[Dovecot] best choice of user database file to work with postfix?

Rainer Frey rainer.frey at inxmail.de
Thu Apr 22 14:12:24 EEST 2010 

Please honour the Reply-To header next time. Thanks.

On Thursday 22 April 2010 11:42:01 Thomas Leuxner wrote:
> On Thu, Apr 22, 2010 at 11:18:09AM +0200, Rainer Frey wrote:
> > What I don't see here at all (and neither in your Wiki Howto) is how
> > Postfix determines the valid recipients for the domains in
> > virtual_mailbox_domains.
> 
> Postfix will expand possible aliases first and determine the final
> recipient handing over to Dovecot:
> 
> > > $ cat virtual
> > > alias at domain.tld                login at domain.tld
> > > postmaster at domain.tld           login at domain.tld
> > > 
> virtual_alias_maps = hash:/etc/postfix/virtual

Do you define all valid recipients there (e.g. in you example virtual file 
login at domain.tld)?

> It will query the recipients by connecting to the socket in its
> chroot provided by Dovecot:
> 
> service auth {

This is wrong. The auth service is not queried for recipient, only for valid 
SASL users (that connect to the submission service as *senders*). I'm talking 
about determining valid *recipients* for the virtual_mailbox_domains.

[...]

> Once it has the homedir it will send it off via LMTP or deliver,
> whichever you configured via:
> 
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> or
> virtual_transport = dovecot

But this is at the delivery stage, when the mail has already been accepted. 
This means, if no homedir/mailbox is found, bounce mails are sent, to 
potentially forged senders. That is backscatter.

> > The correct parameter would be  virtual_mailbox_maps, but AFAIK there is
> > no lookup table that read the passwd format from an arbitrary file. So a
> > script that generates a hash/whatever postfix lookup file from the
> > passwd-files would still be necessary.
> 
> There is no such thing as a correct parameter from my perspective. I did
> not say that alias creation was to be unified/automated. 

I'm not talking about aliases, I'm talking about recipient addresses of 
virtual mailboxes. You need to verify whether a mailbox exists for a recipient 
address in the SMTP server before accepting the message.

> Instead I said I
> did not even think this is good practice to me. Anyone with at least a bit
> of sed/awk knowledge can kludge it from the flat-files anyway.

Indeed, but you offered the original poster your solution as one that "should 
be good enough for what you are trying to achieve", but your solution leaves 
out the aspect of the valid recipient list for the virtual mailbox domain 
address class.

> > Or do you use recipient validation via LMTP? (I didn't notice a
> > reject_unverified_recipient though) This at least won't work with
> > deliver, I'm not even sure about LMTP.
> 
> This is not required in the example and optional at least:

Of course, but it would be a viable alternative to a lookup table for the 
recipients.

Rainer

More information about the dovecot mailing list