Re: SMTP AUTH for both system and virtual users?

2022-08-19 Thread Kamil Andrusz 
> On 19 Aug 2022, at 17:34, Simon Harrison  wrote:
> 
> On Fri, 19 Aug 2022 13:00:27 +0200
> Kamil Andrusz  wrote:
> 
>> Hello All,
>> 
>> I’ve an old existing setup where I have existing system users. I
>> would like to add new domains and use virtual users (no need for them
>> to have system accounts). The system has only one IP available.
>> 
>> I implemented the expected solution on Dovecot side simply by using
>> multiple passdb/userdb entries.
>> 
>> However I can’t figure out how (or if it’s at all possible with a
>> single IP) to get SMTP AUTH working for both system and virtual users
>> with OpenSMTPD.
>> 
>> Is that possible and if it is, any hints how to do it?
>> 
>> Thank you in advance!
>> 
>> With best regards,
>> Kamil Andrusz
>> 
> 
> According to the man page it is supported:
> 
> https://man.openbsd.org/smtpd.conf
> 
> listen on interface [family] [options]
>   Listen on the interface for incoming connections, using the same
> syntax as ifconfig(8). The interface parameter may also be an interface
> group, an IP address, or a domain name. Listening can optionally be
> restricted to a specific address family, which can be either inet4 or
> inet6.
> 
>   The options are as follows:
> 
>   auth []
>   Support SMTPAUTH: clients may only start SMTP transactions
>   after successful authentication. Users are authenticated against
>   either their own normal login credentials or a credentials table
>   authtable, the format of which is described in table(5).
> 
> 
> From one of my conf's (using a credentials table):
> 
> table secrets file:/etc/mail/secrets
> 
> listen on eth0 port 465 smtps pki mydomain.com auth 
> 
> match from auth for any action "relay"
> 
> Good luck!
> 
> 
The problem is that both domains are assigned to the same IP.
In my lab setup I have the following entries in /etc/mail/smtpd.conf:
listen on openbsd.test port submission tls-require pki „openbsd.test" hostname 
„openbsd.test" auth
listen on example.com port submission tls-require pki „mail.example.com" 
hostname "mail.example.com" auth 

The end result is (/var/log/maillog):
Aug 19 19:10:50 openbsd smtpd[30326]: info: OpenSMTPD 7.0.0 starting
Aug 19 19:10:51 openbsd smtpd[10313]: dispatcher: smtpd: bind: Address already 
in use
Aug 19 19:10:51 openbsd smtpd[17852]: smtpd: process dispatcher socket closed

So using domain name does not work.

With best regards,
Kamil Andrusz
— 
It’s just a matter of opinion.

Re: SMTP AUTH for both system and virtual users?

2022-08-19 Thread Simon Harrison 
On Fri, 19 Aug 2022 13:00:27 +0200
Kamil Andrusz  wrote:

> Hello All,
> 
> I’ve an old existing setup where I have existing system users. I
> would like to add new domains and use virtual users (no need for them
> to have system accounts). The system has only one IP available.
> 
> I implemented the expected solution on Dovecot side simply by using
> multiple passdb/userdb entries.
> 
> However I can’t figure out how (or if it’s at all possible with a
> single IP) to get SMTP AUTH working for both system and virtual users
> with OpenSMTPD.
> 
> Is that possible and if it is, any hints how to do it?
> 
> Thank you in advance!
> 
> With best regards,
> Kamil Andrusz
> 

According to the man page it is supported:

https://man.openbsd.org/smtpd.conf

listen on interface [family] [options]
Listen on the interface for incoming connections, using the same
syntax as ifconfig(8). The interface parameter may also be an interface
group, an IP address, or a domain name. Listening can optionally be
restricted to a specific address family, which can be either inet4 or
inet6.

The options are as follows:

auth []
Support SMTPAUTH: clients may only start SMTP transactions
after successful authentication. Users are authenticated against
either their own normal login credentials or a credentials table
authtable, the format of which is described in table(5).


From one of my conf's (using a credentials table):

table secrets file:/etc/mail/secrets

listen on eth0 port 465 smtps pki mydomain.com auth 

match from auth for any action "relay"

Good luck!

SMTP AUTH for both system and virtual users?

2022-08-19 Thread Kamil Andrusz 
Hello All,

I’ve an old existing setup where I have existing system users. I would like to 
add new domains and use virtual users (no need for them to have system 
accounts). The system has only one IP available.

I implemented the expected solution on Dovecot side simply by using multiple 
passdb/userdb entries.

However I can’t figure out how (or if it’s at all possible with a single IP) to 
get SMTP AUTH working for both system and virtual users with OpenSMTPD.

Is that possible and if it is, any hints how to do it?

Thank you in advance!

With best regards,
Kamil Andrusz