[Dovecot] How to deal with mail to unknown virtual recipients?

Sat Apr 19 21:37:59 EEST 2008

Andreas Ntaflos wrote:
> Thank you for your reply! Reading through it and re-reading the Postfix 
> documentation gave me the clue I needed. 
>
> Unfortunately I forgot to mention that I didn't have a virtual_mailbox_maps 
> directive defined in Postfix's main.cf, so Postfix couldn't know anything 
> about which virtual recipients were valid and which weren't. Since that 
> particular map was optional and everything worked fine during my tests (which 
> didn't include sending mail to an invalid virtual recipient, shame on me) I 
> quickly forgot about it.
>
> Naturally that was the root of problem I was facing.
>
> Defining a virtual_mailbox_maps file with all valid virtual users solves the 
> problem in principle, however now I need to maintain two files with valid 
> virtual users for valid virtual domains: the passwd-file for Dovecot 
> (/etc/dovecot/passwd) plus the vmailbox file for Postfix 
> (hash:/etc/postfix/vmailbox).
>   

use a script to generate the virtual mailbox maps files from a single 
source file. you can use a Makefile to rebuild only when the source file 
changed.

> I suppose this is unavoidable when using flat files and would be better solved 
> using a real database backend, but it makes me wonder if there really isn't 
> anything Dovecot could do about this?
>
> Seeing as Dovecot recognises when a virtual recipient is invalid, couldn't it 
> somehow put the to-be-rejected mail back to Postfix (or whichever MTA)?

as already said, you should reject invalid recipient during the smtp 
transaction. there's already too much backscatter out there, and the 
borked sites are listed in backscatterer.org.

>  Or 
> should it just drop it?

No, because people sometimes mistype addresses and you don't want to 
blackhole such mail. if I send mail to daf at yourdomain, and you discard 
that mail, I'll assume that you received it. now suppose this mail is 
important ("Hi Andreas, there is a problem at foo bar, tell me if I 
should handle it...").

>  I don't know what the SMTP (whichevery protocol is to 
> be followed here) says about this, so I pose the question again: 
>   

if you accept the message during the smtp transaction, you take 
responsibility and you should not lose it "frivoulously". This 
requirement is what makes email as reliable as it is, at the expense of 
disk IO overhead (before saying "ok", the MTA must sync the file to 
permanent storage, so that it survives server crashes... etc).

of course, servers should never bounce spam and viruses. as a result, it 
is important to reject as much junk during the smtp transaction and to 
minimize failures after a message was accepted. In particular, it is no 
more acceptable to bounce mail because the recipient is invalid. quota 
bounces and exceptional server errors are still acceptable because they 
don't occur too often.

Note that this also applies to auto-responders (vacation, ...). 
auto-responders must follow the recommendations of rfc3834 as well as 
other best practices.

> Is there anything Dovecot itself can do to reject or handle mail to invalid 
> virtual users? Or does this situation *have* to be dealt with earlier, by the 
> MTA?
>   

yes. see www.backscatterer.org for an incentive ;-p