On Thursday 22 April 2010 16:36:33 Thomas Leuxner wrote:
On Thu, Apr 22, 2010 at 01:12:24PM +0200, Rainer Frey wrote:
Do you define all valid recipients there (e.g. in you example virtual file login@domain.tld)?
Yes.
So a valid recipient must be in the passwd file and in the postfix virtual alias file? This does not solve the problem of using the same flat-file user database between doevecot and postfix, and of course int that case you can define a virtual_mailbox_map as well, which works well (no kludge like aliasing an address to itself to terminate recursive alias expansion) and is semantically correct.
But this is at the delivery stage, when the mail has already been accepted. This means, if no homedir/mailbox is found, bounce mails are sent, to potentially forged senders. That is backscatter.
I'm not talking about aliases, I'm talking about recipient addresses of virtual mailboxes. You need to verify whether a mailbox exists for a recipient address in the SMTP server before accepting the message.
Possibly.
No, not possibly, but most definitely. Causing backscatter is not acceptable and leads to the server being blacklisted at some sites.
But this could then be fixed by adding another recipient restriction, is that what is bothering you?
But what recipient restriction? There's only: the domain class
- reject_unlisted_recipient, which needs a non-empty recipient lookup map for
- reject_unverified_recipient, the address verification mentioned below
- check_recipient_access, which again needs a postfix lookup table with valid recipients.
Indeed, but you offered the original poster your solution as one that "should be good enough for what you are trying to achieve", but your solution leaves out the aspect of the valid recipient list for the virtual mailbox domain address class.
This was not meant to say this is the ultimate one and only solution. See for recipient_restrictions esspecially, everyone may have different needs. But at least someone *may* a starting point. Feel free to refine the setup.
Well, it leaves out the *one tricky part* of using a flat file database for virtual users with dovecot and postfix: there is no common format that both understand directly.
[ This quotation is missing the doubt whether postfix address verification works with LMTP (or even pipe) ]
Of course, but it would be a viable alternative to a lookup table for the recipients.
Will look into it, but maybe you can add your thoughts how you would do.
If it works, it is a good alternative that is used in similar setups, although mostly with relay_domains and servers like Exchange that speak SMTP. The ADDRESS_VERIFICATION_README details the limitations and drawbacks
Thomas
Rainer