* pjs <s...@wilysloth.com> [13/08/24 12:57] wrote:
> This seems like what is needed to relay messages received on 587 to the
> relevant smarthost.
>
> #-----------------------------------------------------------------------------
> action "relay_msmtp" mda "msmtp -t --read-envelope-from"
> match from any auth for any action "relay_msmtp"
> #-----------------------------------------------------------------------------
>
> And it works! However, mail can only be sent to email addresses starting with
> the Linux username used for authentication.
Some further investigation:
#-----------------------------------------------------------------------------
pki debian.lan cert "/etc/smtpd/smtpd.crt"
pki debian.lan key "/etc/smtpd/smtpd.key"
table aliases file:/etc/aliases
table secrets file:/etc/smtpd/secrets
listen on 0.0.0.0 port 587 tls-require pki debian.lan auth
action "local" maildir "%{user.directory}/mail/local" alias <aliases>
# This action fails with "550 Invalid recipient"
#action "relay_msmtp" mda "msmtp -t --read-envelope-from"
# This action succeeds
action "relay_msmtp" relay host smtp+tls://t...@example.com auth <secrets>
match from any for local action "local"
match from any for any action "relay_msmtp"
#-----------------------------------------------------------------------------
# This action fails with 550 Invalid Recipient
info: OpenSMTPD 7.4.0-portable starting
smtp connected address=127.0.0.1 host=localhost
smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
smtp authentication user=tc result=ok
smtp failed-command command="RCPT TO:<f...@example.com>" result="550 Invalid
recipient: <f...@example.com>"
smtp disconnected reason=disconnect
# This action succeeds
info: OpenSMTPD 7.4.0-portable starting
smtp connected address=127.0.0.1 host=localhost
smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
smtp authentication user=tc result=ok
smtp message msgid=608e98f7 size=476 nrcpt=1 proto=ESMTP
smtp envelope evpid=608e98f7a51df5a3 from=<t...@example.com>
to=<f...@example.com>
smtp disconnected reason=quit
mta connecting address=...
mta connected
It is the "action", not the "natch", that affects "550 Invalid recipient" which
seems at odds with this part of the manual:
> When mail arrives, each “RCPT TO:” command generates a mail envelope. If an
> envelope matches any of a pre-designated set of criteria (using the match
> directive), the message is accepted for delivery. A copy of the message, as
> well as its associated envelopes, is saved in the mail queue and later
> dispatched according to an associated set of actions (using the action
> directive). If an envelope does not match any options, it is rejected. The
> match rules are evaluated sequentially, with the first match winning.
Simpifying further by removing "auth" from "listen" and "match":
#-----------------------------------------------------------------------------
pki debian.lan cert "/etc/smtpd/smtpd.crt"
pki debian.lan key "/etc/smtpd/smtpd.key"
table aliases file:/etc/aliases
table secrets file:/etc/smtpd/secrets
listen on 0.0.0.0 port 587 tls pki debian.lan
action "local" maildir "%{user.directory}/mail/local" alias <aliases>
# This action fails with "550 Invalid recipient"
action "relay_msmtp" mda "msmtp -t --read-envelope-from"
match from any for local action "local"
match from any for any action "relay_msmtp"
#-----------------------------------------------------------------------------
info: OpenSMTPD 7.4.0-portable starting
smtp connected address=127.0.0.1 host=localhost
smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
smtp failed-command command="RCPT TO:<f...@example.com>" result="550 Invalid
recipient: <f...@example.com>"
smtp disconnected reason=disconnect
What checking is "mda" doing to reject the mail?
