Re: Is LDAP+SSL supported?
> In my opinion, table-ldap from extras is doomed as it relies on a lib > that > is barely maintained and doing LDAP asynchronously is painful. I just stumbled upon this OpenBSD ldap client that carries a up-to-date version of aldap, with LDAPS support. https://github.com/reyk/ldapclient Maybe there can be OpenSMTPD LDAPS support without much effort?
Is LDAP+SSL supported?
Hi, I have a LDAP table that is working great, but now I would like to avoid clear connections and enable SSL. There is an old mail [1] stating that it is not possible, but I would like to check if it is still the case 7 years later. So here is my configuration: smtpd.conf has a LDAP table. table ldap ldap:/etc/mail/ldap.conf And /etc/mail/ldap.conf has a very basic configuration: url ldap://ldap.mydomain.tld usernamecn=admin,dc=mydomain,dc=tld password basedn ou=Users,dc=mydomain,dc=tld ... Switching ldap:// to ldaps:// prevents OpenSMTPD to start. Am I missing something or is the feature not implemented yet? Thank you. Éloi [1] https://www.mail-archive.com/misc@opensmtpd.org/msg00150.html
Re: OpenSMTPd LDAP
Le lundi 13 avril 2020 à 20:02 -0700, nik...@rpgresearch.com a écrit : > I just wanted to follow up and see if there was anyone had some > guidance on LDAP integration with OpenSMTPd. > Hi. This is a report of my recent experience with OpenLDAP and OpenSMTPD: https://yaal.fr/blog/how-to-plug-opensmtpd-with-openldap-on-debian-buster HTH
Re: Skip recipient verification and forward everything to a LMTP socket
> What about RFC 1891? Is there an option to disable use of additional > parameters such as ORCPT [1] to ensure compatibility with smtp tools that does > not support this standard? Actually I was misunderstanding this. There is no issue with ORCPT. > It is inaccurate that no system user is involved here, all recipients do > resolve into a username because some user has to do the LMTP session. In > virtual setups, like yours seems to be, the proper way is to create some > dedicated user and map all recipients to that: > > action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \ > virtual { "@" = _sourcehut } > > In cases where you have a full list of recipients and do not need to get > virtual mappings involved, you can do: > > action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \ > user _sourcehut > > But no matter what, any action in smtpd.conf is a command that is going > to get executed and a process has to have a owner, so there is going to > be a system user involved. Indeed, this solution seems to work: action srht lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" rcpt-to virtual { "@" = listssrht } match from any for any action srht Now I encounter another issue: sourcehut mailing lists have the form " ~user/listn...@lists.forge.mydomain.tld" [1]. There is also a backup formatm. " u.user.listn...@lists.forge.mydomain.tld". The backup format works fine, but the tilde character does not seem to be handled correctly in the main format. Those are the commands received by the lmtp client when I send a mail to ~user/listn...@lists.forge.mydomain.tld: LHLO localhost MAIL FROM: RCPT TO:<:user/listn...@lists.forge.mydomain.tld> In the "RCPT TO" command, the user has no tilde. The sourcehut developpers argue that it is a valid character for an email adress. Would you consider supporting tildes in OpenSMTPD? [1] https://man.sr.ht/lists.sr.ht/#posting
Re: Skip recipient verification and forward everything to a LMTP socket
> But no matter what, any action in smtpd.conf is a command that is going > to get executed and a process has to have a owner, so there is going to > be a system user involved. Thank you for the explanations, this is clearer. What about RFC 1891? Is there an option to disable use of additional parameters such as ORCPT [1] to ensure compatibility with smtp tools that does not support this standard? [1] https://tools.ietf.org/html/rfc1891#section-5.2
Re: Skip recipient verification and forward everything to a LMTP socket
Ok I think I understand what is wrong. It seems that the SMTP library used by sourcehut LMTP daemon does not understand [1] the "ORCPT=" part in the RCPT-TO command that seems to be allowed by the RFC1891. Until aiosmtpd support RFC1891, is there a way that OpenSMTPD can get rid the ORCPT part? [1] https://github.com/aio-libs/aiosmtpd/issues/183
Re: Skip recipient verification and forward everything to a LMTP socket
Thank you for the explanation. Even with the "rcpt-to" parameter, I still get a "550 Invalid recipient" error, and no sign of activity from my the lmtp daemon the other side of the socket. How can I debug what causes this 550 error?
Skip recipient verification and forward everything to a LMTP socket
Hi, I would like to put a OpenSMTPD server in front of a sourcehut lists installation [1] (that is, a mailing list system for sourcehut). OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is my configuration (without the filter and pki parts): listen on eth0 tls pki lists.forge.mydomain.tld action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock match from any for domain "lists.forge.yaal.fr" action "sourcehut" Now with this configuration I only get "550 Invalid recipient" errors, which is expected because OpenSMTPD has no way to know what is a valid sourcehut list recipient. How can I make OpenSMTPD just skip the recipient verification, and just forward everything to the lmtp socket? I read about userbase catchall, but my understanding is that userbases maps recipients to a system user, and that seems irrelevant for me as no system user is involved here. What do you think? Éloi [1] https://sr.ht/