Andreas Ntaflos wrote:
Thank you for your reply! Reading through it and re-reading the Postfix documentation gave me the clue I needed.
Unfortunately I forgot to mention that I didn't have a virtual_mailbox_maps directive defined in Postfix's main.cf, so Postfix couldn't know anything about which virtual recipients were valid and which weren't. Since that particular map was optional and everything worked fine during my tests (which didn't include sending mail to an invalid virtual recipient, shame on me) I quickly forgot about it.
Naturally that was the root of problem I was facing.
Defining a virtual_mailbox_maps file with all valid virtual users solves the problem in principle, however now I need to maintain two files with valid virtual users for valid virtual domains: the passwd-file for Dovecot (/etc/dovecot/passwd) plus the vmailbox file for Postfix (hash:/etc/postfix/vmailbox).
use a script to generate the virtual mailbox maps files from a single source file. you can use a Makefile to rebuild only when the source file changed.
I suppose this is unavoidable when using flat files and would be better solved using a real database backend, but it makes me wonder if there really isn't anything Dovecot could do about this?
Seeing as Dovecot recognises when a virtual recipient is invalid, couldn't it somehow put the to-be-rejected mail back to Postfix (or whichever MTA)?
as already said, you should reject invalid recipient during the smtp transaction. there's already too much backscatter out there, and the borked sites are listed in backscatterer.org.
Or should it just drop it?
No, because people sometimes mistype addresses and you don't want to blackhole such mail. if I send mail to daf@yourdomain, and you discard that mail, I'll assume that you received it. now suppose this mail is important ("Hi Andreas, there is a problem at foo bar, tell me if I should handle it...").
I don't know what the SMTP (whichevery protocol is to be followed here) says about this, so I pose the question again:
if you accept the message during the smtp transaction, you take responsibility and you should not lose it "frivoulously". This requirement is what makes email as reliable as it is, at the expense of disk IO overhead (before saying "ok", the MTA must sync the file to permanent storage, so that it survives server crashes... etc).
of course, servers should never bounce spam and viruses. as a result, it is important to reject as much junk during the smtp transaction and to minimize failures after a message was accepted. In particular, it is no more acceptable to bounce mail because the recipient is invalid. quota bounces and exceptional server errors are still acceptable because they don't occur too often.
Note that this also applies to auto-responders (vacation, ...). auto-responders must follow the recommendations of rfc3834 as well as other best practices.
Is there anything Dovecot itself can do to reject or handle mail to invalid virtual users? Or does this situation *have* to be dealt with earlier, by the MTA?
yes. see www.backscatterer.org for an incentive ;-p