Hi First off all: Please reply to the mailinglist. Others may have simmilar issues and your solution might help them solving there issues.[0]
[2024-09-21 10:33] Bambero <bamb...@gmail.com> > Thanks for the quick reply. > > IIn this case, I want to search the userbase using the full email > address (t...@example.org), not just the local part (test). > > My full config below: > > table localdomains file:/etc/mail/localdomains > > table users ldap:///etc/mail/ldapusers.conf > listen on [ip-addr] port 587 > > action "local_mail" lmtp "/var/dovecot/lmtp" rcpt-to userbase <users> > > match from any for domain <localdomains> action "local_mail" So you want to match when the recipient is in ldap. There is the rcpt-to option in match. To use this you need the mailaddr_filter. See table-ldap(5) for details. After that your action needs to handle this addresses. The simples way to do this is a virtual table with a catch all to a delivery user. Then you can deliver to lmtp with the rcpt-to option. > Here is my ldapusers.conf file. I have also tried using the filter: > userinfo_filter: (&(objectclass=posixaccount)(mail=%s)) > But in my case, it doesn’t matter because uid in LDAP is equal to the > mail attribute. > > url: ldap://127.0.0.1 > basedn: ou=mailaccounts,dc=example,dc=org > username: uid=_smtpd,ou=users,dc=example,dc=org > password *** > userinfo_filter: (&(objectclass=posixaccount)(uid=%s)) > userinfo_attributes: uidNumber, gidNumber, homeDirectory > > > My LDAP entry looks like this: > > # t...@example.org, mailaccounts, example.org > dn: uid=t...@example.org,ou=mailaccounts,dc=example,dc=org > cn: test > sn: example.org > uid: t...@example.org > mail: t...@example.org > uidNumber: 1002 > gidNumber: 1002 > loginShell: active > gecos: sogo > homeDirectory: /t...@example.org > quota: *:storage=1M > objectclass: top > objectclass: inetOrgPerson > objectclass: organizationalPerson > objectclass: posixAccount > objectclass: systemQuotas > userpassword:: *** The userbase is for local users not for full addresses. So smtpd only checks the local-part of a mailaddress for delivery. When you want to use this (i.e. to allow .forwoard files) you need a unique username without an @. You then can use "action ... virtual <users> usersbase <users>" to match the mailaddresses to the actual user and find the userinfo from ldap. Your alias filter then must map the address to the username and the userinfo filter would search for the username. Keep in mind that smtpd by default delivers with the uid/gid from the userbase lookup. Philipp [0] Also I can't send to gmail, because gmail rejects mails without dmarc/dkimi/spf and I don't want to use this. > Best regards, > Bambero > > On 9/21/24 02:35, Philipp wrote: > > Hi > > > > [2024-09-21 01:23] Bambero <bamb...@gmail.com> > >> I'm struggling with integrating OpenSMTPD with an LDAP backend to verify > >> users based on their full email addresses. Despite using the rcpt-to > >> option in my LMTP configuration, > > > > The rcpt-to option in the lmtp action is only for the address used > > inside the lmtp protocoll. It has nothing to do with table-requests. > > > >> OpenSMTPD seems to only check the local > >> part of the email address (e.g., user instead of u...@example.com) > >> against the LDAP directory. > >> > >> My OpenSMTPD Configuration (/etc/mail/smtpd.conf): > >> > >> table localdomains file:/etc/mail/localdomains > >> table users ldap:///etc/mail/ldapusers.conf > >> > >> listen on 127.0.0.1 port 587 > >> > >> action "local_mail" lmtp "/var/dovecot/lmtp" rcpt-to > >> > >> match from any for domain <localdomains> action "local_mail" > >> match from local for any action "outbound" > > > > Could you include your ldapusers.conf? > > > >> In the debug logs, I see OpenSMTPD querying LDAP with only the local > >> part of the email (uid=test), instead of the full email address > >> (uid=t...@example.org). As a result, valid email addresses are not being > >> found in the LDAP directory, and I'm getting a "550 Invalid recipient" > >> error. > >> > >> users[9900]: debug: table_ldap: ldap_query: > >> filter=(&(objectclass=posixaccount)(uid=test)), ret=0 > >> users[9900]: debug: table_ldap: ldap_query: > >> filter=(&(objectclass=posixaccount)(uid=test)), ret=0 > >> lookup: lookup "test" as USERINFO in table proc:users -> none > >> expand: lka_expand: user-part does not match system user > >> smtp: 0x7d457d83000: >>> 550 Invalid recipient: <t...@example.org> > > > > Your config doesn't use the "users" table so the table isn't queried. > > Have you included an old version of your config? > > > >> Has anyone encountered similar issues with OpenSMTPD not using the full > >> email address for LDAP queries? Is there a workaround or configuration > >> adjustment that I’m missing to make OpenSMTPD use the full address for > >> user verification? > > > > The "uid" attribute for mail sounds wrong, you might want to use the > > "mail" attribute. But with this limited information it's not possible to > > say what's wrong with your config. Can you explain a bit better what you > > want to achieve and how your ldap schema looks like? > > > > Philipp > > > >> Any help or pointers would be greatly appreciated! > >> > >> Best regards, > >> Bambero > >> > > >
