Please honour the Reply-To header next time. Thanks.
On Thursday 22 April 2010 11:42:01 Thomas Leuxner wrote:
On Thu, Apr 22, 2010 at 11:18:09AM +0200, Rainer Frey wrote:
What I don't see here at all (and neither in your Wiki Howto) is how Postfix determines the valid recipients for the domains in virtual_mailbox_domains.
Postfix will expand possible aliases first and determine the final recipient handing over to Dovecot:
$ cat virtual alias@domain.tld login@domain.tld postmaster@domain.tld login@domain.tld
virtual_alias_maps = hash:/etc/postfix/virtual
Do you define all valid recipients there (e.g. in you example virtual file login@domain.tld)?
It will query the recipients by connecting to the socket in its chroot provided by Dovecot:
service auth {
This is wrong. The auth service is not queried for recipient, only for valid SASL users (that connect to the submission service as *senders*). I'm talking about determining valid *recipients* for the virtual_mailbox_domains.
[...]
Once it has the homedir it will send it off via LMTP or deliver, whichever you configured via:
virtual_transport = lmtp:unix:private/dovecot-lmtp or virtual_transport = dovecot
But this is at the delivery stage, when the mail has already been accepted. This means, if no homedir/mailbox is found, bounce mails are sent, to potentially forged senders. That is backscatter.
The correct parameter would be virtual_mailbox_maps, but AFAIK there is no lookup table that read the passwd format from an arbitrary file. So a script that generates a hash/whatever postfix lookup file from the passwd-files would still be necessary.
There is no such thing as a correct parameter from my perspective. I did not say that alias creation was to be unified/automated.
I'm not talking about aliases, I'm talking about recipient addresses of virtual mailboxes. You need to verify whether a mailbox exists for a recipient address in the SMTP server before accepting the message.
Instead I said I did not even think this is good practice to me. Anyone with at least a bit of sed/awk knowledge can kludge it from the flat-files anyway.
Indeed, but you offered the original poster your solution as one that "should be good enough for what you are trying to achieve", but your solution leaves out the aspect of the valid recipient list for the virtual mailbox domain address class.
Or do you use recipient validation via LMTP? (I didn't notice a reject_unverified_recipient though) This at least won't work with deliver, I'm not even sure about LMTP.
This is not required in the example and optional at least:
Of course, but it would be a viable alternative to a lookup table for the recipients.
Rainer