On Fri, Aug 30, 2019 at 11:14:37PM -0500, Edgar Pettijohn wrote:
> On Fri, Aug 30, 2019 at 05:00:24PM +0200, Ede Wolf wrote:
> > Hello,
> >
> >
>
> Semi complete example at the bottom. I'll leave it to you to reverse translate
> to the old syntax. I didn't notice till after I was done and am too lazy to
> change it. :) Also noticed while re-reading smtpd.conf(5) there is a `user'
> keyword that can be used in an action:
>
> user username
> Specify the username for performing the delivery, to be
> looked up with getpwnam(3).
>
> This is used for virtual hosting where a single username
> is in charge of handling delivery for all virtual users.
>
> This option is not usable with the mbox delivery method.
>
> Not sure if its available in whichever version you are using, but may make
> things easier enough to warrant an upgrade.
>
> > While trying to learn opensmtpd, amongst other things I am struggeling with
> > the virtual user handling - for a non virtual domain setup.
> >
> > From what I have been able to understand so far it seems, as if there is no
> > way to deliver mails to a lmtp socket, if there is not at least some
> > reference/mapping to a system user?
> >
> > accept from any for domain "example.com" recipient <vusers> alias <aliases>
> > deliver to lmtp "/run/cyrus/lmtp" rcpt-to as nobody
> >
> > where vusers contains:
>
> vusers would need to be `key => value' pairs
>
> > b...@example.com
>
> This is a list. More suitable for a vdomains table.
>
> >
> > However, despite being listed in vusers, when trying to send a mail to bob,
> > it gets rejected with "550 Invalid recipient". Creating a systemuser "bob"
> > makes it work. But then I do not need the vusers table, so I am wondering,
> > is it possible to get along without the need for a system user?
> > Now the man page mentions a userbase parameter, and I assume, the according
> > table has to be in the format of the userinfo table mentioned in tables(5)?
> > What then effectively again refers to a system user - just with a mapping in
> > between.
> >
> > My attempts with a single userlist instead so far either resulted in a
> > 'invalid use of table "susers" as USERBASE parameter' or simply a syntax
> > error.
> >
> > Is that assumption correct? Is there no way of keeping virtual users
> > completely off the system or did I get something terribly wrong? Even when
> > not using mbox/Maildir at all, where this requirement could make sense?
> >
>
> They are off the system, but some real user has to own the mailbox, etc...
>
> > And since user filtering will eventually be done at an earlier stage, I
> > would like smtpd to be able to unconditionally forward any mail unaltered
> > (except aliases) to the lmtp socket.
> >
> > So, in addition to bob@example as for the tests com I would like to be able
> > to use *@example.com or just example.com to not do any user checking at all.
> > Depending on the syntax requirements.
> >
> > Is it possible to deactivate the user checking one way or the other?
>
> you could use a catchall
>
> /etc/mail/vusers
>
> @ catchall
>
> >
> > Thanks for any insight or heads up on what I may have missed or
> > misunderstood.
> >
> >
> > Ede
> >
>
> groupadd -g 5000 vmail
> useradd -g vmail -u 5000 vmail -d /var/vmail -m
> chown -R vmail.vmail /var/vmail
>
> /etc/mail/userinfo
>
> bob 5000:5000:/var/vmail/bob
>
> /etc/mail/vusers
>
> b...@example.com bob
>
> /etc/mail/smtpd.conf snippet
>
> action "a01" lmtp "/var/cyrus/lmtp" rcpt-to userbase <userinfo> virtual
> <vusers>
> # may need to finesse the above. I'm not using cyrus or userbase table, so
> not 100 percent
> # sure if it will work as is.
>
> match from all for domain <domains> action "a01"
Another option (that I use):
/etc/mail/vusers
b...@example.com vmail
action "a01" lmtp "/var/cyrus/lmtp" rcpt-to virtual <vusers>
match from all for domain <domains> action "a01"
No need for the userbase. I'm not really sure where a userbase table comes into
play. Maybe someone out there using it can provide an example use case.
>
> it sorta works...
> deathstar$ telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 deathstar.my.domain ESMTP OpenSMTPD
> ehlo p.com
> 250-deathstar.my.domain Hello p.com [127.0.0.1], pleased to meet you
> 250-8BITMIME
> 250-ENHANCEDSTATUSCODES
> 250-SIZE 36700160
> 250-DSN
> 250 HELP
> mail from:<me>
> 250 2.0.0 Ok
> rcpt to:<bob>
> 250 2.1.5 Destination address valid: Recipient ok
> data
> 354 Enter mail, end with "." on a line by itself
> to: u
> from: me
>
> hi bob.
>
> .
> 250 2.0.0 0a7d910f Message accepted for delivery
>
> a19e5552f2afe6dc smtp connected address=127.0.0.1 host=localhost
> debug: aliases_virtual_get: 'bob' resolved to 1 nodes
> debug: aliases_virtual_get: 'bob' resolved to 1 nodes
> warn: smtpd: parent_forward_open: /var/mail/bob: No such file or directory
> smtp: 0x1903053fd000: fd 13 from queue
> smtp: 0x1903053fd000: message fd 13
> smtp: 0x1903053fd000: message begin
> debug: 0x19034b71f000: adding Date
> debug: 0x19034b71f000: adding Message-ID
> debug: 0x1903053fd000: end of message, error=0
> a19e5552f2afe6dc smtp message msgid=0a7d910f size=335 nrcpt=1 proto=ESMTP
> a19e5552f2afe6dc smtp envelope evpid=0a7d910fa2469b23
> from=<m...@deathstar.my.domain> to=<b...@deathstar.my.domain>
> debug: scheduler: evp:0a7d910fa2469b23 scheduled (mda)
> mda: new user a19e5554bded3360 for "userinfo:bob" delivering as "root"
> debug: lka: userinfo userinfo:bob
> debug: mda: new session a19e555520bf2fa5 for user "userinfo:bob" evpid
> 0a7d910fa2469b23
> debug: mda: no more envelope for "userinfo:bob"
> debug: mda: got message fd 13 for session a19e555520bf2fa5 evpid
> 0a7d910fa2469b23
> debug: mda: querying mda fd for session a19e555520bf2fa5 evpid
> 0a7d910fa2469b23
> debug: smtpd: forking mda for session a19e555520bf2fa5: bob as root
> debug: mda: got mda fd 14 for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
> debug: mda: end-of-file for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
> debug: mda: all data sent for session a19e555520bf2fa5 evpid 0a7d910fa2469b23
> debug: smtpd: mda process done for session a19e555520bf2fa5: exited abnormally
> a19e5554bded3360 mda delivery evpid=0a7d910fa2469b23
> from=<m...@deathstar.my.domain> to=<b...@deathstar.my.domain>
> rcpt=<b...@deathstar.my.domain> user=bob delay=16s result=PermFail stat=Error
> ("mail.local: unknown name: bob")
> debug: mda: session a19e555520bf2fa5 done
> debug: mda: user "bob" becomes runnable
> debug: mda: all done for user "userinfo:bob"
>
> So probably don't want to use mail.local to deliver the message or make sure
> /var/mail/bob exists in this particular example.
>
>
>
