[pfx] Re: smtpd_command_filter: Bounce-never regex sample wrong?

2023-08-28 Thread lutz.niederer--- via Postfix-users 
Thank you.  I forgot the other parameters that are possible...


> Gesendet: Sonntag, 27. August 2023 um 20:04 Uhr
> Von: "Viktor Dukhovni via Postfix-users" 
> An: postfix-users@postfix.org
> Betreff: [pfx] Re: smtpd_command_filter: Bounce-never regex sample wrong?
>
> On Sun, Aug 27, 2023 at 10:25:10AM +0200, lutz.niederer--- via Postfix-users 
> wrote:
>
> > In postconf > smtpd_command_filter section there is an example for never 
> > bouncing mails (no DSN):
> >
> > # Bounce-never mail sink. Use notify_classes=bounce,resource,software
> > # to send bounced mail to the postmaster (with message body removed).
> > /^(RCPT\s+TO:\s*<.*>.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2
> > /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER
> >
> > RFC3461 says
> >
> >   notify-esmtp-value = "NEVER" / 1#notify-list-element
> >   notify-list-element = "SUCCESS" / "FAILURE" / "DELAY"
> >
> >Notes:
> >
> >a. Multiple notify-list-elements, separated by commas, MAY appear in
> >   a NOTIFY parameter; however, the NEVER keyword MUST appear by
> >   itself.
> >
> > Why is there a "$2" appended in the first line of the example if only 
> > "NEVER" is allowed?
>
> Consider:
>
> RCPT TO: NOTIFY=SUCCESS SIZE=12345
>
> taking into account that "\S+" greedily matches non-whitespace.  [ The
> "$2" suffix will necessarily be empty or will start with whitespace. ]
>
> --
> Viktor.
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: local_recipient_maps does not apply to local mail submission

2023-08-28 Thread Étienne Miret via Postfix-users 

Hello!


The documentation patch seems to suggest that there are potential
futures in which the parameter also restricts non-SMTP message ingres,
or even delivery after alias expansion for addresses not listed in the
table.


Well, based on previous messages on this thread, I thought this was 
indeed a possibility. I’m not saying I think it should be done, but 
Wietse did say:



There is nothing that prevents local_recipient_maps from being used
elsewhere. The need to do so just hasn't come up.


which opens the possibility.

So I chose a wording that should make clear to users that they cannot 
rely on local_recipient_maps to be ignored by non-SMTP inputs, and 
therefore that they should make sure the lookups specified in this 
setting include all locally deliverable recipients. Essentially, I said:



Whether this setting applies to non-SMTP inputs is unspecified,
don’t rely on either way.


Of course, it can be decided that local_recipient_maps not applying to 
anything else than smtpd is now a documented feature. This would mean a 
configuration where some local users cannot receive mails from the 
Internet is now supported (although I guess this can already be done 
with filters) but also that changing this behavior would now be a 
breaking change, requiring a major version bump and proper warning.


I’m totally fine with that, and can even provide a new patch to document 
this. It’s just in my opinion, such a decision must be carefully 
weighted before it is taken.


Regards,

--
Étienne Miret
https://etienne.miret.io/


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: local_recipient_maps does not apply to local mail submission

2023-08-28 Thread Viktor Dukhovni via Postfix-users 
On Mon, Aug 28, 2023 at 04:14:33PM -0400, Viktor Dukhovni via Postfix-users 
wrote:

> However, neither eventuality is at all likely.  My take is that it would
> not be an unwelcome breaking change to apply the table in any context
> other than SMTP ingres.

s/would not be/would be/

--  
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: local_recipient_maps does not apply to local mail submission

2023-08-28 Thread Viktor Dukhovni via Postfix-users 
On Mon, Aug 28, 2023 at 09:01:35PM +0200, Étienne Miret via Postfix-users wrote:

> Anyway, I promised a documentation patch that would make this more 
> explicit, here it is! Sorry it took me a little long to do it, as I have 
> been busy on other issues.

The documentation patch seems to suggest that there are potential
futures in which the parameter also restricts non-SMTP message ingres,
or even delivery after alias expansion for addresses not listed in the
table.

However, neither eventuality is at all likely.  My take is that it would
not be an unwelcome breaking change to apply the table in any context
other than SMTP ingres.

Therefore, if the documentation is to make to make the scope even more
explicit, it should hedge the language in "For now, ...".  Just say it
like it is: the table is used to reject unwanted local SMTP recipients.

One might, for example, reject mail to "root", "bin", "daemon", ... from
outside, but allow local cron jobs to notify appropriate mailboxes
(typically aliased), which means filtering out some accounts:

main.cf:
local_recipient_maps =
pipemap:{
pcre:{{/^"(.*)"(?:@[^@"\\]+)?$$/ $$1},
  {/^(.*?)(?:@[^@"\\]+)?$$/  $$1}},
pcre:{{/^(?:root|bin|daemon)$$/:},
  {/(.*)/$$1}},
unionmap:{proxy:unix:passwd.byname $alias_maps}
}

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: local_recipient_maps does not apply to local mail submission

2023-08-28 Thread Étienne Miret via Postfix-users 

Hello,


There is nothing that prevents local_recipient_maps from being used elsewhere. 
The need to do so just hasn't come up.


To be fair, I don’t have any use for this either. It’s just I had a 
misconfiguration on my side, a user wouldn’t get their mails (well, 
myself actually, the postmaster), and /usr/sbin/sendmail -bv said all 
was fine. It don’t think it took me long to find out the issue, though.



As for local_recipient_maps not being checked elsewhere in Postfix:

[…]


Oh! Now I understand your first reply. I was wondering what you meant 
back then.



You had not mentioned LMTP.


I don’t think I mentioned anything else either 🙂.

mailbox_transport and _maps were originally used to deliver mail for UNIX and [1] non-UNIX accounts to a [2] Dovecot command-line tool. Both [1] and [2] were poor solutions. 


Hmm… I was using LMTP through mailbox_transport:

> mailbox_transport = lmtp:unix:private/dovecot-lmtp

Is this bad?


This is why the doc mmentions that local_recipient_maps is used by the SMTP 
daemon.


Indeed, it does. But it doesn’t say it is not used by other processes, 
or at least I didn’t understand that when reading it.


Anyway, I promised a documentation patch that would make this more 
explicit, here it is! Sorry it took me a little long to do it, as I have 
been busy on other issues.


I didn’t see any CONTRIBUTING file with guidelines or how to submit 
patches, so I hope the attachment on this mail will do it. Also, the 
"sources" we can download from  
include the built documentation, so I hope the files I edited under 
proto/ are the actual documentation sources rather than the result of a 
first build phase.


Regards,

--
Étienne Miret
https://etienne.miret.io/
diff -ruN -x README_FILES -x .idea -x html -x man 
/var/tmp/postfix-3.8.1/proto/LOCAL_RECIPIENT_README.html 
Documents/Development/postfix-3.8.1/proto/LOCAL_RECIPIENT_README.html
--- /var/tmp/postfix-3.8.1/proto/LOCAL_RECIPIENT_README.html2023-03-09 
00:35:26
+++ Documents/Development/postfix-3.8.1/proto/LOCAL_RECIPIENT_README.html   
2023-08-28 20:15:41
@@ -57,7 +57,9 @@
 local when its domain matches $mydestination, $inet_interfaces or
 $proxy_interfaces. If a local username or address is not listed in
 $local_recipient_maps, then the Postfix SMTP server will reject
-the address with "User unknown in local recipient table".  
+the address with "User unknown in local recipient table".
+Note that this username may still be able to receive mails from other
+sources (like sendmail(1)). 
 
  The default setting, shown below, assumes that you use the
 default Postfix local(8) delivery agent for local delivery, where
diff -ruN -x README_FILES -x .idea -x html -x man 
/var/tmp/postfix-3.8.1/proto/postconf.proto 
Documents/Development/postfix-3.8.1/proto/postconf.proto
--- /var/tmp/postfix-3.8.1/proto/postconf.proto 2023-06-05 21:12:17
+++ Documents/Development/postfix-3.8.1/proto/postconf.proto2023-08-28 
20:12:58
@@ -2425,6 +2425,9 @@
 
 If this parameter is non-empty (the default), then the Postfix SMTP
 server will reject mail for unknown local users.
+For now, this parameter is ignored by other processes, which means
+a misconfiguration here can lead to a local user receiving mails
+from sendmail(1) but not from SMTP clients.
 
 
 


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org