail" >> match for any action "outbound" >> >> pki mail.hottub.ca cert "/etc/ssl/mail.example.fullchain.pem" >> pki mail.hottub.ca key "/etc/ssl/private/mail.example.key" >> >> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', >> '.*\.dsl\..*' } \ >> disconnect "550 you look like a spammer" >> >> filter check_rdns phase connect match !rdns \ >> disconnect "550 you look like a spammer" >> >> filter check_fcrdns phase connect match !fcrdns \ >> disconnect "550 you look like a spammer" >> >> filter senderscore \ >> proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor >> 5000" >> >> filter rspamd proc-exec "filter-rspamd" >> >> listen on all tls pki mail.example.ca \ >> filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } >> >> listen on all port submission tls-require pki mail.hottub.ca auth filter >> rspamd >> >> match from any for domain "mail.example.ca" action "local_mail" >> match from any for domain rcpt-to virtual action "vusers" >> match for local action "local_mail" >> >> match from any auth for any action "outbound" >> match for any action "outbound" >> > >
Re: Virtual domains & Virtual Users...
November 23, 2019 5:08 PM, "Implausibility" wrote: > Hi again. > > My mail server has been running fine since last weekend, and I'm trying to > expand its functionality > by including the ability to send and receive mail for my list of domains, and > for eMail addresses > which forward to locally defined users -- but I can't seem to get it working, > and I think the issue > is my (mis-)understanding of how the match parameter works... > > In order to get virtual users working, I've added three lines to the config: > >> table vusers file:/etc/mail/vusers >> action "vusers" maildir junk virtual >> match from any for domain rcpt-to virtual action "vusers" your match rule is not correct, I'm not sure what you want to do: - rcpt-to lacks a table parameter, but I'm unsure if it's even needed here - virtual can't be in the match rule, it must be in your action, which is already the case > I was able to get mail delivered for local users to my virtual domains > previously without issue. > But I can't get virtual addresses working... > > I've tried a half a dozen varieties of the match command, and I keep getting > 'syntax error', and it > doesn't give me any hint as to what exactly the problem is. I want to accept > eMail from any > destination, to the domains defined in the domains table, that are sending to > recipients listed in > the vusers table, to deliver them to the maildir for access via Dovecot IMAP. >
Virtual domains & Virtual Users...
Hi again. My mail server has been running fine since last weekend, and I'm trying to expand its functionality by including the ability to send and receive mail for my list of domains, and for eMail addresses which forward to locally defined users -- but I can't seem to get it working, and I think the issue is my (mis-)understanding of how the match parameter works... In order to get virtual users working, I've added three lines to the config: > table vusers file:/etc/mail/vusers > action "vusers" maildir junk virtual > match from any for domain rcpt-to virtual action "vusers" I was able to get mail delivered for local users to my virtual domains previously without issue. But I can't get virtual addresses working... I've tried a half a dozen varieties of the match command, and I keep getting 'syntax error', and it doesn't give me any hint as to what exactly the problem is. I want to accept eMail from any destination, to the domains defined in the domains table, that are sending to recipients listed in the vusers table, to deliver them to the maildir for access via Dovecot IMAP. Any help in getting this working would be appreciated. Here's my config: > # $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $ > > # This is the smtpd server system-wide configuration file. > # See smtpd.conf(5) for more information. > > table aliases file:/etc/mail/aliases > table domains db:/etc/mail/domains.db > table vusers file:/etc/mail/vusers > > # To accept external mail, replace with: listen on all > # > # listen on all > > action "local_mail" maildir junk alias > action "vusers" maildir junk virtual > action "outbound" relay helo mail.example.com > > match from any for domain action "local_mail" > match for local action "local_mail" > match for any action "outbound" > > pki mail.hottub.ca cert "/etc/ssl/mail.example.fullchain.pem" > pki mail.hottub.ca key "/etc/ssl/private/mail.example.key" > > filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', > '.*\.dsl\..*' } \ > disconnect "550 you look like a spammer" > > filter check_rdns phase connect match !rdns \ > disconnect "550 you look like a spammer" > > filter check_fcrdns phase connect match !fcrdns \ > disconnect "550 you look like a spammer" > > filter senderscore \ > proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor > 5000" > > filter rspamd proc-exec "filter-rspamd" > > listen on all tls pki mail.example.ca \ > filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } > > listen on all port submission tls-require pki mail.hottub.ca auth filter > rspamd > > match from any for domain "mail.example.ca" action "local_mail" > match from any for domain rcpt-to virtual action "vusers" > match for local action "local_mail" > > match from any auth for any action "outbound" > match for any action "outbound" >