[Dovecot] How to deal with mail to unknown virtual recipients?
mouss
mouss at netoyen.net
Fri Apr 18 00:50:40 EEST 2008
Andreas Ntaflos wrote:
> Hello list,
>
> I am not quite sure whether this is a questions for Dovecot or Postfix. I have
> set up, virtual hosting for one domain (for test purposes) using a
> passwd-file as passdb and a static userdb (see dovecot -n at the end) along
> with Postfix in a manner described in [1], i.e. a non-Postfix mail store.
> Other than that I also do hosting for the canonical domain which is for users
> with a regular Unix account on the system (looked up via PAM)
>
> The virtual domain shall be "example.org", with two users "alice at example.org"
> and "bob at example.org".
>
> But today I received spam mail (which was correctly identified as such by
> amavisd-new) for "info at example.org" and "sales at example.org", two recipient
> addresses that do not exist. According to [1] "it's left up to the
> non-Postfix delivery agent to reject non-existent recipients from local
> submission or from local alias expansion."
>
note that this is about local submission and local alias expansion. it
is not about mail received from outside.
> How to deal with such a situation?
>
>
this is postfix issue. postfix will reject mail to invalid local and
virtual users unless you rebak recipient validation. a common error is
to use wildcard virtual aliases or wildcard canonical mapping.
Followup on the postfix list, but do show enough informations:
- output of 'postconf -n'
- logs of the transaction (from reception until error)
- do you have a wildcard alias or canonical.
> The sender address was clearly forged so returning a failed delivery message
> is pointless. The messages are now hanging around in the queue with a status
> of "deferred: temporary failure".
>
> The logs show:
>
> dovecot: auth(default): passwd(info at exmaple.org): unknown user
> dovecot: auth(default): passwd-file(info at mexample.org): unknown user
> dovecot: auth(default): static(info at example.org): passdb doesn't support
> lookups, can't verify user's existence
>
> postfix/pipe[25328]: C7EA18BC0B5: to=<info at exmaple.org>, relay=dovecot,
> delay=1.4, delays=0.07/0.02/0/1.3, dsn=4.3.0, status=deferred (temporary
> failure)
>
> The dovecot relay is defined in /etc/postfix/master.cf:
>
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
> ${sender} -d ${recipient}
>
> The question, once again, is: what to do in such a situation? A catch-all
> address could be set up, but to what end? It would just catch a lot of spam
> over time. What is the correct way to deal with this?
>
> More importantly: is there even anything Dovecot could (or should) do?
>
> Thanks in advance,
>
> Andreas
>
> [1] http://www.postfix.org/VIRTUAL_README.html#in_virtual_other
>
> # 1.0.10: /usr/local/etc/dovecot.conf
> base_dir: /var/run/dovecot/
> protocols: imap imaps pop3 pop3s managesieve
> listen(default): *
> listen(imap): *
> listen(pop3): *
> listen(managesieve): *:2000
> ssl_cert_file: /path/to/ssl_cert
> ssl_key_file: /path/to/private_key
> login_dir: /var/run/dovecot//login
> login_executable(default): /usr/local/libexec/dovecot/imap-login
> login_executable(imap): /usr/local/libexec/dovecot/imap-login
> login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
> login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login
> mail_extra_groups: mail
> mail_location: maildir:~/Maildir
> maildir_copy_with_hardlinks: yes
> mail_executable(default): /usr/local/libexec/dovecot/imap
> mail_executable(imap): /usr/local/libexec/dovecot/imap
> mail_executable(pop3): /usr/local/libexec/dovecot/pop3
> mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve
> mail_plugin_dir(default): /usr/local/lib/dovecot/imap
> mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
> mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
> mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve
> imap_client_workarounds(default): outlook-idle delay-newmail
> tb-extra-mailbox-sep
> imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep
> imap_client_workarounds(pop3): outlook-idle
> imap_client_workarounds(managesieve): outlook-idle
> pop3_uidl_format(default):
> pop3_uidl_format(imap):
> pop3_uidl_format(pop3): %08Xu%08Xv
> pop3_uidl_format(managesieve):
> sieve_storage(default):
> sieve_storage(imap):
> sieve_storage(pop3):
> sieve_storage(managesieve): ~/sieve
> sieve(default):
> sieve(imap):
> sieve(pop3):
> sieve(managesieve): ~/.dovecot.sieve
> namespace:
> type: public
> separator: /
> prefix: Public/
> location:
> maildir:/var/mail/public:CONTROL=~/Maildir/control/public:INDEX=~/Maildir/index/public
> namespace:
> type: private
> separator: /
> inbox: yes
> auth default:
> mechanisms: plain login
> verbose: yes
> passdb:
> driver: passwd-file
> args: /etc/dovecot/passwd
> passdb:
> driver: pam
> userdb:
> driver: passwd
> userdb:
> driver: static
> args: uid=vmail gid=vmail home=/home/vmail/%d/%u
> socket:
> type: listen
> client:
> path: /var/spool/postfix/private/auth
> mode: 432
> user: postfix
> group: postfix
> master:
> path: /var/run/dovecot/auth-master
> mode: 432
> user: vmail
> group: vmail
>
More information about the dovecot
mailing list