Lukas Haase wrote on 10/13/2010:
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
By default, Postfix rejects mails for unknown local users.If Postfix accepts mails for unknown users than it's a configuration problem or you don't maintain a list of valid users.
Is there a special reason why there is no discussion about this?
It's Postfix related - Dovecot does no checks about valid recipients for Postfix but you can use the same data sources as for Dovecot - no need to maintain user lists for Postfix and Dovecot.
Because Postfix needs to check for valid recipients why should there a special hint in the Dovecot Wiki about that? You must first make sure that Postfix works as expected - no other IMAP Server checks vor valid recipients.
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why is Postfix unflexible? Use reject_unverified_recipient for dynamic verification of valid recipients and there's no need to maintain static files. You could also use a LDAP query to retreive a list of valid recipients before you accept the mail for non-existing users.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Checking of valid recipients is a Postfix job so you can use relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps (depending on your configuration).
Btw: what does the Wiki recommend? Weblink?
-- Daniel