[Dovecot] Why deliver+usercheck? deliver+MTA?

Daniel Luttermann daniel at dlutt.de
Wed Oct 13 14:08:14 EEST 2010


Lukas Haase wrote on 10/13/2010:

> Hi,

> I successfully configured dovecot using virtual users (and LDAP/AD). 
> deliver is the LDA and verifies if the user exists (as recommended in 
> the WIKI).

> However, the howtos in the Wiki say *nothing* about the case that the
> recipients should be verified *before* receiving the messages (prevent
> backscatter, ...). All configurations in the dovecot-Wiki (postfix and
> exim) just accept the mails and pass them to deliver. Also, all howtos
> which I found on the web. If the user does not exist, the mail is 
> bounced because the mail was already accepted by the MTA. Nowadays this
> is an unacceptable configuration!

By default, Postfix rejects mails for unknown local users.If Postfix
accepts mails for unknown users than it's a configuration problem or
you don't maintain a list of valid users.

> Is there a special reason why there is no discussion about this?

It's Postfix related - Dovecot does no checks about valid recipients
for Postfix but you can use the same data sources as for Dovecot - no
need to maintain user lists for Postfix and Dovecot.

Because Postfix needs to check for valid recipients why should there a
special hint in the Dovecot Wiki about that? You must first make sure
that Postfix works as expected - no other IMAP Server checks vor valid
recipients.

> However, as postfix seems to be really too unflexible I have set up exim
> to handle incoming mail and do the usercheck in the router (with an LDAP
> query). But now the user is doubled-checked: Once when receiving with 
> exim and a second time in deliver. This is not necessary, so I guess I
> can disable the LDAP query for deliver and set up a static userdb.

Why is Postfix unflexible? Use reject_unverified_recipient for dynamic
verification of valid recipients and there's no need to maintain
static files. You could also use a LDAP query to retreive a list of
valid recipients before you accept the mail for non-existing users.

> Why does the Wiki recommened to verfify with deliver when the user needs
> to be checked at the MTA anyway?

Checking of valid recipients is a Postfix job so you can use
relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps
(depending on your configuration).

Btw: what does the Wiki recommend? Weblink?


--
Daniel



More information about the dovecot mailing list