Hi list,
I have a small problem with recipient_delimiters contained in usernames. Recently I have extended recipient_delimiter from "+" to "+-" in both Postfix and Dovecot (using lmtp) and now any user that have a '-' in it's username can't receive mail anymore, because lmtp truncates the localpart after the '-' and of course can't find the first half in the user database.
To illustrate: given an account "foo-bar@example.com", I get the following log entry from postfix: Mar 9 09:31:43 batleth postfix/lmtp[6196]: 9A7BA33E005B: to=foo-bar@example.com, relay=batleth.sapienti-sat.org[private/dovecot-lmtp], delay=20, delays=20/0.01/0.01/0.08, dsn=5.1.1, status=bounced (host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@example.com User doesn't exist: foo@example.com (in reply to RCPT TO command))
Is there any way to tell lmtp to first look for <user><delimiter><extension> and if that fails look for <user> only (the reverse order would be ok, too)?
Thanks in advance, Juri
doveconf -n: # 2.3.10 (0da0eff44): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.10 (bf8ef1c2) # OS: Linux 4.4.0-174-generic x86_64 Ubuntu 16.04.6 LTS ext4 # Hostname: batleth.sapienti-sat.org auth_default_realm = sapienti-sat.org first_valid_uid = 115 imap_idle_notify_interval = 29 mins last_valid_uid = 115 mail_location = maildir:/srv/vmail/%Ld/%Ln managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { autoexpunge = 180 days special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { autoexpunge = 365 days special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { address = 127.0.0.1 ::1 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } } ssl_cert =
Le 11 mars 2020 à 19:32, Juri Haberland juri@koschikode.com a écrit :
Hi list,
I have a small problem with recipient_delimiters contained in usernames. Recently I have extended recipient_delimiter from "+" to "+-" in both Postfix and Dovecot (using lmtp) and now any user that have a '-' in it's username can't receive mail anymore, because lmtp truncates the localpart after the '-' and of course can't find the first half in the user database.
To illustrate: given an account "foo-bar@example.com", I get the following log entry from postfix: Mar 9 09:31:43 batleth postfix/lmtp[6196]: 9A7BA33E005B: to=foo-bar@example.com, relay=batleth.sapienti-sat.org[private/dovecot-lmtp], delay=20, delays=20/0.01/0.01/0.08, dsn=5.1.1, status=bounced (host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@example.com User doesn't exist: foo@example.com (in reply to RCPT TO command)) Is there any way to tell lmtp to first look for <user><delimiter><extension> and if that fails look for <user> only (the reverse order would be ok, too)?
This is already what they do AFAIK. I’m using ‘-‘ as delimiter for a long time and didn’t have any issue with my mails. I think this postfix error only reflects the last attempt, and not all the resolution attempts. Try increasing the log (either in postfix or LMTP) to see what append exactly.
On 12/03/2020 08:04, Jean-Daniel wrote:
Le 11 mars 2020 à 19:32, Juri Haberland juri@koschikode.com a écrit :
Hi list,
I have a small problem with recipient_delimiters contained in usernames. Recently I have extended recipient_delimiter from "+" to "+-" in both Postfix and Dovecot (using lmtp) and now any user that have a '-' in it's username can't receive mail anymore, because lmtp truncates the localpart after the '-' and of course can't find the first half in the user database.
To illustrate: given an account "foo-bar@example.com", I get the following log entry from postfix: Mar 9 09:31:43 batleth postfix/lmtp[6196]: 9A7BA33E005B: to=foo-bar@example.com, relay=batleth.sapienti-sat.org[private/dovecot-lmtp], delay=20, delays=20/0.01/0.01/0.08, dsn=5.1.1, status=bounced (host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@example.com User doesn't exist: foo@example.com (in reply to RCPT TO command)) Is there any way to tell lmtp to first look for <user><delimiter><extension> and if that fails look for <user> only (the reverse order would be ok, too)?
This is already what they do AFAIK. I’m using ‘-‘ as delimiter for a long time and didn’t have any issue with my mails. I think this postfix error only reflects the last attempt, and not all the resolution attempts. Try increasing the log (either in postfix or LMTP) to see what append exactly.
I turned debugging on in both programs and could see the conversation between Postfix and Dovecot via LMTP. Setting recipient_delimiter to +- in Postfix doesn't make the delivery break so I left it at this. Only recipient_delimiter=+- in Dovecot makes the difference. In both cases Postfix ask Dovecot for a user named "foo-bar@sapienti-sat.org" and with "-" included in Dovecot's recipient_delimiter option Dovecot replies with:
550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org
On the Dovecot side I see a single database lookup for "foo@sapienti-sat.org". So Postfix doesn't care and hands the complete mail address off to Dovecot, which in turn either looks up the full email address (in case of "-" excluded) or looks up the truncated mail address only in case of "-" included.
My question would be: Is this due to a misconfiguration somewhere? Is this the intended behavior? Or is this a bug?
Cheers, Juri
PS: here are the logs (from two different but identical tests) for the case where both Dovecot and Postfix have recipient_delimiter = +-
Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_connect_unix: trying: private/dovecot-lmtp... Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 220 batleth.sapienti-sat.org Dovecot ready. Mar 15 17:57:06 batleth dovecot: lmtp(5154): Connect from local Mar 15 17:57:06 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: LHLO batleth.sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250-batleth.sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250-8BITMIME Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250-CHUNKING Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250-ENHANCEDSTATUSCODES Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250-PIPELINING Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250 STARTTLS Mar 15 17:57:06 batleth postfix/lmtp[5077]: server features: 0x17 size 0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: Using LMTP PIPELINING, TCP send buffer size is 212992, PIPELINING buffer size is 4096 Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: MAIL FROM:root@batleth.sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: RCPT TO:foo-bar@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: DATA Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250 2.1.0 OK Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: connect to subsystem private/bounce Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr nrequest = 0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr flags = 0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr queue_id = B75A333E0D77 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr original_recipient = foo-bar@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr recipient = foo-bar@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr offset = 700 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr dsn_orig_rcpt = rfc822;foo-bar@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr notify_flags = 0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr status = 5.1.1 Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr diag_type = smtp Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr diag_text = 550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr mta_type = dns Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr mta_mname = batleth.sapienti-sat.org Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr action = failed Mar 15 17:57:06 batleth postfix/lmtp[5077]: send attr reason = host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org (in reply to RCPT TO command) Mar 15 17:57:06 batleth postfix/lmtp[5077]: private/bounce socket: wanted attribute: status Mar 15 17:57:06 batleth postfix/lmtp[5077]: input attribute name: status Mar 15 17:57:06 batleth postfix/lmtp[5077]: input attribute value: 0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: private/bounce socket: wanted attribute: (list terminator) Mar 15 17:57:06 batleth postfix/lmtp[5077]: input attribute name: (end) Mar 15 17:57:06 batleth postfix/lmtp[5077]: B75A333E0D77: to=foo-bar@sapienti-sat.org, relay=batleth.sapienti-sat.org[private/dovecot-lmtp], delay=0.31, delays=0.21/0/0.01/0.08, dsn=5.1.1, status=bounced (host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org (in reply to RCPT TO command)) Mar 15 17:57:06 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=120 enable_deadline=0 Mar 15 17:57:06 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 503 5.5.0 No valid recipients Mar 15 17:57:07 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: RSET Mar 15 17:57:07 batleth postfix/lmtp[5077]: > batleth.sapienti-sat.org[private/dovecot-lmtp]: QUIT Mar 15 17:57:07 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=20 enable_deadline=0 Mar 15 17:57:07 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 250 2.0.0 OK Mar 15 17:57:07 batleth postfix/lmtp[5077]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 15 17:57:07 batleth postfix/lmtp[5077]: < batleth.sapienti-sat.org[private/dovecot-lmtp]: 221 2.0.0 Bye Mar 15 17:57:07 batleth postfix/lmtp[5077]: name_mask: resource Mar 15 17:57:07 batleth postfix/lmtp[5077]: name_mask: software Mar 15 17:57:07 batleth dovecot: lmtp(5154): Disconnect from local: Client has quit the connection (state=READY)
Mar 15 17:25:55 batleth dovecot: lmtp(32357): Connect from local Mar 15 17:25:55 batleth dovecot: lmtp(foo@sapienti-sat.org)<32357>: Debug: auth-master: userdb lookup(foo@sapienti-sat.org): Started userdb lookup Mar 15 17:25:55 batleth dovecot: lmtp(foo@sapienti-sat.org)<32357>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Mar 15 17:25:55 batleth dovecot: lmtp(foo@sapienti-sat.org)<32357>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=32319,uid=0): Client connected (fd=17) Mar 15 17:25:55 batleth dovecot: lmtp(foo@sapienti-sat.org)<32357>: Debug: auth-master: userdb lookup(foo@sapienti-sat.org): auth USER input: Mar 15 17:25:55 batleth dovecot: lmtp(foo@sapienti-sat.org)<32357>: Debug: auth-master: userdb lookup(foo@sapienti-sat.org): Userdb lookup failed Mar 15 17:25:55 batleth postfix/lmtp[31931]: 055C233E13EE: to=foo-bar@sapienti-sat.org, relay=batleth.sapienti-sat.org[private/dovecot-lmtp], delay=0.23, delays=0.15/0/0.01/0.07, dsn=5.1.1, status=bounced (host batleth.sapienti-sat.org[private/dovecot-lmtp] said: 550 5.1.1 foo-bar@sapienti-sat.org User doesn't exist: foo@sapienti-sat.org (in reply to RCPT TO command)) Mar 15 17:25:55 batleth dovecot: lmtp(32357): Disconnect from local: Client has quit the connection (state=READY)
On 16/03/20 7:10 am, Juri Haberland wrote:
My question would be: Is this due to a misconfiguration somewhere? Is this the intended behavior? Or is this a bug?
Poorly documented, imo, but you want lmtp_save_to_detail_mailbox = yes:
https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/20-lmt...
Peter
On 16/03/20 8:30 am, Aki Tuomi wrote:
Poorly documented, imo, but you want lmtp_save_to_detail_mailbox = yes:
https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/20-lmt...
https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/#address-...
Right, that's how I found the setting to begin with, but that page doesn't actually document what the setting does (all that page does is say you should set it to yes if using recipient delimiters with lmtp), the only place I was able to find that says what that setting actually does is in the comment in 20-lmtp.conf, hence why I said it's poorly documented.
Peter
On 15/03/2020 20:26, Peter wrote:
Poorly documented, imo, but you want lmtp_save_to_detail_mailbox = yes:
Thanks, tried it, but no, that's not what I want and it doesn't help in my case.
To recap: If I set recipient_delimiter to "+-" (or "-" alone), having a user named "foo-bar" won't work anymore, because Dovecot always tries to deliver to user "foo" and never tries "foo-bar", even though it exists.
My question would be: Is this due to a misconfiguration somewhere? Is this the intended behavior? Or is this a bug?
Cheers, Juri
Hi,
have a look at this:
http://www.postfix.org/postconf.5.html#recipient_delimiter
[...]When the recipient_delimiter [1] set contains multiple characters (Postfix 2.11 and later), a user name or .forward file name is separated from its extension by the first character that matches the recipient_delimiter [1] set.[...]
--- Original Nachricht --- Betreff: Re: lmtp and recipient_delimiter Von: "Juri Haberland" An: dovecot@dovecot.org Datum: 15-03-2020 20:56
On 15/03/2020 20:26, Peter wrote:
Poorly documented, imo, but you want lmtp_save_to_detail_mailbox = yes:
Thanks, tried it, but no, that's not what I want and it doesn't help in my case.
To recap: If I set recipient_delimiter to "+-" (or "-" alone), having a user named "foo-bar" won't work anymore, because Dovecot always tries to deliver to user "foo" and never tries "foo-bar", even though it exists.
My question would be: Is this due to a misconfiguration somewhere? Is this the intended behavior? Or is this a bug?
Cheers, Juri
Links:
[1] http://www.postfix.org/postconf.5.html#recipient_delimiter
On 15/03/2020 21:26, GMX Account wrote:
have a look at this:
http://www.postfix.org/postconf.5.html#recipient_delimiter
[...]When the recipient_delimiter [1] set contains multiple characters (Postfix 2.11 and later), a user name or .forward file name is separated from its extension by the first character that matches the recipient_delimiter [1] set.[...]
Uhm, yes, I know what this option should do, but what happens, if I already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) and I set recipient_delimiter to "-"?
Will this character become a somewhat illegal character for usernames in the user database?
Cheers, Juri
On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote:
On 15/03/2020 21:26, GMX Account wrote:
have a look at this:
http://www.postfix.org/postconf.5.html#recipient_delimiter
[...]When the recipient_delimiter [1] set contains multiple characters (Postfix 2.11 and later), a user name or .forward file name is separated from its extension by the first character that matches the recipient_delimiter [1] set.[...]
Uhm, yes, I know what this option should do, but what happens, if I already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) and I set recipient_delimiter to "-"?
Will this character become a somewhat illegal character for usernames in the user database?
Cheers, Juri
Yes, of course . By setting the delimiter "-", the address foo-bar@ex.tld becomes foo@ex.tld . Postfix seems to have a special interpretation of "+-" as it is compatible to qmail extension (another smtp server), which seems to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" as delimiter...
foo-bar@ex.tld foo+bar@ex.tld foo+-bar@ex.tld ... would all be sent to foo@ex.tld ??
From http://www.postfix.org/postconf.5.html#recipient_delimiter # Handle both Postfix and qmail extensions (Postfix 2.11 and later). recipient_delimiter = +-
(Who would need such a compatibility option -- I mean where is the use case ?!) Martin
On Sonntag, 15. März 2020 22:37:40 CET Martin Johannes Dauser wrote:
On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote:
On 15/03/2020 21:26, GMX Account wrote:
have a look at this:
http://www.postfix.org/postconf.5.html#recipient_delimiter
[...]When the recipient_delimiter [1] set contains multiple characters (Postfix 2.11 and later), a user name or .forward file name is separated from its extension by the first character that matches the recipient_delimiter [1] set.[...]
Uhm, yes, I know what this option should do, but what happens, if I already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) and I set recipient_delimiter to "-"?
Will this character become a somewhat illegal character for usernames in the user database?
Cheers,
Juri
Yes, of course . By setting the delimiter "-", the address foo-bar@ex.tld becomes foo@ex.tld . Postfix seems to have a special interpretation of "+-" as it is compatible to qmail extension (another smtp server), which seems to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" as delimiter...
foo-bar@ex.tld foo+bar@ex.tld foo+-bar@ex.tld ... would all be sent to foo@ex.tld ??
From http://www.postfix.org/postconf.5.html#recipient_delimiter # Handle both Postfix and qmail extensions (Postfix 2.11 and later). recipient_delimiter = +-
(Who would need such a compatibility option -- I mean where is the use case ?!) Martin
Ah, answering my own post, sk71 already gave the hint:
When the recipient_delimiter set contains multiple characters , a FILE NAME is separated from its extension by the FIRST CHARACTER THAT MATCHES the recipient_delimiter set. So postfix will act similar to qmail and check files: "the delivery instructions for username-extension are in ~username/.qmail-extension."
So setting the delimiter to "+-" postfix will interpret
- foo-bar@ex.tld as an email for foo@ex.tld and will check a file matching "bar".
- foo+bar@ex.tld -> foo@ex.tld, file matching "bar"
- foo+-bar@ex.tls -> foo@ex.tld, file matching "-bar"
- foo-+bar@ex.tls -> foo@ex.tld, file matching "+bar"
Well and you might want to use that when transfering from/to qmail.
Martin
participants (6)
-
Aki Tuomi
-
GMX Account
-
Jean-Daniel
-
Juri Haberland
-
Martin Johannes Dauser
-
Peter