[Dovecot] best choice of user database file to work with?postfix?

[Rainer Frey (Inxmail GmbH)]

On Thursday 22 April 2010 16:36:33 Thomas Leuxner wrote:
> On Thu, Apr 22, 2010 at 01:12:24PM +0200, Rainer Frey wrote:
> > Do you define all valid recipients there (e.g. in you example virtual
> > file login at domain.tld)?
> 
> Yes.

So a valid recipient must be in the passwd file and in the postfix virtual 
alias file? This does not solve the problem of using the same flat-file user 
database between doevecot and postfix, and of course int that case you can 
define a virtual_mailbox_map as well, which works well (no kludge like 
aliasing an address to itself to terminate recursive alias expansion) and is 
semantically correct.

> > But this is at the delivery stage, when the mail has already been
> > accepted. This means, if no homedir/mailbox is found, bounce mails are
> > sent, to potentially forged senders. That is backscatter.
> > 
> > I'm not talking about aliases, I'm talking about recipient addresses of
> > virtual mailboxes. You need to verify whether a mailbox exists for a
> > recipient address in the SMTP server before accepting the message.
> 
> Possibly. 

No, not possibly, but most definitely. Causing backscatter is not acceptable 
and leads to the server being blacklisted at some sites.

> But this could then be fixed by adding another recipient
> restriction, is that what is bothering you?

But what recipient restriction? There's only:
 * reject_unlisted_recipient, which needs a non-empty recipient lookup map for 
the domain class
 * reject_unverified_recipient, the address verification mentioned below
 * check_recipient_access, which again needs a postfix lookup table with valid 
recipients. 

> > Indeed, but you offered the original poster your solution as one that
> > "should be good enough for what you are trying to achieve", but your
> > solution leaves out the aspect of the valid recipient list for the
> > virtual mailbox domain address class.
> 
> This was not meant to say this is the ultimate one and only solution.
> See for recipient_restrictions esspecially, everyone may have different
> needs. But at least someone *may* a starting point. Feel free to refine
> the setup.

Well, it leaves out the *one tricky part* of using a flat file database for 
virtual users with dovecot and postfix: there is no common format that both 
understand directly.

[ This quotation is missing the doubt whether postfix address verification 
works with LMTP (or even pipe) ]
> > Of course, but it would be a viable alternative to a lookup table for the
> > recipients.
> 
> Will look into it, but maybe you can add your thoughts how you would do.

If it works, it is a good alternative that is used in similar setups, although 
mostly with relay_domains and servers like Exchange that speak SMTP. The 
ADDRESS_VERIFICATION_README details the limitations and drawbacks

> Thomas

Rainer