I am running OpenSMTPD on my home network on a Debian 12 server.
Mail to local Linux users is working correctly.
#-----------------------------------------------------------------------------
pki debian.lan cert "/etc/smtpd/smtpd.crt"
pki debian.lan key "/etc/smtpd/smtpd.key"
table aliases file:/etc/aliases
listen on 0.0.0.0 port 587 tls-require pki debian.lan auth
action "local" maildir "%{user.directory}/mail/local" alias <aliases>
match from any for local action "local"
#-----------------------------------------------------------------------------
I am trying to add relays for various smarthosts for external mail.
Each Linux user has multiple email accounts each with their own
smarthost. Some will only accept OAUTH2 authentication. Smarthost
selection will be based off the From address.
First option:
#-----------------------------------------------------------------------------
table secrets file:/etc/smtpd/secrets
action "[email protected]" relay host smtp+tls://[email protected] auth
<secrets>
match from any auth tc mail-from "[email protected]" for any action
"[email protected]"
#-----------------------------------------------------------------------------
This works but has two issues:
- I have to keep and maintain a database of email/passwords for all users.
- I can't get OAUTH2 working.
Second option:
Let each user maintain their own database of accounts (facilitating
their fast creation/deletion). To this end each user has configured
local msmtp (~/.msmtprc) such that sending mail to the correct smarthost
works (even with OAUTH2) from the command line.
https://marlam.de/msmtp/msmtp.html
msmtp is an SMTP client that in its default mode of operation, reads a mail
from standard input and sends it to a predefined SMTP server that takes care of
proper delivery.
>From smtpd.conf:
mda command
Delegate the delivery to a command that receives the message on its standard
input.
This seems like what is needed to relay messages received on 587 to the
relevant smarthost.
#-----------------------------------------------------------------------------
action "relay_msmtp" mda "msmtp -t --read-envelope-from"
match from any auth for any action "relay_msmtp"
#-----------------------------------------------------------------------------
And it works! However, mail can only be sent to email addresses starting with
the Linux username used for authentication.
e.g.
[email protected] SUCCESS
[email protected] SUCCESS!
2024-08-13T10:56:38.911151+01:00 debian smtpd[227267]: 504476b9224094be smtp
connected address=127.0.0.1 host=localhost
2024-08-13T10:56:39.000505+01:00 debian smtpd[227267]: 504476b9224094be smtp
tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
2024-08-13T10:56:40.009429+01:00 debian smtpd[227267]: 504476b9224094be smtp
authentication user=tc result=ok
2024-08-13T10:56:40.056885+01:00 debian smtpd[227267]: 504476b9224094be smtp
message msgid=f5b8b1b2 size=466 nrcpt=1 proto=ESMTP
2024-08-13T10:56:40.057193+01:00 debian smtpd[227267]: 504476b9224094be smtp
envelope evpid=f5b8b1b25ed9267d from=<[email protected]> to=<[email protected]>
2024-08-13T10:56:40.057685+01:00 debian smtpd[227267]: 504476b9224094be smtp
disconnected reason=quit
2024-08-13T10:56:41.728328+01:00 debian smtpd[227267]: 504476ba5311e426 mda
delivery evpid=f5b8b1b25ed9267d from=<[email protected]> to=<[email protected]>
rcpt=<[email protected]> user=tc delay=1s result=Ok stat=Delivered
[email protected] FAILURE
2024-08-13T10:48:59.995400+01:00 debian smtpd[227267]: 504476b608014249 smtp
connected address=127.0.0.1 host=localhost
2024-08-13T10:49:00.076532+01:00 debian smtpd[227267]: 504476b608014249 smtp
tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
2024-08-13T10:49:01.101364+01:00 debian smtpd[227267]: 504476b608014249 smtp
authentication user=tc result=ok
2024-08-13T10:49:01.103541+01:00 debian smtpd[227267]: 504476b608014249 smtp
failed-command command="RCPT TO:<[email protected]>" result="550 Invalid
recipient: <[email protected]>"
2024-08-13T10:49:01.103947+01:00 debian smtpd[227267]: 504476b608014249 smtp
disconnected reason=disconnect
Is this a bug, a mis-configuration, or is "mda" just being horribly
abused in this manner?
Any advice on how to debug further gratefully received.
Phil
