[Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users

David Anderson david at wordshell.net
Wed Aug 22 18:45:17 EEST 2012


On 22/08/12 18:16, Gábor Lénárt wrote:
> I think nowdays it's a bit outdated to have 1:1 mapping between UNIX 
> users and email addresses anyway. Maybe it's OK, but it's surely 
> problematic in case of mass hosting with many users with policies like 
> you mentioned as well. Virtual users (in the sense of MTA/IMAP/etc 
> servers) are much better idea, in my oppinion. It's OK for a small 
> "server" used for own purposes for example. But it's only my opinion ... 
There are no incoming mail accounts for those users.  The server in 
question is a webserver. Every website has a unique UNIX user, for 
security when running scripts. You can't virtualise that. If you run all 
your scripts under the same UNIX user on a shared server, then it's less 
secure.

Sieve was complaining about the envelope *sender* address being invalid, 
on a piece of outgoing mail (generated by the website). It wasn't about 
incoming mail or maintaining accounts.

That's a bit academic, though. It think the main points are that:

* Many Unixes allow you to set up usernames ending in periods
* The MTAs also allow you to send and receive mail using those periods

Strictly according to the RFC, the address is invalid. But if the MTA 
accepts it, why should sieve reject it? Sieve is deployed to apply 
filters to mail - not to make policy decisions on valid email addresses. 
That's a layering violation. If my MTA accepts the mail,and then the 
dovecot LDA does too, I don't want sieve to over-turn the decision. It's 
not sieve's job to enforce that part of the RFC and over-rule the MTA 
and LDA.

David

-- 
WordShell - WordPress fast from the CLI - www.wordshell.net





More information about the dovecot mailing list