On Sat, 5 Mar 2022, Thomas Bohl wrote:
>> I've got a situation which doesn't seem all that unusual, but I can't
>> figure out how to properly set it up with OpenSMTPd on OpenBSD
>> 7.0-release. I need to receive email from anywhere to my local users
>> (most, but not all, of whom should not have accounts on the mailserver)
>> and relay email from any local system to anywhere. Incoming mail for my
>> local users should be saved to /var/virtual/<user>/Maildir (all owned
>> by one special user) for pickup via pop3 or imap.
>
> I hope I understooded you correctly.
>
> table aliases file:/etc/mail/aliases
> table mail2user {
> f...@example.com = user1,
> b...@example.com = user2,
> @example.com = user3 }
>
> action "receivedLocally" maildir "/var/virtual/%{dest.user}/Maildir" user
> onespecialuser alias <aliases>
> action "receivedRemotely" maildir "/var/virtual/%{dest.user}/Maildir" user
> onespecialuser virtual <mail2user>
> action "relay2Internet" relay
>
> match for local action "receivedLocally"
> match auth from any for domain example.com action "receivedRemotely"
> match auth from any for any action "relay2Internet"
>
> (Untested because I personally only ever use lmtp.)
I've never used lmtp, but I should look into it.
I should have made it more clear that my 'local users' have accounts on
various systems behind my firewall, but mostly not on the mailserver,
and that incoming messages for them already have their proper usernames
though the FQDN may name a specific system (e.g.
example.daveanderson.com) rather than the canonical daveanderson.com. I
do want to run all messages through /etc/mail/aliases to handle mail to,
e.g., postmaster.
One problem with my current hurridly-thrown-together setup is that smtpd
won't deliver mail to any user without an account on the mailserver;
using userbase and listing all the users I care about would probably
solve that (though what I'd really like is for smtpd to accept messages
for any username where /var/virtual/<username>/Maildir exists, so I
don't need a duplicate list).
>> 'action' interact is murky at best. In particular, the interactions
>> among 'alias', 'userbase', and 'virtual' are not obvious to me, as is
>> exactly what 'userbase' does (though the manpage for table(5) helps.).
>
> alias
> xyz: user1
>
> Mails for xyz will be delivered to user1.
>
>
> userbase <foobar>
> Instead of looking into /etc/passwd to get informations about the user (for
> example what the /home/dir is) the table foobar is used.
>
>
> virtual
> xyz user1
> z...@example.com user2
> @example.com allexample
> @ all
>
> For a description of the difference between alias and virtual see Aliasing
> tables in man 5 table. (Not sure if one could say alias exists more because of
> tradition. It makes sure that on an unconfigured system root gets system
> messages. (Because of file:/etc/mail/aliases))
Yes, I understand all of that -- but what happens if, for instance, you
specify both alias and virtual for the same action? And userbase seems
like overkill for virtual users with no account on the mailserver to be
delivered to (given that it specifies numeric user and group), but will
it allow accepting mail for the usernames it lists?
>> Also, 'postmaster', and several other names listed in RFC 2142, are
>> supposed to always be processed case-insensitively; I don't see any
>> mention of what, if anything, is done about this. Even if nothing is
>> done an explicit statement to that effect would be useful.
>
> All lookups are case-insensitive.
Given that usernames are allowed to be case-sensitive (as stated in the
second paragraph of RFC 5321 section 2.4: "The local-part of a mailbox
MUST BE treated as case sensitive."), this _really_ ought to be clearly
and obviously stated.
Also, note the special status of 'postmaster' in the final paragraph of
section 2.3.5 of RFC 5321: "The reserved mailbox name "postmaster" may
be used in a RCPT command without domain qualification (see Section
4.1.1.3) and MUST be accepted if so used.".
I think that a prominent statement should be added to the smtpd.conf
manpage, probably something like "All lookups and comparisons of the
user-part of an email address are case-insensitive, and no special
handling is done for any user-part." This is something that anyone
configuring smtpd really should know.
Dave
--
Dave Anderson
<d...@daveanderson.com>
