New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSMTPd should accept alias rules in relay declarations #502
Comments
Doesn't this generate a bounce sent back to the original sender ? |
Yep, there is a bounce. |
Pushing this up. The desired behavior is not to send a bounce telling the sender that the recipient doesn't exist, it should be evaluating the aliases and then forwarding to the (aliased) recipient address. |
No need to push this up, we have not forgotten about this but it is a VERY invasive change with profound implications with regard to the ruleset matching, the aliases expansion and the entire code path taken by an accepted envelope. It'll be worked out but it will take some time. |
So, that’s probably what I need. I’m currently trying to redirect mails received for My main mail is delivered with this rule:
So, as
Where This does work, but breaks DKIM/SPF. I’ve tried to use So, unless I’ve missed a much more simpler config to setup a pseudo-ml, I’m gonna need this too. ;) |
I have the same goals: DKIM signing only for mails originating from @mydomain.org, but not for mails that only pass through my server for taking profit of redirections to a list of mail addresses in various domains. Furthermore, I have to cope with a cornercase: mail originated from @laposte.net and redirected to @laposte.net are rejected due to strict SPF restrictions by their SMTP server. I have this setting
All work as expected, only local issued mail are DKIM signed. However, due to severe troubles within laposte.net, I have not yet been able to test if they are now happy with this new setting. I had to test with *another mail provider and I could verify that relay as "@mydomain.org" works as expected. |
Sorry for resurrecting an old issue, but this feature is exactly what I'm looking for. Neither reading smptd.conf(5) nor #772 nor trying different setups, I can find a way to do this. Any pointers? |
isn't it just |
Is this an answer to my question? If so then, I'm sorry to say, it's a bit too cryptic for me to understand. What's |
the original issue mentioned it wanted to do a spam check, so that's what I used as example action name. not sure what your use case is, but:
the example config shows some of this already, so it'll make a good starting point. there's also an |
Ah right. Sorry I missed that.
I dont' think you can use alias/mapping tables in
But smtpd doesn't like it...
Using just
I seem to be missing, where exactly it "shows some of this". I can only find an alias table that is used for local delivery but nowhere else. OpenSMTPD/usr.sbin/smtpd/smtpd.conf Line 15 in 5800ede
Quoting from the manpage you mentioned (important emphasis added by me):
Quick testing confirms this
No dice...
It will not let you apply a table "onto the relay action to do aliases expansion". Remove the This is all on OpenSMTPD 6.8.0p2 if that makes any difference. But judging form that version having been released 4 month ago and this feature supposedly having being integrated nearly 3 years ago I don't think this is a version problem. |
I went a step further, cloned the OpenSMTP repository and modified the configuration parser. Copy these lines paste them as a That'll make smtpd parse my second example, start and not even crash (I'm a bit astonished). But it'll still not alias before relaying:
|
Oh right making the parser just assign the alias table to
So... am I allowed to go so far to say that there must have been an error and this feature is actually not implemented? Reopen this issue? Create a new one? |
Yeah, I don’t see how this has been fixed: from the documentation, So my old rule, that was:
where forwards was a table like
But |
Also I’m wondering how |
Chiming in to give some insight:
It is not the right mechanism for doing that which is why this issue was closed. Aliases and virtuals are local mechanism intended to convert a session RCPT address into a local user account, with a uid, a gid, a homedir, and so on. It can end up resolving an address into another address but this is a special case of the mechanism which always tries to find a local user account, does cross rules expansions, converts an address to another one just so it can match it against the configuration file again to find a local user, etc... For relay rules, this doesn't make sense and may have undesireable side effects, you really want a rewrite mechanism that can ONLY convert an e-mail address into another one, not trying to resolve a local user, not trying to do cross-rules things, just mapping foo@bar.org to bar@baz.org and be done. This mechanism doesn't exist in the ruleset yet, though I proposed it a while back. It is possible to do it through filters or built-in filters since they have a "rewrite" action which allows replacing a mail-from or rcpt-to parameter with a new value, it's just not doable from the ruleset itself at this point.
Wrong mechanism which is why it can't work and even if you managed to plug it correctly, it would hit other issues because the aliasing does stuff specifically for local systems, which may not work on a relay rule. Everything needed to support the rewrite already exists, if you open an issue it might just be implemented shortly.
virtual and alias have always been a local only mechanism, the old configuration syntax was ambiguous and accepted them n relay rules ... without actually doing the aliasing, it used the key to similarly to what
Only because your action is invalid, the new syntax does not change behaviours: forward-only is still a local action that makes no sense in a relay rule:
What is illegal is using virtual with a "relay" action because as stated above, aliases and virtuals are a local mechanism doing local operations which make no sense for relay rules. A different mechanism is needed that only does address rewrites without looking up local users and such.
the same way it has always worked: forward-only matches a local rule, does aliases expanding which results in remote addresses, which are all matched individually against the ruleset to find a matching relay rule. |
To better highlight ONE of the many issues of using aliases in relay rules:
What are your expecting the relay action to do with the local user "gilles" here ? |
Right, makes sense and I now remember how this rule worked exactly.
Right, for one moment I thought I had a
Right, so of course the translation of my old rule now is:
with
so that those emails are relayed using SRS (or, for the old Did I understood things correctly? If so this seems actually solved to me. |
Ah right. Someone pointed that out on IRC, I played around a bit with it, but didn't manage to expand a single address to multiple ones. Didn't continue looking there and came here...
Since I didn't manage to get it working with a custom filter, would "implemented shortly" be still on the table if I wanted rewrite to turn a match into multiple recipients?
I'd expect this to apply aliasing/rewriting recursively and if no more matches are found to bounce the mail. If on the other hand its
I'd hope that forwarding would be tried in hopes of the smarthost actually accepting that user. Or at least I'd like to be able to configure my MTA to work that way. Maybe that'd be out of scope of OpenSMTPD and I'm better served with some other piece of software? |
@wagnerflo Did you try my proposition? If yes and there is an issue, please tell me. If not, please do. If I did not understand what you are trying to do exactly, please explain your exact needs/setup. ;) |
It is sometimes useful to be able to use alias rules in relay declarations, for example if one tries to redirect mail from one user that doesn't exist on the system to another one, using a spam check (like amavisd). As of now, what happens is that the email arrives on the system, and OpenSMTPd immediately rejects it as the user doesn't exist, even though there's an alias on this user, while with a direct delivery it would work (since one can apply aliases to deliver declarations)
The text was updated successfully, but these errors were encountered: