[Dovecot] Why deliver+usercheck? deliver+MTA?
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
Is there a special reason why there is no discussion about this?
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Regards, Luke
On Wed, 13 Oct 2010 11:32:50 +0200 Lukas Haase lukashaase@gmx.at articulated:
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
Is there a special reason why there is no discussion about this?
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
First of all, I totally disagree about your Postfix comments. I have personally found it to be rather easy to configure, and totally RTF compliant, unlike some other MTAs. In any case, only the MTA can bounce mail without causing back-scatter. Postfix has checks in place to check and reject or accept mail. It is not Dovecot's job to do so. By the time Dovecot receives the message the recipient should have all ready been verified.
-- Jerry ✌ Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Women are always anxious to urge bachelors to matrimony; is it from charity, or revenge?
Gustave VapereauHi,
Thanks your your reply.
Am 13.10.2010 12:03, schrieb Jerry:
On Wed, 13 Oct 2010 11:32:50 +0200 Lukas Haaselukashaase@gmx.at articulated:
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
Is there a special reason why there is no discussion about this?
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
First of all, I totally disagree about your Postfix comments. I have personally found it to be rather easy to configure, and totally RTF compliant, unlike some other MTAs.
Ok. Then please tell me how to:
1.) Connect Domain example.com to dovecot with virtual users (use deliver as LDA) 2.) Connect Domain example.com to mailman (e.g. list1@example.com)
Either I am too dumb or this pretty easy setup is not possible with postfix (but with exim of course).
(I think the reason is that mailman relies on the pipe "|" in the aliases database. But this only works with postfix's LDA. Also a different transport would work - but it is the same domain).
In any case, only the MTA can bounce mail without causing back-scatter.
You didn't catch what I mean.
First the one way to prevent backscatter is to NOT accept any mail with invalid recipient. As soon as the MTA accepts mail and AFTERWARDS finds out that the user does not exist it may become a backscatter problem!
To my question: First look at [1]. With this setup, ANY (!) mail is accepted by postfix without any checks! The check is only done by deliver, but this is too late. If the receipient does not exist, the mail gets bounced.
So why there is not even a hint for virtual_mailbox_maps or similar.
Then, search google for the same problem. You will find thousand of HOWTOs but not a single HOWTO has the hint that the MTA *must* check the validity of the user.
Now look at [2]. It is the same. Also in this setup all mails for the domain are accepted
Postfix has checks in place to check and reject or accept mail.
Yes, that is what I said.
But again, the first question : Why is there not even a hint that this (important) thing also needs to be configured?
And question 2:
It is not Dovecot's job to do so. By the time Dovecot receives the message the recipient should have all ready been verified.
There are a few places (e.g. [3,4]) where it is recommended to check users existence with deliver. Why should this be necessary when the MTA checks existence?
[4] even states: "Unless your MTA already verifies that the user exists before calling deliver, you'll most likely want deliver itself to verify the user's existence."
But in general this must be the case anyway for the reasons mentioned above (maybe except for some contrived cases).
Regards, Luke
[1] http://wiki.dovecot.org/LDA/Postfix [2] http://wiki.dovecot.org/LDA/Exim [3] http://wiki.dovecot.org/UserDatabase/Prefetch [4] http://wiki.dovecot.org/UserDatabase/Static
Lukas Haase wrote on 10/13/2010:
Hi,
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...). All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver. Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
By default, Postfix rejects mails for unknown local users.If Postfix accepts mails for unknown users than it's a configuration problem or you don't maintain a list of valid users.
Is there a special reason why there is no discussion about this?
It's Postfix related - Dovecot does no checks about valid recipients for Postfix but you can use the same data sources as for Dovecot - no need to maintain user lists for Postfix and Dovecot.
Because Postfix needs to check for valid recipients why should there a special hint in the Dovecot Wiki about that? You must first make sure that Postfix works as expected - no other IMAP Server checks vor valid recipients.
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why is Postfix unflexible? Use reject_unverified_recipient for dynamic verification of valid recipients and there's no need to maintain static files. You could also use a LDAP query to retreive a list of valid recipients before you accept the mail for non-existing users.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Checking of valid recipients is a Postfix job so you can use relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps (depending on your configuration).
Btw: what does the Wiki recommend? Weblink?
-- Daniel
Am 13.10.2010 13:08, schrieb Daniel Luttermann:
Lukas Haase wrote on 10/13/2010: [...] By default, Postfix rejects mails for unknown local users.If Postfix accepts mails for unknown users than it's a configuration problem or you don't maintain a list of valid users.
Yes, but I am talking about virtual users.
Is there a special reason why there is no discussion about this?
It's Postfix related - Dovecot does no checks about valid recipients for Postfix but you can use the same data sources as for Dovecot - no need to maintain user lists for Postfix and Dovecot.
But *why* would you want to let dovecot (deliver) check this?
In any reason the MTA *must* have validated the existance of the local part. I do not know any reason why deliver should do this.
And again: Both http://wiki.dovecot.org/LDA/Postfix http://wiki.dovecot.org/LDA/Exim
describe setups for virtual users. But none of these pages give a hint that the MTA needs to check the local part too.
Because Postfix needs to check for valid recipients why should there a special hint in the Dovecot Wiki about that?
Because if someone implements a system based on the WIKI above he builds up an insecure system (producing backscatter).
You must first make sure that Postfix works as expected - no other IMAP Server checks vor valid recipients.
Yes but no other IMAP server (but I only know Courier!) checks the validity of the user in the LDA. maildrop for example does not.
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why is Postfix unflexible? Use reject_unverified_recipient for dynamic verification of valid recipients and there's no need to maintain static files. You could also use a LDAP query to retreive a list of valid recipients before you accept the mail for non-existing users.
Thank you! Does reject_unverified_recipient also work when the mail is passed to deliver as described in http://wiki.dovecot.org/LDA/Postfix "Virtual Users"? If this would be the case then this is exactly what I was looking for!
Until now I tried to use an LDAP query. But also deliver uses an LDAP query to check the existance of the user. And this was my question if both of them are necessary.
To the question why postfix is too unflexible: I found no way how to:
- Hook up *fully* virtual users with dovecot (using deliver) for domain example.com
- Hook up mailing lists for domain example.com using mailman
The current setup uses system users and therefore this setup is no problem. But now there are virtual users ...
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Checking of valid recipients is a Postfix job so you can use relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps (depending on your configuration).
Btw: what does the Wiki recommend? Weblink?
Yes of course, it is a postfix job. But also postfix jobs are described in the Wiki: http://wiki.dovecot.org/LDA/Postfix. And I think a small hint that the user must make sure that local parts are validated would be fine.
Regards Luke
On Wed, 13 Oct 2010 22:42:15 +0200 Lukas Haase lukashaase@gmx.at articulated:
Am 13.10.2010 13:08, schrieb Daniel Luttermann:
Lukas Haase wrote on 10/13/2010: [...] By default, Postfix rejects mails for unknown local users.If Postfix accepts mails for unknown users than it's a configuration problem or you don't maintain a list of valid users.
Yes, but I am talking about virtual users.
Is there a special reason why there is no discussion about this?
It's Postfix related - Dovecot does no checks about valid recipients for Postfix but you can use the same data sources as for Dovecot - no need to maintain user lists for Postfix and Dovecot.
But *why* would you want to let dovecot (deliver) check this?
In any reason the MTA *must* have validated the existance of the local part. I do not know any reason why deliver should do this.
And again: Both http://wiki.dovecot.org/LDA/Postfix http://wiki.dovecot.org/LDA/Exim
describe setups for virtual users. But none of these pages give a hint that the MTA needs to check the local part too.
Because Postfix needs to check for valid recipients why should there a special hint in the Dovecot Wiki about that?
Because if someone implements a system based on the WIKI above he builds up an insecure system (producing backscatter).
You must first make sure that Postfix works as expected - no other IMAP Server checks vor valid recipients.
Yes but no other IMAP server (but I only know Courier!) checks the validity of the user in the LDA. maildrop for example does not.
However, as postfix seems to be really too unflexible I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query). But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why is Postfix unflexible? Use reject_unverified_recipient for dynamic verification of valid recipients and there's no need to maintain static files. You could also use a LDAP query to retreive a list of valid recipients before you accept the mail for non-existing users.
Thank you! Does reject_unverified_recipient also work when the mail is passed to deliver as described in http://wiki.dovecot.org/LDA/Postfix "Virtual Users"? If this would be the case then this is exactly what I was looking for!
Until now I tried to use an LDAP query. But also deliver uses an LDAP query to check the existance of the user. And this was my question if both of them are necessary.
To the question why postfix is too unflexible: I found no way how to:
- Hook up *fully* virtual users with dovecot (using deliver) for domain example.com
- Hook up mailing lists for domain example.com using mailman
The current setup uses system users and therefore this setup is no problem. But now there are virtual users ...
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Checking of valid recipients is a Postfix job so you can use relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps (depending on your configuration).
Btw: what does the Wiki recommend? Weblink?
Yes of course, it is a postfix job. But also postfix jobs are described in the Wiki: http://wiki.dovecot.org/LDA/Postfix. And I think a small hint that the user must make sure that local parts are validated would be fine.
A discussion on the use of Postfix should be directed to its forum. With that said, I use virtual users exclusively in conjunction with Postfix, Dovecot and MySQL. You really need to look up how virtual users are implemented in Postfix. For starters, you need these two directives:
virtual_mailbox_domains = virtual_mailbox_maps =
Your domains and users are listed there. Ask you question on the Postfix forum and you should receive any assistance you desire, assuming you still want any.
In any event, mail recipients, whether real or virtual should be ascertained by the MTA and not the LDA.
-- Jerry ✌ Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Kramer's Law: You can never tell which way the train went by looking at the tracks.
On Wed, 2010-10-13 at 22:42 +0200, Lukas Haase wrote:
It's Postfix related - Dovecot does no checks about valid recipients for Postfix but you can use the same data sources as for Dovecot - no need to maintain user lists for Postfix and Dovecot.
But *why* would you want to let dovecot (deliver) check this?
In any reason the MTA *must* have validated the existance of the local part. I do not know any reason why deliver should do this.
When running deliver -d the main point is that you're telling it to do a userdb lookup. The lookup's main point is then to get the necessary information where and how to deliver the mail, it's not just about doing a "does user exist?" check. If you don't specify -d parameter, there is no user existence lookup done.
But yeah, the wiki pages should talk about backscatter. Would be nice if someone updated the pages giving some examples (e.g. sql) how to configure Postfix, etc. to do the lookup.
On 2010-10-13 5:32 AM, Lukas Haase wrote:
I successfully configured dovecot using virtual users (and LDAP/AD). deliver is the LDA and verifies if the user exists (as recommended in the WIKI).
Not that it matters - but when you say 'deliver is the LDA' - do you mean you are using the dovecot-LDA? Or postfix's deliver?
However, the howtos in the Wiki say *nothing* about the case that the recipients should be verified *before* receiving the messages (prevent backscatter, ...).
No offense, but this is basic MTA-101 stuff... if you don't already know this, you shouldn't be running a mail server.
All configurations in the dovecot-Wiki (postfix and exim) just accept the mails and pass them to deliver.
A link to the exact one you used would be helpful... if there is a problem with the wiki, it can/should be fixed, but I don't think thats the case here...
Also, all howtos which I found on the web. If the user does not exist, the mail is bounced because the mail was already accepted by the MTA. Nowadays this is an unacceptable configuration!
I agree - but 'all howtos' is a bit vague...
You need to provide links to the exactr HowTos/Wiki pages you used...
Is there a special reason why there is no discussion about this?
Because dovecot is an IMAP/POP server, not an MTA, and recipient verification is basic/standard MTA-101 stuff you should already know.
However, as postfix seems to be really too unflexible
Ummm... prove it? Postfix is extremely flexible, and extremely easy to set up in its basic configuration. It can get quite complex in large and complex environments, but that is to be expected.
I have set up exim to handle incoming mail and do the usercheck in the router (with an LDAP query).
Postfix does this out of the box using either reject_unlisted_recipient (default), or reject_unverified_recipient (for downstream servers not in your direct control and for which you don't have current lists of valid recipients (but be sure that the downstream server is ok with you doing this and can handle the traffic).
But now the user is doubled-checked: Once when receiving with exim and a second time in deliver. This is not necessary, so I guess I can disable the LDAP query for deliver and set up a static userdb.
Why does the Wiki recommened to verfify with deliver when the user needs to be checked at the MTA anyway?
Still waiting for proof of where it says this. The way I understand it, the userdb lookup the LDA *can* (doesn't *have* to) perform isn't for verification purposes, it's for getting environment details - ie, overriding settings for specific users.
--
Best regards,
Charles
participants (5)
-
Charles Marcus
-
Daniel Luttermann
-
Jerry
-
Lukas Haase
-
Timo Sirainen