Re: Virtual user and domain setup
Thanks for the follow-up. I was planning on eventually switching to dovecot for delivery. Thank you for figuring out that part! -Andy On 4/7/2020 11:01 AM, Leo Unglaub wrote: Hey, thank you s much for that snippet. I think i finally understood it and it works now. I had to addapt your config a little bit but it works now. I use basically your config with the action changed to the following: action "local-lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual At first i give it a try without the rcpt-to option to lmtp, but without that Dovecot always rejected the email for the user "vmail". But now with the rcpt-to it works perfectly. Thank you all so much for the help and greetings from Vienna Leo Am 07.04.2020 um 01:36 schrieb Andrew Swartz: This is one possible configuration which should do that which I think you are describing: - table vdomains file:/etc/mail/table_vmail_domains table vaddr file:/etc/mail/table_vmail_addresses table vmailstub { '@' = vmail } action "deliver_vmail" maildir "/home/vmail/domains/%{rcpt.domain:lowercase}/%{rcpt.user:lowercase|strip}" virtual match from any for domain rcpt-to action "deliver_vmail" - This setup accepts mail ONLY for virtual accounts and delivers it to a typical "vpopmail" maildir structure: "/home/vmail/domain/name" You must create a system user "vmail" which does not receive any mail but is just the home folder for the mailboxes and the user for permission to deliver the mail. Automate making the domains file with a script which extracts the unique domains from the addresses file. The redundancy here is due to the smtpd.conf requirements (i.e. not because I think it's cool to have both domain and email address files). If it's not clear, I can elaborate on how it works.
Re: Virtual user and domain setup
Hey, thank you s much for that snippet. I think i finally understood it and it works now. I had to addapt your config a little bit but it works now. I use basically your config with the action changed to the following: action "local-lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual At first i give it a try without the rcpt-to option to lmtp, but without that Dovecot always rejected the email for the user "vmail". But now with the rcpt-to it works perfectly. Thank you all so much for the help and greetings from Vienna Leo Am 07.04.2020 um 01:36 schrieb Andrew Swartz: This is one possible configuration which should do that which I think you are describing: - table vdomains file:/etc/mail/table_vmail_domains table vaddr file:/etc/mail/table_vmail_addresses table vmailstub { '@' = vmail } action "deliver_vmail" maildir "/home/vmail/domains/%{rcpt.domain:lowercase}/%{rcpt.user:lowercase|strip}" virtual match from any for domain rcpt-to action "deliver_vmail" - This setup accepts mail ONLY for virtual accounts and delivers it to a typical "vpopmail" maildir structure: "/home/vmail/domain/name" You must create a system user "vmail" which does not receive any mail but is just the home folder for the mailboxes and the user for permission to deliver the mail. Automate making the domains file with a script which extracts the unique domains from the addresses file. The redundancy here is due to the smtpd.conf requirements (i.e. not because I think it's cool to have both domain and email address files). If it's not clear, I can elaborate on how it works.
Re: Virtual user and domain setup
This is one possible configuration which should do that which I think you are describing: - table vdomains file:/etc/mail/table_vmail_domains table vaddr file:/etc/mail/table_vmail_addresses table vmailstub { '@' = vmail } action "deliver_vmail" maildir "/home/vmail/domains/%{rcpt.domain:lowercase}/%{rcpt.user:lowercase|strip}" virtual match from any for domain rcpt-to action "deliver_vmail" - This setup accepts mail ONLY for virtual accounts and delivers it to a typical "vpopmail" maildir structure: "/home/vmail/domain/name" You must create a system user "vmail" which does not receive any mail but is just the home folder for the mailboxes and the user for permission to deliver the mail. Automate making the domains file with a script which extracts the unique domains from the addresses file. The redundancy here is due to the smtpd.conf requirements (i.e. not because I think it's cool to have both domain and email address files). If it's not clear, I can elaborate on how it works. -Andy On 4/5/2020 4:24 AM, Leo Unglaub wrote: Hey, first of all i want to thank you all for your work on OpenSMTPD over all those years. It has powered my one domain very well over all those years. But now i have a problem with setting up virtual domains and users. My goal is the following. I have the following domains: foo.com bar.com With those domains i have the following email addresses: us...@foo.com us...@foo.com us...@bar.com us...@bar.com But all those users dont exist on my machine as real users. I just want to recieve emails for those accounts and process them via lmtp to dovecot. So my action basically looks like that: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" But when i trace the lookup from the smtpd i get the following: b4e62ea90ed6c91d smtp connected address=local host=foo.com lookup: match "local" as NETADDR in table static: -> true lookup: match "foo.com" as DOMAIN in table static: -> true rule #1 matched: match from any for any action local_lmtp_deliver lookup: lookup "user1" as USERINFO in table getpwnam: -> none b4e62ea90ed6c91d smtp failed-command command="RCPT TO: " result="550 Invalid recipient: " b4e62ea90ed6c91d smtp disconnected reason=disconnect debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 For some reason the user1 part is still getting resolved as a real user on the system. I read on the man page and found the "user username" option for the action. I did the following: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" rcpt-to user "dovecot-worker" dovecot-worker is the account used by dovecot to handle all the email storage in /var/vmail. But i get the same error. So i guess i am doing it all wrong. Could someone please be so kind and give me a hint in the right direction how the virtual user stuff is working in OpenSMTPD. Because i think i am lost here. I am doing something completely wrong. I am on the latest OpenBSD release (including all syspatch). Thanks so much! Greetings Leo
Re: Virtual user and domain setup
Hi Leo, the userinfo table contains all "virtual users" (respectively usernames of dovecot imap-accounts). See example tables: == userinfo table virtualuser1 1010:1010:/home/vmail virtualuser2 1010:1010:/home/vmail virtualuser3 1010:1010:/home/vmail == == virtuals table i...@mydomain.de virtualuser1 supp...@mydomain.de virtualuser1 buchhalt...@mydomain.de virtualuser2 i...@otherdomain.com virtualuser3 supp...@otherdomain.com virtualuser3 == == recipients table i...@mydomain.de supp...@mydomain.de buchhalt...@mydomain.de i...@otherdomain.com supp...@otherdomain.com == I dont know why userbase/user is required for delivery via LMTP. But that should work. Best regards Kai Am 05.04.2020 um 18:54 schrieb Leo Unglaub: Hey, thank you for your response. I have a question to your workaround. In the userinfo table, did you specify every email address in there that is a virtual address? Or did you define the user that does the LMTP deliver to dovecot? Also, would you mind pasting an example from your recipients and virtuals table? So i could check against my stuff? Maybe i messed the format up somewhere. Thanks so much and greetings Leo Am 05.04.2020 um 15:57 schrieb Kai Stammer: Hi all, i have the same problem. My current workaround is to use a userbase-table: action "inbound" lmtp 127.0.0.1:24 virtual userbase Instead of: action "inbound" lmtp 127.0.0.1:24 virtual user "vmail" == userinfo table virtualuser1 1010:1010:/home/vmail virtualuser2 1010:1010:/home/vmail virtualuser3 1010:1010:/home/vmail == Configuration file (FreeBSD 12.1 - OpenSMTPD 6.6.4p1): # === General === # queue ttl 1h smtp max-message-size 120M # === TLS Certificates === # pki mydomain.de cert "fullchain.pem" pki mydomain.de key "privkey.pem" # === Tables === # table recipients file:/usr/local/etc/mail/tables/recipients table outgoing file:/usr/local/etc/mail/tables/outgoing table credentials file:/usr/local/etc/mail/tables/credentials table virtuals file:/usr/local/etc/mail/tables/virtuals table userinfo file:/usr/local/etc/mail/tables/userinfo # === Filter === # filter no_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" filter no_rdns phase connect match !rdns disconnect "550 no valid rdns entry" filter no_fcrdns phase connect match !fcrdns disconnect "550 no valid fcrdns entry" # === Listen === # listen on em1 inet4 port smtp tls pki mydomain.de filter { no_dyndns, no_rdns, no_fcrdns } listen on em1 inet4 port submission tls-require auth senders pki mydomain.de # === Actions === # action "inbound" lmtp 127.0.0.1:24 virtual userbase action "outbound" relay # === Handle Messages === # match from any for any rcpt-to action "inbound" match from any auth for any action "outbound" Am 05.04.2020 um 15:54 schrieb Leo Unglaub: Hey, thank you for your help. I am going to describe my goal a little bit different, maybe it gets clearer when i do. I am trying to have a list of email accounts that OpenSMTPD recieves emails for and sends to Dovecot via lmtp without having the email accounts as real system accounts on that server. Currently there is a Postfix running for that usecase and in there i have virtual maps for those cases: - virtual_mailbox_maps - virtual_mailbox_domains But i want to switch that server from Postfix to OpenSMTPD because i like OpenSMTPD much more and it comes with OpenBSD in base. So i am looking for a way to recieve emails for accounts that dont have a system account on that server and just send them to Dovecot. An alias map is not helping me here because i cannot say us...@foo.com: us...@foo.com As far as i understand it, that would create a loop. Thanks and greetings Leo Am 05.04.2020 um 14:35 schrieb Tassilo Philipp: I might be misunderstanding what you are trying to achieve, but it sounds to me that you need mail aliases. Check the "alias" option of "action", and also the section "Aliasing tables" in table(5). hth
Re: Virtual user and domain setup
Hey, thank you for your response. I have a question to your workaround. In the userinfo table, did you specify every email address in there that is a virtual address? Or did you define the user that does the LMTP deliver to dovecot? Also, would you mind pasting an example from your recipients and virtuals table? So i could check against my stuff? Maybe i messed the format up somewhere. Thanks so much and greetings Leo Am 05.04.2020 um 15:57 schrieb Kai Stammer: Hi all, i have the same problem. My current workaround is to use a userbase-table: action "inbound" lmtp 127.0.0.1:24 virtual userbase Instead of: action "inbound" lmtp 127.0.0.1:24 virtual user "vmail" == userinfo table virtualuser1 1010:1010:/home/vmail virtualuser2 1010:1010:/home/vmail virtualuser3 1010:1010:/home/vmail == Configuration file (FreeBSD 12.1 - OpenSMTPD 6.6.4p1): # === General === # queue ttl 1h smtp max-message-size 120M # === TLS Certificates === # pki mydomain.de cert "fullchain.pem" pki mydomain.de key "privkey.pem" # === Tables === # table recipients file:/usr/local/etc/mail/tables/recipients table outgoing file:/usr/local/etc/mail/tables/outgoing table credentials file:/usr/local/etc/mail/tables/credentials table virtuals file:/usr/local/etc/mail/tables/virtuals table userinfo file:/usr/local/etc/mail/tables/userinfo # === Filter === # filter no_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" filter no_rdns phase connect match !rdns disconnect "550 no valid rdns entry" filter no_fcrdns phase connect match !fcrdns disconnect "550 no valid fcrdns entry" # === Listen === # listen on em1 inet4 port smtp tls pki mydomain.de filter { no_dyndns, no_rdns, no_fcrdns } listen on em1 inet4 port submission tls-require auth senders pki mydomain.de # === Actions === # action "inbound" lmtp 127.0.0.1:24 virtual userbase action "outbound" relay # === Handle Messages === # match from any for any rcpt-to action "inbound" match from any auth for any action "outbound" Am 05.04.2020 um 15:54 schrieb Leo Unglaub: Hey, thank you for your help. I am going to describe my goal a little bit different, maybe it gets clearer when i do. I am trying to have a list of email accounts that OpenSMTPD recieves emails for and sends to Dovecot via lmtp without having the email accounts as real system accounts on that server. Currently there is a Postfix running for that usecase and in there i have virtual maps for those cases: - virtual_mailbox_maps - virtual_mailbox_domains But i want to switch that server from Postfix to OpenSMTPD because i like OpenSMTPD much more and it comes with OpenBSD in base. So i am looking for a way to recieve emails for accounts that dont have a system account on that server and just send them to Dovecot. An alias map is not helping me here because i cannot say us...@foo.com: us...@foo.com As far as i understand it, that would create a loop. Thanks and greetings Leo Am 05.04.2020 um 14:35 schrieb Tassilo Philipp: I might be misunderstanding what you are trying to achieve, but it sounds to me that you need mail aliases. Check the "alias" option of "action", and also the section "Aliasing tables" in table(5). hth
Re: Virtual user and domain setup
Hi all, i have the same problem. My current workaround is to use a userbase-table: action "inbound" lmtp 127.0.0.1:24 virtual userbase Instead of: action "inbound" lmtp 127.0.0.1:24 virtual user "vmail" == userinfo table virtualuser1 1010:1010:/home/vmail virtualuser2 1010:1010:/home/vmail virtualuser3 1010:1010:/home/vmail == Configuration file (FreeBSD 12.1 - OpenSMTPD 6.6.4p1): # === General === # queue ttl 1h smtp max-message-size 120M # === TLS Certificates === # pki mydomain.de cert "fullchain.pem" pki mydomain.de key "privkey.pem" # === Tables === # table recipients file:/usr/local/etc/mail/tables/recipients table outgoing file:/usr/local/etc/mail/tables/outgoing table credentials file:/usr/local/etc/mail/tables/credentials table virtuals file:/usr/local/etc/mail/tables/virtuals table userinfo file:/usr/local/etc/mail/tables/userinfo # === Filter === # filter no_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" filter no_rdns phase connect match !rdns disconnect "550 no valid rdns entry" filter no_fcrdns phase connect match !fcrdns disconnect "550 no valid fcrdns entry" # === Listen === # listen on em1 inet4 port smtp tls pki mydomain.de filter { no_dyndns, no_rdns, no_fcrdns } listen on em1 inet4 port submission tls-require auth senders pki mydomain.de # === Actions === # action "inbound" lmtp 127.0.0.1:24 virtual userbase action "outbound" relay # === Handle Messages === # match from any for any rcpt-to action "inbound" match from any auth for any action "outbound" Am 05.04.2020 um 15:54 schrieb Leo Unglaub: Hey, thank you for your help. I am going to describe my goal a little bit different, maybe it gets clearer when i do. I am trying to have a list of email accounts that OpenSMTPD recieves emails for and sends to Dovecot via lmtp without having the email accounts as real system accounts on that server. Currently there is a Postfix running for that usecase and in there i have virtual maps for those cases: - virtual_mailbox_maps - virtual_mailbox_domains But i want to switch that server from Postfix to OpenSMTPD because i like OpenSMTPD much more and it comes with OpenBSD in base. So i am looking for a way to recieve emails for accounts that dont have a system account on that server and just send them to Dovecot. An alias map is not helping me here because i cannot say us...@foo.com: us...@foo.com As far as i understand it, that would create a loop. Thanks and greetings Leo Am 05.04.2020 um 14:35 schrieb Tassilo Philipp: I might be misunderstanding what you are trying to achieve, but it sounds to me that you need mail aliases. Check the "alias" option of "action", and also the section "Aliasing tables" in table(5). hth
Re: Virtual user and domain setup
Hey, of course i can share my entire config. Its from a fresh start and i keept it as simple as possible. ## ## Queue ## queue compression queue encryption <32 char passphrase> ## ## Tables ## table aliases file:/etc/mail/aliases table passwd file:/etc/mail/yace-passwd ## ## PKI ## pki "mail.foo.com" cert "/etc/ssl/mail.foo.com.crt" pki "mail.foo.com" key "/etc/ssl/private/mail.foo.com.key" pki "mail.bar.com" cert "/etc/ssl/mail.bar.com.crt" pki "mail.bar.com" key "/etc/ssl/private/mail.bar.com.key" smtp max-message-size 80M ## ## Listen ## listen on lo0 listen on egress tls pki "mail.foo.com" auth hostname "mail.foo.com" ## ## Actions ## action "outbound" relay action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" user "dovecot-worker" ## ## Matches ## match from any for any action local_lmtp_deliver match for any action outbound I have read Gilles article multiple times and also all other articles i found on the topic. But it seams to me that i understand the http://man.openbsd.org/smtpd.conf#user option wrong or it does not work as i understand it. All articles i found asume that you have a system account at the end of the process that handles the email somehow. But since i am sending it to Dovecot via lmtp i dont need a real system account for every email account because Dovecot just has its own /etc/dovecot/virtual-passwd file. Thanks so much for your help! Leo Am 05.04.2020 um 14:46 schrieb Matt Schwartz: Hi Leo, Would you mind sharing your full configuration file? Without this, I am stuck on how to help you. I have done a lot with virtual users and domains so I think I can help. You could also see Gilles Chehade's article, https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/. It's very well written. Best, Matt
Re: Virtual user and domain setup
Hey, thank you for your help. I am going to describe my goal a little bit different, maybe it gets clearer when i do. I am trying to have a list of email accounts that OpenSMTPD recieves emails for and sends to Dovecot via lmtp without having the email accounts as real system accounts on that server. Currently there is a Postfix running for that usecase and in there i have virtual maps for those cases: - virtual_mailbox_maps - virtual_mailbox_domains But i want to switch that server from Postfix to OpenSMTPD because i like OpenSMTPD much more and it comes with OpenBSD in base. So i am looking for a way to recieve emails for accounts that dont have a system account on that server and just send them to Dovecot. An alias map is not helping me here because i cannot say us...@foo.com: us...@foo.com As far as i understand it, that would create a loop. Thanks and greetings Leo Am 05.04.2020 um 14:35 schrieb Tassilo Philipp: I might be misunderstanding what you are trying to achieve, but it sounds to me that you need mail aliases. Check the "alias" option of "action", and also the section "Aliasing tables" in table(5). hth
Re: Virtual user and domain setup
Hi Leo, Would you mind sharing your full configuration file? Without this, I am stuck on how to help you. I have done a lot with virtual users and domains so I think I can help. You could also see Gilles Chehade's article, https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/. It's very well written. Best, Matt On Sun, Apr 5, 2020 at 8:25 AM Leo Unglaub wrote: > Hey, > first of all i want to thank you all for your work on OpenSMTPD over all > those years. It has powered my one domain very well over all those > years. But now i have a problem with setting up virtual domains and users. > > My goal is the following. I have the following domains: > > > foo.com > > bar.com > > With those domains i have the following email addresses: > > > us...@foo.com > > us...@foo.com > > us...@bar.com > > us...@bar.com > > But all those users dont exist on my machine as real users. I just want > to recieve emails for those accounts and process them via lmtp to > dovecot. So my action basically looks like that: > > > action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" > > But when i trace the lookup from the smtpd i get the following: > > > b4e62ea90ed6c91d smtp connected address=local host=foo.com > > lookup: match "local" as NETADDR in table static: -> true > > lookup: match "foo.com" as DOMAIN in table static: -> > true > > rule #1 matched: match from any for any action local_lmtp_deliver > > lookup: lookup "user1" as USERINFO in table getpwnam: -> none > > b4e62ea90ed6c91d smtp failed-command command="RCPT TO: " > result="550 Invalid recipient: " > > b4e62ea90ed6c91d smtp disconnected reason=disconnect > > debug: control -> client: pipe closed > > debug: clearing p=client, fd=11, pid=0 > > For some reason the user1 part is still getting resolved as a real user > on the system. I read on the man page and found the "user username" > option for the action. I did the following: > > > action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" rcpt-to user > "dovecot-worker" > dovecot-worker is the account used by dovecot to handle all the email > storage in /var/vmail. But i get the same error. > > So i guess i am doing it all wrong. Could someone please be so kind and > give me a hint in the right direction how the virtual user stuff is > working in OpenSMTPD. Because i think i am lost here. I am doing > something completely wrong. > > I am on the latest OpenBSD release (including all syspatch). > > Thanks so much! > Greetings > Leo > >
Re: Virtual user and domain setup
I might be misunderstanding what you are trying to achieve, but it sounds to me that you need mail aliases. Check the "alias" option of "action", and also the section "Aliasing tables" in table(5). hth On Sun, Apr 05, 2020 at 02:24:01PM +0200, Leo Unglaub wrote: Hey, first of all i want to thank you all for your work on OpenSMTPD over all those years. It has powered my one domain very well over all those years. But now i have a problem with setting up virtual domains and users. My goal is the following. I have the following domains: foo.com bar.com With those domains i have the following email addresses: us...@foo.com us...@foo.com us...@bar.com us...@bar.com But all those users dont exist on my machine as real users. I just want to recieve emails for those accounts and process them via lmtp to dovecot. So my action basically looks like that: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" But when i trace the lookup from the smtpd i get the following: b4e62ea90ed6c91d smtp connected address=local host=foo.com lookup: match "local" as NETADDR in table static: -> true lookup: match "foo.com" as DOMAIN in table static: -> true rule #1 matched: match from any for any action local_lmtp_deliver lookup: lookup "user1" as USERINFO in table getpwnam: -> none b4e62ea90ed6c91d smtp failed-command command="RCPT TO: " result="550 Invalid recipient: " b4e62ea90ed6c91d smtp disconnected reason=disconnect debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 For some reason the user1 part is still getting resolved as a real user on the system. I read on the man page and found the "user username" option for the action. I did the following: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" rcpt-to user "dovecot-worker" dovecot-worker is the account used by dovecot to handle all the email storage in /var/vmail. But i get the same error. So i guess i am doing it all wrong. Could someone please be so kind and give me a hint in the right direction how the virtual user stuff is working in OpenSMTPD. Because i think i am lost here. I am doing something completely wrong. I am on the latest OpenBSD release (including all syspatch). Thanks so much! Greetings Leo
Virtual user and domain setup
Hey, first of all i want to thank you all for your work on OpenSMTPD over all those years. It has powered my one domain very well over all those years. But now i have a problem with setting up virtual domains and users. My goal is the following. I have the following domains: foo.com bar.com With those domains i have the following email addresses: us...@foo.com us...@foo.com us...@bar.com us...@bar.com But all those users dont exist on my machine as real users. I just want to recieve emails for those accounts and process them via lmtp to dovecot. So my action basically looks like that: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" But when i trace the lookup from the smtpd i get the following: b4e62ea90ed6c91d smtp connected address=local host=foo.com lookup: match "local" as NETADDR in table static: -> true lookup: match "foo.com" as DOMAIN in table static: -> true rule #1 matched: match from any for any action local_lmtp_deliver lookup: lookup "user1" as USERINFO in table getpwnam: -> none b4e62ea90ed6c91d smtp failed-command command="RCPT TO: " result="550 Invalid recipient: " b4e62ea90ed6c91d smtp disconnected reason=disconnect debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 For some reason the user1 part is still getting resolved as a real user on the system. I read on the man page and found the "user username" option for the action. I did the following: action "local_lmtp_deliver" lmtp "/var/dovecot/lmtp" rcpt-to user "dovecot-worker" dovecot-worker is the account used by dovecot to handle all the email storage in /var/vmail. But i get the same error. So i guess i am doing it all wrong. Could someone please be so kind and give me a hint in the right direction how the virtual user stuff is working in OpenSMTPD. Because i think i am lost here. I am doing something completely wrong. I am on the latest OpenBSD release (including all syspatch). Thanks so much! Greetings Leo