At 8AM +0100 on 16/02/13 you (Thomas Leuxner) wrote:
- Ben Morrow ben@morrow.me.uk 2013.02.16 04:49:
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
It will verify the recipients before accepting the mail:
reject_unverified_recipient http://www.postfix.org/postconf.5.html#reject_unverified_recipient
Hang on; the first listing in the howto uses that option, the second doesn't. I was looking at the second, as generally the cleaner. Hmmph.
In any case, I referred to that option, but I don't really think it's a good idea. It seems like unnecessary overhead just to avoid building an extra map.
I don't think the overhead of duplicating user checks on both ends is justified until this process is automated.
The SMTP server has to make user checks of some sort. reject_unverified_recipient makes those checks more expensive, not less, since some of the time it will have to call out to the LMTP server to verify an address.
Building a Postfix map from a passwd-format file is trivial. It can easily be incorporated into whatever script is used for adding and removing users already, or into /etc/postfix/Makefile or whatever is used for rebuilding the Postfix maps.
Above will instruct the SMTP Server to verify the recipient address before accepting mail. This is what you want and it works dynamic out of the box. A better reason to use separate aliasing on the Postfix side is to rewrite addresses for the Dovecot Mailboxes. If you'd want to have a mailbox with several addresses in Dovecot you'd need to create dummy users for this while you can just alias them in Postfix.
This would be done with virtual aliases in Postfix, which are separate from the virtual mailboxes which end up delivered to Dovecot. (In fact, under many circumstances, it's more convenient to use local_transport for delivery to Dovecot.)
Ben