OpenSMTPD often reports IO error in errorline but most IO errors can be turned into a more precise description.

The manual page has links to display the latest version of the manual pages from cvs.openbsd.org

Currently OpenSMTPD is not the default MTA on OpenBSD, so the manual pages returned are those of sendmail

 -R return   Set the amount of the message to be returned if the message
             bounces.  The return parameter can be `full' to return the
             entire message or `hdrs' to return only the headers.  In the
             latter case also local bounces return only the headers.

Apparently mutt uses this as well.

Ignorance is bliss, so lets ignore this and deliver the message...

diff --git a/smtpd/enqueue.c b/smtpd/enqueue.c
index 4324887..df3ae4a 100644
--- a/smtpd/enqueue.c
+++ b/smtpd/enqueue.c
@@ -175,7 +175,7 @@ enqueue(int argc, char *argv[])
    time(×tamp);
 
    while ((ch = getopt(argc, argv,
-       "A:B:b:E::e:F:f:iJ::L:mo:p:qtvx")) != -1) {
+       "A:B:b:E::e:F:f:iJ::L:mo:p:qR:tvx")) != -1) {
        switch (ch) {
        case 'f':
            fake_from = optarg;
@@ -200,6 +200,7 @@ enqueue(int argc, char *argv[])
        case 'm':
        case 'o':
        case 'p':
+       case 'R':
        case 'x':
            break;
        case 'q':

Currently statistics only support size_t values and can therefore only be used for simple counters.

By changing slightly the API, we can allow the set() primitive to take a struct statval { enum stattype type, union val { ... } }; and be able to provide much more flexible statistics to support counters, ratios, timeframes, etc ...

The stats API should be extended to support types and provide helpers to convert/display the different types

Statistics are handled by static structures stored on shared pages.

I would like to have the stats API use a backend system (akin to maps, scheduler, delivery, queue, ..) and provide a default backend that would store statistics in a tree.

The API needs to be redesigned slightly, but the idea is to have very simple primitives: increment / decrement / set / get ; and allow setting dynamic keys which is not possible today:

  /* example */
  {
    char key[STATS_KEY_SIZE];

    snprintf(key, sizeof key, "deliveries.%s", evp->dest.domain);
    stats_increment(key);
  }

introduce accept_reserve() and use the new imsg_fd_overhead knob of imsg to properly cope with fd exhaustion

my /24 netblock has been blacklisted by the blackmailing donkeys at spamhaus.

while my server has about a dozen ip addresses, OpenSMTPD doesn't provide any way to force the outgoing address and will always use the default route.

for my own purpose i hacked io_connect() to bind() another address but we should really have mta check if there is a mapping of source address available for a specific envelope and override default address if so.

This is a feature request, not mandatory for first milestone but still very important IMO

Runner process spinning observed on poolp.org secondary MX

It seems to be related to a missing rule to match local domain, causing local mail to be sent using MTA.

needs to be investigated

Goal:
Using smtpd as a sink - Accepting all ("accept for all") mails but delivering ("deliver to {maildir,mbox,mda}") instead of relaying.
Useful in test/development environments where you want to catch and contain all mails.

The problem right now is it checks that the user-part of the address exists.

I tested the following:

listen on 127.0.0.1
accept for all deliver to maildir "/home/foo/mails"

Which gladly delivers mail to /home/foo/mails as expected for everything sent to any domain, as long as the user-part exists (alias or locally).

'sendmail [email protected]' -> ok
'sendmail [email protected],[email protected]' ->
sendmail: command failed: 530 5.0.0 Recipient rejected: [email protected],[email protected]

actual sendmail handles this fine, as does smtpd via port 25:

$ /usr/libexec/sendmail/sendmail -v [email protected],[email protected]
[email protected],[email protected]... Connecting to [ipv6:::1] via relay...
220 t41.fries.net ESMTP OpenSMTPD
>>> EHLO t41.fries.net
250-t41.fries.net Hello t41.fries.net [IPv6:::1], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 4294967295
250 HELP
>>> MAIL From:
250 2.1.0 Sender ok
>>> RCPT To:
250 2.0.0 Recipient ok
>>> RCPT To:
250 2.0.0 Recipient ok
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 daff1c4a Message accepted for delivery
[email protected],[email protected]... Sent (daff1c4a Message accepted for delivery)
Closing connection to [ipv6:::1]
>>> QUIT
221 2.0.0 t41.fries.net Closing connection

By default, mutt tries to deliver multiple recipients via 'sendmail email1,email2,email3,...' which obviously fails in the smtpd case. My workaround for now is to deliver to ::1 port 25 ....

%a and %u format specifiers in smtpd.conf may be swapped according to a mail I received, needs to be confirmed/fixed

It should be possible to avoid having to write a "user backend" API for user lookups and rely on the map API.

Problem right now is that users are looked up both by name and UID which does not fit in the 'key/value' schema of the map API and forces us to use a different API that allows both name and UID lookups.

Relying on the map API would simplify everything and ensure that once a backend is written for maps, users can be looked inside that backend.

http://en.wikipedia.org/wiki/Comparison_of_mail_servers
http://en.wikipedia.org/wiki/Message_transfer_agent#List_of_MTA_software_for_Unix-like_operating_systems

the above two do not have mention of OpenSMTPD whereas

http://en.wikipedia.org/wiki/List_of_mail_servers

does. I do not have a wikipedia account or I'd fix it myself.

OpenSMTPD should stop using getpwnam() when looking up for final recipients, allowing us to provide fully virtual users.

It is a bit tricky because each getpwnam() call in the delivery code-path needs to be be rerouted to the lka process making them asynchronous ...

Doable but not trivial, high on the todo list but not for upcoming milestone

When bouncing multiple recipients, only one bounce with the list of recipients should be emitted

We should accept: gilles@[127.0.0.1] !!

We need to complete the filter API so that popular filters like ClamAV and SpamAssassin may be plugged

we should be able to make smtpd reject clients with "TEMPORARY FAILURE"

From: Christopher Zimmermann [email protected]
Subject: OpenSMTPd not recognizing its own hostname

my smtpd.conf:

madroach@alix:~% May 22 18:38:27 alix smtpd[4696]: inet_net_pton: Address family not supported by protocol family
May 22 18:38:27 alix last message repeated 2 times
May 22 18:38:27 alix smtpd[12312]: 8024b6b0: from=madroach@XXXXXXXXX, size=405, nrcpts=1, proto=ESMTP, relay=1000@localhost [IPv6:::1]
May 22 18:38:29 alix smtpd[11499]: 8024b6b0d4e1895a: to=root@XXXXXXXX, delay=2, relay=smtp.1und1.de [212.227.15.167], stat=Sent (Message 0LgtFa-1Rkwi30IQY-00nlSq accepted by XXX)

change mta state logic to fetch the data fd after the smtp connection is succesfully established.
this is way cleaner I think, and it will make it easier to send multiple messages through the connection later.

relay via should use a mapping to allow relaying through different relay hosts for a same rule

We should support PIPELINE even though it is not mandatory, this is not an imminent feature ;-)

currently, if an offline message cannot be reenqueued, the message is left in offline/. It should generate a bounce instead.

runner crashes observed on a few rare occasions.

One reporter mentions it happened after a smtpctl remove

May be caused by the scheduler_ramqueue backend ... to be investigated

matching a rule but failing the map lookup should not necessarily cause the ruleset matching to fail:

map doms source plain "/etc/mail/doms.txt"

accept for domain map "doms" deliver to maildir
accept for domain opensmtpd.org deliver to maildir

Here, we will always fail to deliver to @opensmtpd.org because the mapping rule will be matched and if opensmtpd.org is not part of the mapping, there will be no further rule processing.

Program received signal SIGSEGV, Segmentation fault.
mta_enter_state (s=0x81777500, newstate=12)
    at /usr/src/usr.sbin/smtpd/smtpd/../mta_session.c:467
467                     if (s->task->sender.user[0] && s->task->sender.domain[0])
(gdb) print s
$1 = (struct mta_session *) 0x81777500
(gdb) print *s
$2 = {id = 6348794322668282305, route = 0xe3e473c2, 
  secret = 0xcd13df01 , flags = -908832919, 
  msgcount = -661298030, state = MTA_SMTP_MAIL, hosts = {
    tqh_first = 0x5825dd7d, tqh_last = 0x6dc2de01}, task = 0x35d9accd, 
  datafp = 0x237502b8, currevp = 0x1b2e000e, iobuf = {
    buf = 0x66e52cc2 , max = 3195029584, 
    size = 735276414, wpos = 1945546755, rpos = 374185188, queued = 596914217, 
    outq = 0xf5a9ef26, outqlast = 0xee87ef28}, io = {sock = 1324545014, 
    arg = 0xf082bba6, cb = 0xdb51d6d8, iobuf = 0xa8a766db, lowat = 2945433811, 
    timeout = -1944325894, flags = 2041716700, state = -1758072588, ev = {
      ev_next = {tqe_next = 0xc6647f49, tqe_prev = 0x36e6c4ef}, 
      ev_active_next = {tqe_next = 0xedb71237, tqe_prev = 0x451074ec}, 
      ev_signal_next = {tqe_next = 0x61e10a49, tqe_prev = 0xedfafab3}, 
      min_heap_idx = 2487805295, ev_base = 0x37d159b, ev_fd = -1113905571, 
      ev_events = -7502, ev_ncalls = -29827, ev_pncalls = 0x66caf085, 
      ev_timeout = {tv_sec = 601523305, tv_usec = -1731764986}, 
      ev_pri = 1966974901, ev_callback = 0xe17542da, ev_arg = 0xe2085741, 
      ev_res = 631995870, ev_flags = -1361666196}, ssl = 0xc81c6fe9}, 
  is_reading = -339285120, ext = 1429137871, ssl = 0x20134e7a}
(gdb) print s->task
$3 = (struct mta_task *) 0x35d9accd
(gdb) print *s->task
Cannot access memory at address 0x35d9accd
(gdb) bt
#0  mta_enter_state (s=0x81777500, newstate=12)
    at /usr/src/usr.sbin/smtpd/smtpd/../mta_session.c:467
#1  0x1c012a9c in mta_session_imsg (iev=0x873bb000, imsg=0xcfbe4ac4)
    at /usr/src/usr.sbin/smtpd/smtpd/../mta_session.c:188
#2  0x1c0112be in mta_imsg (iev=0x873bb000, imsg=0xcfbe4ac4)
    at /usr/src/usr.sbin/smtpd/smtpd/../mta.c:158
#3  0x1c01d7fd in imsg_dispatch (fd=59, event=2, p=0x873bb000)
    at /usr/src/usr.sbin/smtpd/smtpd/../smtpd.c:1153
#4  0x05be30a2 in event_base_loop (base=0x846d6000, flags=0)
    at /usr/src/lib/libevent/event.c:402
#5  0x05be3359 in event_loop (flags=0) at /usr/src/lib/libevent/event.c:478
#6  0x05be337e in event_dispatch () at /usr/src/lib/libevent/event.c:416
#7  0x1c0110a7 in mta () at /usr/src/usr.sbin/smtpd/smtpd/../mta.c:277
#8  0x1c01e30e in main (argc=4, argv=0xcfbe55cc)
    at /usr/src/usr.sbin/smtpd/smtpd/../smtpd.c:667
(gdb) 

The above is after applying the below diff which seems to help but obviously there is a task removal race somewhere in the mta since going from s->task == NULL to s->task == 'Address out of bounds' still produces the same result, a SEGV.

diff --git a/smtpd/mta_session.c b/smtpd/mta_session.c
index b5887e9..84624a4 100644
--- a/smtpd/mta_session.c
+++ b/smtpd/mta_session.c
@@ -293,6 +293,7 @@ mta_enter_state(struct mta_session *s, int newstate)
        /*
         * Obtain message body fd.
         */
+       if (s->task)
        imsg_compose_event(env->sc_ievs[PROC_QUEUE],
            IMSG_QUEUE_MESSAGE_FD, s->task->msgid, 0, -1,
            &s->id, sizeof(s->id));
@@ -462,19 +463,23 @@ mta_enter_state(struct mta_session *s, int newstate)
        break;
 
    case MTA_SMTP_MAIL:
+       if (s->task) {
        if (s->task->sender.user[0] && s->task->sender.domain[0])
            mta_send(s, "MAIL FROM: <%s@%s>",
                s->task->sender.user, s->task->sender.domain);
        else
            mta_send(s, "MAIL FROM: <>");
+       }
        break;
 
    case MTA_SMTP_RCPT:
+       if (s->task) {
        if (s->currevp == NULL)
            s->currevp = TAILQ_FIRST(&s->task->envelopes);
        mta_send(s, "RCPT TO: <%s@%s>",
            s->currevp->dest.user,
            s->currevp->dest.domain);
+       }
        break;
 
    case MTA_SMTP_DATA:

we should be able to use a table for source address and make it applicable per-rule

OpenSMTPD does not provide a man page to describe the format of aliases(5)

Well.. we should :-)

MTA should keep a connection cache and reuse a connection as long as RUNNER provides envelopes for that host. See previous issue ;-)

We used to have LDAP support for mapping but it was never committed.

Re-introduce LDAP map backend using the aldap.[ch] API !

Requested by many

This is a regression, we should keep track of recipients count and do NOT send DATA if none was accepted !

We should be able to force the source address for outgoing mail

Refactor discussed with eric@:

• SCHEDULER notifies MDA/MTA that is has envelopes ready for scheduling
• MDA/MTA request envelopes from SCHEDULER

It's a bit more complex actually but this is the main idea

lets say I have a queue of messages that started to expire and I decided I'd rather hold on to them longer.

Instead of having to manually muck with the envelope in the queue when smtpd is not running, I'd rather the 'expire 14d' actually apply that to all messages as it starts smtpd.

Otherwise, the 'expire 14d' only applies to messages that are queued after that config change.

If this is the expected behavior, it might be wise to document it as such.

The per-line DATA hook needs to be improved it is dramatically inefficient ...

On OpenBSD current/macppc, this is what happens when I try
to remove a message from the queue with smtpctl remove:

mailq

MTA|d4c2da0cc94048ad|ENQUEUED|[email protected]|[email protected]|1339601616|345600|3|450 4.1.8 [email protected]: Sender address rejected: Domain not found

smtpctl remove d4c2da0cc94048ad

command succeeded

But in fact:
Jun 13 17:34:40 mini smtpd[27289]: queue handler exiting
Jun 13 17:34:40 mini smtpd[15931]: lost child: runner terminated; signal 11
Jun 13 17:34:40 mini smtpd[8176]: mail filter exiting
Jun 13 17:34:40 mini smtpd[31784]: smtp server exiting
Jun 13 17:34:40 mini smtpd[19697]: lookup agent exiting
Jun 13 17:34:40 mini smtpd[9160]: mail transfer agent exiting
Jun 13 17:34:40 mini smtpd[32734]: mail delivery agent exiting
Jun 13 17:34:40 mini smtpd[21481]: control process exiting
Jun 13 17:34:40 mini smtpd[15931]: parent terminating

and the message is still there:

mailq

MTA|d4c2da0cc94048ad|ENQUEUED|[email protected]|[email protected]|1339601616|345600|3|450 4.1.8 [email protected]: Sender address rejected: Domain not found

OpenSMTPD should start using uintXX_t instead of u_intXX_t as it is the prefered notation.

we will start replacing every now and then, as we write new code, but we appreciate diffs that help moving towards this.
it is very simple:

whenever you see u_int32_t, u_int16_t or ui_int64_t, replace with uint32_t, uint16_t or uint64_t

We should be able to accept on a subset of a domain:

accept for recipient "[email protected]" deliver to ...

Syntax yet to determine, and clearly we should accept a mapping too ;-)

loop detection got removed from the scheduler. It must be implemented at the mta and mda level.

smtpd -d -> disables syslog logs

I'd prefer to fix this in this manner:

--- smtpd/log.c
+++ smtpd/log.c
@@ -49,8 +49,7 @@ log_init(int n_debug)
    debug = n_debug;
    verbose = n_debug;
 
-   if (!debug)
-       openlog(__progname, LOG_PID | LOG_NDELAY, LOG_MAIL);
+   openlog(__progname, LOG_PID | LOG_NDELAY, LOG_MAIL);
 
    tzset();
 }
@@ -86,8 +85,8 @@ vlog(int pri, const char *fmt, va_list ap)
            free(nfmt);
        }
        fflush(stderr);
-   } else
-       vsyslog(pri, fmt, ap);
+   }
+   vsyslog(pri, fmt, ap);
 }
 
 

In /etc/mail/aliases, if you have any of the following entries, newaliases will run fine, but smtpd will reject any emails:

Userid: userid
USERID: userid

where userid is the userid.

echo "test"|mail root

send-mail: command failed: 530 5.0.0 Recipient rejected: [email protected]

Our maildir support is very basic, it should support tagging (gilles+foo@ -> tagging the maildir)

relay hosts should be expressed in URL form within smtpd.conf and maps

Delivery Status Notification

A 'barely scratch the surface but at least is sendmail compat' for the cli sendmail emulation binary diff follows:

diff --git a/smtpd/enqueue.c b/smtpd/enqueue.c
index c31466b..960260b 100644
--- a/smtpd/enqueue.c
+++ b/smtpd/enqueue.c
@@ -177,7 +177,7 @@ enqueue(int argc, char *argv[])
    time(×tamp);
 
    while ((ch = getopt(argc, argv,
-       "A:B:b:E::e:F:f:iJ::L:mo:p:qtvx")) != -1) {
+       "A:B:b:E::e:F:f:iJ::L:mN:o:p:qtvx")) != -1) {
        switch (ch) {
        case 'f':
            fake_from = optarg;
@@ -200,6 +200,7 @@ enqueue(int argc, char *argv[])
        case 'i':
        case 'L':
        case 'm':
+       case 'N': /* XXX: DSN */
        case 'o':
        case 'p':
        case 'x':

It would be nice to have a Milter compatible interface built on top of our filter API

Opensmtpd always treats the local part of email addresses in a case-insensitive way. However, these local parts are case-sensitive, and issues arise for incoming emails when the local MDA treats emails case-sensitivly: opensmtpd accepts alternate-cased emails, but the local MDA rejects them since that mailbox does not exist.

A clear example of this issue is describe here: http://article.gmane.org/gmane.mail.opensmtpd.general/39

It would be nice to have a regression suite for OpenSMTPD

Trying to use the "relay as" feature, smtpd dies in openbsd 5.1

Setting 'accept for all relay as "@tumfatig.net"' in smtpd.conf leads to:
smtp: new client on listener: 0x3c00aba0
session_pickup: greeting client
scheduler_ramqueue: insert
888f8b99: from=[email protected], size=421, nrcpts=1, proto=ESMTP, relay=1000@localhost [IPv6:::1]
smtp: 0x84e2a000: deleting session: done
scheduler_ramqueue: display
scheduler_ramqueue: hosttree display
host: [0x87cf2000] directory.tumfatig.net
batch: [0x8984c180] 00000000888f8b99
evpid: [0x8984c3c0] 888f8b99373d71cc
scheduler_ramqueue: msgtree display
msg: [0x8b859420] 00000000888f8b99
evp: [0x8984c3c0] 888f8b99373d71cc
scheduler_ramqueue: queue display
evpid: [0x8984c3c0] [batch: 0x8984c180], 888f8b99373d71cc
scheduler_ramqueue: next
scheduler_ramqueue: next: found
scheduler_ramqueue: next
scheduler_ramqueue: next: found
scheduler_ramqueue: next
scheduler_ramqueue: next: found
scheduler_ramqueue: remove
scheduler_ramqueue_remove: batch removed
scheduler_ramqueue: next
scheduler_ramqueue: next: nothing schedulable
runner: nothing to schedule, wake me up. zZzZzZ
mta: 0x8b856d00: new session for batch 4122582936
mta: 0x8b856d00: adding [email protected] from envelope 888f8b99373d71cc
dns: lookup mx "directory.tumfatig.net"
mta: 0x8b856d00: connecting to 192.168.0.67...
fatal: mta cannot create socket: Connection refused
lost child: mail transfer agent exited abnormally
lookup agent exiting
smtp server exiting
mail filter exiting
control process exiting
queue handler exiting
mail delivery agent exiting
runner handler exiting
parent terminating

Setting 'accept for all relay via mail.tumfatig.net as "@tumfatig.net"' does not replace the recipient (nor does "[email protected]").

To sum up the discussion on ML: "So relay via doesn't crash but does nothing, and relay crashes."

The 'smtpctl pause ' command seem to be broken

Currently OpenSMTPD does not support being a backup MX.

We can hack backup MX by adding a relay via rule but it is just a work around with some limitations ...

We should be able to do:

accept for domain "foobar.org" backup

which would be similar to a relay rule except that it would search for any MX with a higher priority, ranging from the highest priority.

Until then, we should consider OpenSMTPD not suitable as a backup MX.