* pjs <s...@wilysloth.com> [13/08/24 12:57] wrote: > This seems like what is needed to relay messages received on 587 to the > relevant smarthost. > > #----------------------------------------------------------------------------- > action "relay_msmtp" mda "msmtp -t --read-envelope-from" > match from any auth for any action "relay_msmtp" > #----------------------------------------------------------------------------- > > And it works! However, mail can only be sent to email addresses starting with > the Linux username used for authentication.
Some further investigation: #----------------------------------------------------------------------------- pki debian.lan cert "/etc/smtpd/smtpd.crt" pki debian.lan key "/etc/smtpd/smtpd.key" table aliases file:/etc/aliases table secrets file:/etc/smtpd/secrets listen on 0.0.0.0 port 587 tls-require pki debian.lan auth action "local" maildir "%{user.directory}/mail/local" alias <aliases> # This action fails with "550 Invalid recipient" #action "relay_msmtp" mda "msmtp -t --read-envelope-from" # This action succeeds action "relay_msmtp" relay host smtp+tls://t...@example.com auth <secrets> match from any for local action "local" match from any for any action "relay_msmtp" #----------------------------------------------------------------------------- # This action fails with 550 Invalid Recipient info: OpenSMTPD 7.4.0-portable starting smtp connected address=127.0.0.1 host=localhost smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 smtp authentication user=tc result=ok smtp failed-command command="RCPT TO:<f...@example.com>" result="550 Invalid recipient: <f...@example.com>" smtp disconnected reason=disconnect # This action succeeds info: OpenSMTPD 7.4.0-portable starting smtp connected address=127.0.0.1 host=localhost smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 smtp authentication user=tc result=ok smtp message msgid=608e98f7 size=476 nrcpt=1 proto=ESMTP smtp envelope evpid=608e98f7a51df5a3 from=<t...@example.com> to=<f...@example.com> smtp disconnected reason=quit mta connecting address=... mta connected It is the "action", not the "natch", that affects "550 Invalid recipient" which seems at odds with this part of the manual: > When mail arrives, each “RCPT TO:” command generates a mail envelope. If an > envelope matches any of a pre-designated set of criteria (using the match > directive), the message is accepted for delivery. A copy of the message, as > well as its associated envelopes, is saved in the mail queue and later > dispatched according to an associated set of actions (using the action > directive). If an envelope does not match any options, it is rejected. The > match rules are evaluated sequentially, with the first match winning. Simpifying further by removing "auth" from "listen" and "match": #----------------------------------------------------------------------------- pki debian.lan cert "/etc/smtpd/smtpd.crt" pki debian.lan key "/etc/smtpd/smtpd.key" table aliases file:/etc/aliases table secrets file:/etc/smtpd/secrets listen on 0.0.0.0 port 587 tls pki debian.lan action "local" maildir "%{user.directory}/mail/local" alias <aliases> # This action fails with "550 Invalid recipient" action "relay_msmtp" mda "msmtp -t --read-envelope-from" match from any for local action "local" match from any for any action "relay_msmtp" #----------------------------------------------------------------------------- info: OpenSMTPD 7.4.0-portable starting smtp connected address=127.0.0.1 host=localhost smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 smtp failed-command command="RCPT TO:<f...@example.com>" result="550 Invalid recipient: <f...@example.com>" smtp disconnected reason=disconnect What checking is "mda" doing to reject the mail?