SMTPUTF8 support

André Rodier andre at rodier.me
Sat Apr 6 11:07:31 EEST 2019 

On 05/04/2019 08:57, David Bürgin via dovecot wrote:
> André, are you quite sure you have it working?
> 
> In this thread someone from Open-Xchange stated that no, Dovecot doesn’t
> have SMTPUTF8 support implemented, and the same response was given by
> another Dovecot developer last September (it ‘is being considered’ was
> the answer then, see
> https://dovecot.org/pipermail/dovecot/2018-September/112887.html).
> 
> I am using LMTP to deliver mail to Dovecot from Postfix, and delivery
> fails with Postfix reporting: ‘SMTPUTF8 is required, but was not offered
> by host mail.my.org[private/dovecot-lmtp]’. I doubt that this can work
> without a change in Dovecot LMTP.
> 
> Anyway, I am also interested in SMTPUTF8 support, so +1 from me!
> 
> 

Hello David et al,

I have it working with my set up, and I confirm it is not easy.

If I limit the stack to OpenLDAP, Postfix and Dovecot to their simplest 
configuration, it is relatively easy, even with slightly outdated 
software in Debian Stretch.

The trick I am using is to include the internationalised email address 
aside the main one, and to use Postfix LDAP lookup.

For instance, I am using this LDAP schema:
https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject-07

So, my LDAP lookup table for Postfix looks like this:

     # Basic LDAP settings for postfix
     server_host = ldap://ldap.rodier.me/
     start_tls = yes

     search_base = dc=rodier,dc=me
     search_scope = sub

     # Allow advanced LDAP search with the recipient delimiter
     query_filter = (|(mail=%s)(intlMailAddr=%s))
     result_attribute = mail

     # Force support for UTF8
     version = 3

Therefore, postmap query works as expected:

     postmap -q andré@rodier.me ldap:/etc/postfix/ldap-aliases.cf
     andre at rodier.me

That said, if only one of the milter reject your message, it is breaking 
the whole chain.

For instance, the quota plugin for Dovecot, I had to use DUNNO when the 
user is unknown instead of reject.

I have it working perfectly from Homebox to Homebox, so perhaps Postfix 
to Postfix, but I reckon I still have some bugs.

Some providers are working, others not. Outlook does not seems to work , 
but I am on it. Yahoo does not let you type an accent in the email 
address, only Google allows you to.

However, I made a test yesterday, and realised that the emails from 
GMail are rejected by one of the plugin, and I need to investigate which 
one. The error message is:

> Apr  5 10:16:39 portal postfix/smtpd[2566]: Anonymous TLS connection established from mail-lf1-f51.google.com[209.85.167.51]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> Apr  5 10:16:39 portal policyd-spf[2574]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.167.51; helo=mail-lf1-f51.google.com; envelope-from=andre.rodier at gmail.com; receiver=<UNKNOWN>
> Apr  5 10:16:39 portal postfix/smtpd[2566]: EB38240467: client=mail-lf1-f51.google.com[209.85.167.51]
> Apr  5 10:16:40 portal postfix/cleanup[2576]: EB38240467: message-id=<CAKr9_Nv1pgDAC31cFF4YPE-mnYxSusmKsWHOCxWPSeJ2Adj8cQ at mail.gmail.com>
> Apr  5 10:16:40 portal opendkim[15477]: EB38240467: mail-lf1-f51.google.com [209.85.167.51] not internal
> Apr  5 10:16:40 portal opendkim[15477]: EB38240467: not authenticated
> Apr  5 10:16:40 portal opendkim[15477]: EB38240467: DKIM verification successful
> Apr  5 10:16:40 portal opendkim[15477]: EB38240467: s=20161025 d=gmail.com SSL
> Apr  5 10:16:40 portal opendmarc[16548]: implicit authentication service: portal.homebox.space
> Apr  5 10:16:40 portal opendmarc[16548]: EB38240467: gmail.com pass
> Apr  5 10:16:40 portal postfix/cleanup[2576]: EB38240467: milter-reject: END-OF-MESSAGE from mail-lf1-f51.google.com[209.85.167.51]: 4.7.1 Try again later; from=<andre.rodier at gmail.com> to=<andré@homebox.space> proto=ESMTP helo=<mail-lf1-f51.google.com>
> Apr  5 10:16:40 portal postfix/smtpd[2566]: disconnect from mail-lf1-f51.google.com[209.85.167.51] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7

So perhaps it is one of the milter. I will investigate today.

Also, it seems the client is important. I have no problem with SOGo or 
Evolution. Roundcube and Thunderbird, in Debian Stretch, don't support 
this yet.

With Debian Buster coming soon, I am sure this will work better. I will 
create a branch to test this. My preliminary investigations don't show 
major problems in the upgrade.

At one point, I was using the Dovecot packages from backports, but I 
reverted this as there has been an incompatibility.

Happy to answer more questions if you have.

-- 
André Rodier

More information about the dovecot mailing list