1

I have an OpenSMTPD / Dovecot installation on an OpenBSD server. I recently came across an issue where Dovecot LMTP would reject a message sent to a local user from an address which contains a single apostrophe (e.g. firstname.o'lastname@example.com). Apparently apostrophe, as well as a number of other special characters are valid characters in the local part of the email address (that's everything to the left of the @ character).

The message I get in the logs is: 

Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery evpid=56aed6237d6444a0 from=<firstname.o'lastname@example.com> to=<me@example.org> rcpt=<me@example.org> user=me delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart")

where example.com is external domain and example.org is a local one.

The part of the message: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart is returned by dovecot-lmtp.

My question is: does anyone know of a configuration option, similar to auth_username_chars which lists valid characters in the email address, to stop Dovecot LMTP from rejecting such emails? or maybe you know another way of getting it to accept an email from such address?

My dovecot version is:

$ dovecot --version
2.3.5.1 (7ec6d0ade)

And in case that makes any difference, I'm running OpenBSD 6.5 patched to 005_libssl.

Thanks!

mike
  • 208
  • 2
  • 6
  • Not sure exactly whether you mean the actual line in dovecot source code, or actual line in the email header. Also, not sure what you mean by "...fix (...) in whatever is feeding that to dovecot". There's no mismatched `<>` characters and no mismatched double quotes - I'm able to reproduce this behaviour by sending an email with a single apostrophe in the From email address. I'd really like to help troubleshoot this further, but can you elaborate on your questions please? – mike Jun 22 '19 at 22:45
  • 1
    You may be on to something - I never thought to test just the LMTP session separately. I just did and it seems the email was accepted. I then tried to isolate the issue to either `opensmtpd` or the `mail.lmtp` (that `opensmtpd` uses to deliver the mail to dovecot lmtp) but I've yet to conclusively find which of the two changes the from address, and how, so that dovecot ltmp rejects it. Good tips, thanks! I'll post an update once I get somewhere with this! – mike Jun 23 '19 at 21:50
  • OK, so it seems smtpd does indeed modify the From address before submitting it to LTMP. OpenSMTPD substitutes what it deems to be insecure characters to `:`. While a valid character in the local-part, once used, the email address needs to be enclosed in double quotes, however it seems that OpenSMTPD does NOT do this part - and that's the illegal bit that dovecot LMTP rejects. Thanks a lot for your pointers, I'll touch base with the OpenSMTPD developers. – mike Jun 23 '19 at 22:16

1 Answers1

1

Ignoring the debate on whether an LDA should require any remote address to match the spec, I do believe that the dovecot parser is very close to RFC5322 and what you are seeing is not dovecot LMTP rejecting an address with apostrophe.

You can verify that dovecot is accepting your address by initiating an LMTP session yourself:

$ nc -U /var/dovecot/lmtp
220 example.com Dovecot ready.
LHLO example.com
250-example.com
MAIL FROM:<firstname.o'lastname@example.com>
250 2.1.0 OK
RCPT TO:<postmaster@example.com>
250 2.1.5 OK
DATA
empty
.
354 OK
250 2.0.0 <postmaster@example.com> FOOBAR Saved

If dovecot accepts mail when you manually verify in LMTP, but it fails when receiving from your MTA, you want to scrutinize your mail server configuration.

Is your mail server somehow editing the address before passing it to dovecot? Acquire a transcript of your LMTP session (try lmtp_rawlog_dir in dovecot) and compare if the address is rewritten between SMTP and LMTP. I think the similar limitations that apply to dovecot-lda as opposed to dovecot-lmtp apply when using mail.lmtp, which requires its parameters to be valid command line arguments as well.

anx
  • 6,875
  • 4
  • 22
  • 45