Hi,
Thanks your your reply.
Am 13.10.2010 12:03, schrieb Jerry:
On Wed, 13 Oct 2010 11:32:50 +0200 Lukas Haaselukashaase@gmx.at articulated:
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
Is there a special reason why there is no discussion about this?
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
First of all, I totally disagree about your Postfix comments. I have personally found it to be rather easy to configure, and totally RTF compliant, unlike some other MTAs.
Ok. Then please tell me how to:
1.) Connect Domain example.com to dovecot with virtual users (use deliver as LDA) 2.) Connect Domain example.com to mailman (e.g. list1@example.com)
Either I am too dumb or this pretty easy setup is not possible with postfix (but with exim of course).
(I think the reason is that mailman relies on the pipe "|" in the aliases database. But this only works with postfix's LDA. Also a different transport would work - but it is the same domain).
In any case, only the MTA can bounce mail without causing back-scatter.
You didn't catch what I mean.
First the one way to prevent backscatter is to NOT accept any mail with invalid recipient. As soon as the MTA accepts mail and AFTERWARDS finds out that the user does not exist it may become a backscatter problem!
To my question: First look at [1]. With this setup, ANY (!) mail is accepted by postfix without any checks! The check is only done by deliver, but this is too late. If the receipient does not exist, the mail gets bounced.
So why there is not even a hint for virtual_mailbox_maps or similar.
Then, search google for the same problem. You will find thousand of HOWTOs but not a single HOWTO has the hint that the MTA *must* check the validity of the user.
Now look at [2]. It is the same. Also in this setup all mails for the domain are accepted
Postfix has checks in place to check and reject or accept mail.
Yes, that is what I said.
But again, the first question : Why is there not even a hint that this (important) thing also needs to be configured?
And question 2:
It is not Dovecot's job to do so. By the time Dovecot receives the message the recipient should have all ready been verified.
There are a few places (e.g. [3,4]) where it is recommended to check users existence with deliver. Why should this be necessary when the MTA checks existence?
[4] even states: "Unless your MTA already verifies that the user exists before calling deliver, you'll most likely want deliver itself to verify the user's existence."
But in general this must be the case anyway for the reasons mentioned above (maybe except for some contrived cases).
Regards, Luke
[1] http://wiki.dovecot.org/LDA/Postfix [2] http://wiki.dovecot.org/LDA/Exim [3] http://wiki.dovecot.org/UserDatabase/Prefetch [4] http://wiki.dovecot.org/UserDatabase/Static