Hi [2024-09-21 01:23] Bambero <bamb...@gmail.com> > I'm struggling with integrating OpenSMTPD with an LDAP backend to verify > users based on their full email addresses. Despite using the rcpt-to > option in my LMTP configuration,
The rcpt-to option in the lmtp action is only for the address used inside the lmtp protocoll. It has nothing to do with table-requests. > OpenSMTPD seems to only check the local > part of the email address (e.g., user instead of u...@example.com) > against the LDAP directory. > > My OpenSMTPD Configuration (/etc/mail/smtpd.conf): > > table localdomains file:/etc/mail/localdomains > table users ldap:///etc/mail/ldapusers.conf > > listen on 127.0.0.1 port 587 > > action "local_mail" lmtp "/var/dovecot/lmtp" rcpt-to > > match from any for domain <localdomains> action "local_mail" > match from local for any action "outbound" Could you include your ldapusers.conf? > In the debug logs, I see OpenSMTPD querying LDAP with only the local > part of the email (uid=test), instead of the full email address > (uid=t...@example.org). As a result, valid email addresses are not being > found in the LDAP directory, and I'm getting a "550 Invalid recipient" > error. > > users[9900]: debug: table_ldap: ldap_query: > filter=(&(objectclass=posixaccount)(uid=test)), ret=0 > users[9900]: debug: table_ldap: ldap_query: > filter=(&(objectclass=posixaccount)(uid=test)), ret=0 > lookup: lookup "test" as USERINFO in table proc:users -> none > expand: lka_expand: user-part does not match system user > smtp: 0x7d457d83000: >>> 550 Invalid recipient: <t...@example.org> Your config doesn't use the "users" table so the table isn't queried. Have you included an old version of your config? > Has anyone encountered similar issues with OpenSMTPD not using the full > email address for LDAP queries? Is there a workaround or configuration > adjustment that I’m missing to make OpenSMTPD use the full address for > user verification? The "uid" attribute for mail sounds wrong, you might want to use the "mail" attribute. But with this limited information it's not possible to say what's wrong with your config. Can you explain a bit better what you want to achieve and how your ldap schema looks like? Philipp > Any help or pointers would be greatly appreciated! > > Best regards, > Bambero >
