Exim still accepting emails to nonexistent users

Marti Markov marti.markov at gmail.com
Wed Nov 23 08:21:07 UTC 2016


Hi Heiko,

Sorry for using your private email address. :/
I managed to get this working using  local_user changes by adding ldap user
verification there:

local_user:

  debug_print = "R: local_user LDAP lookup for $local_part@$domain"

  driver = accept

  domains = +local_domains

  condition = CHECK_VIRTUAL_USER

  transport = dovecot_lmtp

  cannot_route_message = Unknown user

Where CHECK_VIRTUAL_USER is:

# Query that tests the existence of the user

    CHECK_VIRTUAL_USER = \

      ${lookup ldap{user="cn=exim4,ou=dsa,dc=mydomain,dc=com" pass=PASS \

ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@
$domain))}{$value}fail}


Thanks again for all the support. You pointed me in the right direction. :)

2016-11-21 11:16 GMT+00:00 Heiko Schlittermann <hs at schlittermann.de>:

> Hi,
>
> Heiko Schlittermann <hs at schlittermann.de> (Mo 21 Nov 2016 11:50:13 CET):
> > a) Routing stage
> > You need to interact with the user database dovecot uses.
> > Either you access the user database directory (flat file, LDAP,
> > whatever) or you use the ${readsocket…} feature of Exim to talk to
> > dovecot.
>
> The readsocket trick doesn't seem to work anymore.
>
> Using
>     $ socat STDIO UNIX:/run/dovecot/auth-master
>  <  VERSION 1   1
>  <  SPID    16290
>  >  VERSION 1   1
>  >  USER    42  hs12 service=imap
>  <  USER    1   hs12    uid=500 gid=500 home=/var/vmail/home/h/hs12
>
> (the spaces are tabs).
>
> But using Exim
>
>     exim -be '${readsocket{/run/dovecot/auth-userdb}{VERSION\t1\t1\
> nUSER\t1\hs12\tservice=imap\n}}'
>
> does not work. Exim closes the sending side right after the final \n
> with shutdown(2). Dovecot seems to see this as if the connection should
> be closed now and closes the connection, w/o any response.
>
> As it's not unusual to shutdown(2) the sender if the message is sent,
> I'd see this as a bug on the dovecot side. There is no reason to
> consider the connection as dead, just because the sender closed
> its sending side of the connection.
>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann
> --
>  SCHLITTERMANN.de ---------------------------- internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>  ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
>



-- 
Marti Markov
Pursuing a Bachelor Degree of Science in Computer Science at the University
of Southampton
Cell phone: +359886621454
Twitter: https://twitter.com/martimarkov
Facebook: https://facebook.com/Marti.Markov


More information about the dovecot mailing list