[Dovecot] Virtual Users Dovecot and Postfix
Hello,
i want setup my Mailserver with the Tutorial on Dovecot Wiki.
http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix
I have one question for this, must i set the Mailadresses in /etc/postfix/virtual too or is the passwd File from dovecot enough?
Thank you for help & Greetings Silvio
At 4AM +0100 on 16/02/13 you (Silvio Siefke) wrote:
i want setup my Mailserver with the Tutorial on Dovecot Wiki.
http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix
I have one question for this, must i set the Mailadresses in /etc/postfix/virtual too or is the passwd File from dovecot enough?
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
See the Postfix ADDRESS_CLASS_README.
It might instead be possible to use the facilities described in the ADDRESS_VERIFICATION_README to verify addresses with the LMTP server rather than consulting a preprepared list, but IMHO that approach is wasteful and not entirely reliable.
(IMHO you should also use smtpd_restriction_classes to get the smtpd_*_restrictions stuff out of master.cf, but that's a separate issue.)
Ben
- Ben Morrow ben@morrow.me.uk 2013.02.16 04:49:
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
It will verify the recipients before accepting the mail:
reject_unverified_recipient http://www.postfix.org/postconf.5.html#reject_unverified_recipient
I don't think the overhead of duplicating user checks on both ends is justified until this process is automated. Above will instruct the SMTP Server to verify the recipient address before accepting mail. This is what you want and it works dynamic out of the box. A better reason to use separate aliasing on the Postfix side is to rewrite addresses for the Dovecot Mailboxes. If you'd want to have a mailbox with several addresses in Dovecot you'd need to create dummy users for this while you can just alias them in Postfix.
Regards Thomas
At 8AM +0100 on 16/02/13 you (Thomas Leuxner) wrote:
- Ben Morrow ben@morrow.me.uk 2013.02.16 04:49:
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
It will verify the recipients before accepting the mail:
reject_unverified_recipient http://www.postfix.org/postconf.5.html#reject_unverified_recipient
Hang on; the first listing in the howto uses that option, the second doesn't. I was looking at the second, as generally the cleaner. Hmmph.
In any case, I referred to that option, but I don't really think it's a good idea. It seems like unnecessary overhead just to avoid building an extra map.
I don't think the overhead of duplicating user checks on both ends is justified until this process is automated.
The SMTP server has to make user checks of some sort. reject_unverified_recipient makes those checks more expensive, not less, since some of the time it will have to call out to the LMTP server to verify an address.
Building a Postfix map from a passwd-format file is trivial. It can easily be incorporated into whatever script is used for adding and removing users already, or into /etc/postfix/Makefile or whatever is used for rebuilding the Postfix maps.
Above will instruct the SMTP Server to verify the recipient address before accepting mail. This is what you want and it works dynamic out of the box. A better reason to use separate aliasing on the Postfix side is to rewrite addresses for the Dovecot Mailboxes. If you'd want to have a mailbox with several addresses in Dovecot you'd need to create dummy users for this while you can just alias them in Postfix.
This would be done with virtual aliases in Postfix, which are separate from the virtual mailboxes which end up delivered to Dovecot. (In fact, under many circumstances, it's more convenient to use local_transport for delivery to Dovecot.)
Ben
On Sat, 16 Feb 2013 03:49:37 +0000 Ben Morrow ben@morrow.me.uk wrote:
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
my main.cf > http://nopaste.info/23ee74a772.html
When i understand correct the passwd file from Dovecot is enough when i delivered over dovecot lmtp?
Or must i set the mailboxes in the /etc/postfix/virtual too?
Sorry for question, its long time i work with postfix and dovecot and in last years dovecot change much in config. I want not run a database for the mailserver, i have not so much boxes at end running.
Thank You for Help & Greetings Silvio
At 12AM +0100 on 17/02/13 you (Silvio Siefke) wrote:
On Sat, 16 Feb 2013 03:49:37 +0000 Ben Morrow ben@morrow.me.uk wrote:
The setup given in that howto will accept mail for any user at one of the domains listed in virtual_mailbox_domains, and mail for nonexistent users will then be bounced by Dovecot. This is a very bad idea, since you'll end up becoming a backscatter source; you should set up a separate Postfix table listing the valid users at those domains, and put that table in virtual_mailbox_maps. (You don't want to use /etc/postfix/virtual for this, you want a separate table.)
my main.cf > http://nopaste.info/23ee74a772.html
Excerpts:
| virtual_mailbox_domains = silvio-siefke.de, silviosiefke.com
| virtual_mailbox_maps = hash:/etc/postfix/maps/mailbox
| virtual_transport = lmtp:unix:private/dovecot-lmtp
|
| smtpd_recipient_restrictions =
| reject_unverified_recipient,
When i understand correct the passwd file from Dovecot is enough when i delivered over dovecot lmtp?
Since you have 'reject_unverified_recipient', Postfix will check with the LMTP server whether or not the recipient exists.
Or must i set the mailboxes in the /etc/postfix/virtual too?
Did you read the text you quoted above? I specifically said you do *not* want to use /etc/postfix/virtual for this.
What do you have in hash:/etc/postfix/maps/mailbox? If this is a complete list of all addresses at your virtual_mailbox_domains, you can remove reject_unverified_recipient; otherwise, you want to remove virtual_mailbox_maps.
Sorry for question, its long time i work with postfix and dovecot and in last years dovecot change much in config.
This is not really a Dovecot problem.
Ben
participants (3)
-
Ben Morrow
-
Silvio Siefke
-
Thomas Leuxner