Re: Is LDAP+SSL supported?
> In my opinion, table-ldap from extras is doomed as it relies on a lib > that > is barely maintained and doing LDAP asynchronously is painful. I just stumbled upon this OpenBSD ldap client that carries a up-to-date version of aldap, with LDAPS support. https://github.com/reyk/ldapclient Maybe there can be OpenSMTPD LDAPS support without much effort?
Is LDAP+SSL supported?
Hi, I have a LDAP table that is working great, but now I would like to avoid clear connections and enable SSL. There is an old mail [1] stating that it is not possible, but I would like to check if it is still the case 7 years later. So here is my configuration: smtpd.conf has a LDAP table. table ldap ldap:/etc/mail/ldap.conf And /etc/mail/ldap.conf has a very basic configuration: url ldap://ldap.mydomain.tld usernamecn=admin,dc=mydomain,dc=tld password basedn ou=Users,dc=mydomain,dc=tld ... Switching ldap:// to ldaps:// prevents OpenSMTPD to start. Am I missing something or is the feature not implemented yet? Thank you. Éloi [1] https://www.mail-archive.com/misc@opensmtpd.org/msg00150.html
Re: OpenSMTPd LDAP
Le lundi 13 avril 2020 à 20:02 -0700, nik...@rpgresearch.com a écrit : > I just wanted to follow up and see if there was anyone had some > guidance on LDAP integration with OpenSMTPd. > Hi. This is a report of my recent experience with OpenLDAP and OpenSMTPD: https://yaal.fr/blog/how-to-plug-opensmtpd-with-openldap-on-debian-buster HTH
Re: Skip recipient verification and forward everything to a LMTP socket
> What about RFC 1891? Is there an option to disable use of additional
> parameters such as ORCPT [1] to ensure compatibility with smtp tools that does
> not support this standard?
Actually I was misunderstanding this. There is no issue with ORCPT.
> It is inaccurate that no system user is involved here, all recipients do
> resolve into a username because some user has to do the LMTP session. In
> virtual setups, like yours seems to be, the proper way is to create some
> dedicated user and map all recipients to that:
>
> action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \
> virtual { "@" = _sourcehut }
>
> In cases where you have a full list of recipients and do not need to get
> virtual mappings involved, you can do:
>
> action sourcehut lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" \
> user _sourcehut
>
> But no matter what, any action in smtpd.conf is a command that is going
> to get executed and a process has to have a owner, so there is going to
> be a system user involved.
Indeed, this solution seems to work:
action srht lmtp "/tmp/lists.forge.mydomain-tls-lmtp.sock" rcpt-to virtual {
"@" = listssrht }
match from any for any action srht
Now I encounter another issue: sourcehut mailing lists have the form "
~user/listn...@lists.forge.mydomain.tld" [1]. There is also a backup formatm. "
u.user.listn...@lists.forge.mydomain.tld". The backup format works fine, but the
tilde character does not seem to be handled correctly in the main format. Those
are the commands received by the lmtp client when I send a mail to
~user/listn...@lists.forge.mydomain.tld:
LHLO localhost
MAIL FROM:
RCPT TO:<:user/listn...@lists.forge.mydomain.tld>
In the "RCPT TO" command, the user has no tilde. The sourcehut developpers argue
that it is a valid character for an email adress. Would you consider supporting
tildes in OpenSMTPD?
[1] https://man.sr.ht/lists.sr.ht/#posting
Re: Skip recipient verification and forward everything to a LMTP socket
> But no matter what, any action in smtpd.conf is a command that is going > to get executed and a process has to have a owner, so there is going to > be a system user involved. Thank you for the explanations, this is clearer. What about RFC 1891? Is there an option to disable use of additional parameters such as ORCPT [1] to ensure compatibility with smtp tools that does not support this standard? [1] https://tools.ietf.org/html/rfc1891#section-5.2
Re: Skip recipient verification and forward everything to a LMTP socket
Ok I think I understand what is wrong. It seems that the SMTP library used by sourcehut LMTP daemon does not understand [1] the "ORCPT=" part in the RCPT-TO command that seems to be allowed by the RFC1891. Until aiosmtpd support RFC1891, is there a way that OpenSMTPD can get rid the ORCPT part? [1] https://github.com/aio-libs/aiosmtpd/issues/183
Re: Skip recipient verification and forward everything to a LMTP socket
Thank you for the explanation. Even with the "rcpt-to" parameter, I still get a "550 Invalid recipient" error, and no sign of activity from my the lmtp daemon the other side of the socket. How can I debug what causes this 550 error?
Skip recipient verification and forward everything to a LMTP socket
Hi, I would like to put a OpenSMTPD server in front of a sourcehut lists installation [1] (that is, a mailing list system for sourcehut). OpenSMTPD and sourcehut communicate through a lmtp unix socket. Here is my configuration (without the filter and pki parts): listen on eth0 tls pki lists.forge.mydomain.tld action sourcehut lmtp /tmp/lists.forge.mydomain-tld-lmtp.sock match from any for domain "lists.forge.yaal.fr" action "sourcehut" Now with this configuration I only get "550 Invalid recipient" errors, which is expected because OpenSMTPD has no way to know what is a valid sourcehut list recipient. How can I make OpenSMTPD just skip the recipient verification, and just forward everything to the lmtp socket? I read about userbase catchall, but my understanding is that userbases maps recipients to a system user, and that seems irrelevant for me as no system user is involved here. What do you think? Éloi [1] https://sr.ht/
