On Jan 18, 2020 2:45 PM, gil...@poolp.org wrote:
>
> January 15, 2020 6:03 PM, "Éloi Rivard" <eloi.riv...@aquilenet.fr> wrote:
>
> > Hi,
> >
> > I would like to put a OpenSMTPD server in front of a sourcehut lists
> > installation [1] (that is, a mailing list system for sourcehut).
> > OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is
> > my configuration (without the filter and pki parts):
> >
> > listen on eth0 tls pki lists.forge.mydomain.tld
> > action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock
> >
> > match from any for domain "lists.forge.yaal.fr" action "sourcehut"
> >
> > Now with this configuration I only get "550 Invalid recipient" errors,
> > which is expected because OpenSMTPD has no way to know what is a valid
> > sourcehut list recipient.
> >
> > How can I make OpenSMTPD just skip the recipient verification, and just
> > forward everything to the lmtp socket?
> >
>
> There are two ways:
>
> 1- synchronize the list of recipients in a recipient table in smtpd, that
> may be less convenient because you need to have the list of recipients
> on the SMTP side AND the lmtp side, but... that's the clean way.
>
> 2- you can have a virtual mapping with a catch-all so that all recipients
> are accepted and passed to the LMTP socket, this works but is not very
> clean because it will backscatter if LMTP rejects the recipient.
>
>
> > I read about userbase catchall, but my understanding is that userbases
> > maps recipients to a system user, and that seems irrelevant for me as
> > no system user is involved here.
> >
>
> The userbase feature is to provide an alternate mechanism to resolve the
> usernames to uid, gid and home directory. I don't think it's useful here
> but your comment has hinted me at the issue:
>
> It is inaccurate that no system user is involved here, all recipients do
> resolve into a username because some user has to do the LMTP session. In
> virtual setups, like yours seems to be, the proper way is to create some
> dedicated user and map all recipients to that:
>
> action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \
> virtual { "@" = _sourcehut }
>
> In cases where you have a full list of recipients and do not need to get
> virtual mappings involved, you can do:
>
> action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \
> user _sourcehut
>
> But no matter what, any action in smtpd.conf is a command that is going
> to get executed and a process has to have a owner, so there is going to
> be a system user involved.
>
Something along these words should be added to the manual somewhere. I think
that is a common misunderstanding for virtual setups.
Edgar
