Hi, in my opinion revision 1.423 of smtp_session.c went a bit too far. Enforcing that ORCPT has to have domain results in breakage in real world usage. For example, sending from root user cron jobs mails via Postfix aliased to an address handled by OpenSMTPD will fail.
RFC leaves some room for interpretation here, but interoperability may be considered important as well. GitHub issue #1084 [1] has some more elaborations and examples, but was opened for the same reason. Therefore, I propose the following diff below to slightly relax the ORCPT check again by skipping the domain part check. Comments, OK? Thanks, Regards, Joerg [1] https://github.com/OpenSMTPD/OpenSMTPD/issues/1084 Index: smtp_session.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v retrieving revision 1.426 diff -u -p -r1.426 smtp_session.c --- smtp_session.c 24 Apr 2020 11:34:07 -0000 1.426 +++ smtp_session.c 18 Nov 2020 20:24:28 -0000 @@ -2582,8 +2582,7 @@ smtp_tx_rcpt_to(struct smtp_tx *tx, cons opt += 7; if (!text_to_mailaddr(&tx->evp.dsn_orcpt, opt) || - !valid_localpart(tx->evp.dsn_orcpt.user) || - !valid_domainpart(tx->evp.dsn_orcpt.domain)) { + !valid_localpart(tx->evp.dsn_orcpt.user)) { smtp_reply(tx->session, "553 ORCPT address syntax error"); return;