Please honour the Reply-To header next time. Thanks.
On Thursday 22 April 2010 11:42:01 Thomas Leuxner wrote:
> On Thu, Apr 22, 2010 at 11:18:09AM +0200, Rainer Frey wrote:
> > What I don't see here at all (and neither in your Wiki Howto) is how
> > Postfix determines the valid recipients for the domains in
> > virtual_mailbox_domains.
>
> Postfix will expand possible aliases first and determine the final
> recipient handing over to Dovecot:
>
> > > $ cat virtual
> > > al...@domain.tld lo...@domain.tld
> > > postmas...@domain.tld lo...@domain.tld
> > >
> virtual_alias_maps = hash:/etc/postfix/virtual
Do you define all valid recipients there (e.g. in you example virtual file
lo...@domain.tld)?
> It will query the recipients by connecting to the socket in its
> chroot provided by Dovecot:
>
> service auth {
This is wrong. The auth service is not queried for recipient, only for valid
SASL users (that connect to the submission service as *senders*). I'm talking
about determining valid *recipients* for the virtual_mailbox_domains.
[...]
> Once it has the homedir it will send it off via LMTP or deliver,
> whichever you configured via:
>
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> or
> virtual_transport = dovecot
But this is at the delivery stage, when the mail has already been accepted.
This means, if no homedir/mailbox is found, bounce mails are sent, to
potentially forged senders. That is backscatter.
> > The correct parameter would be virtual_mailbox_maps, but AFAIK there is
> > no lookup table that read the passwd format from an arbitrary file. So a
> > script that generates a hash/whatever postfix lookup file from the
> > passwd-files would still be necessary.
>
> There is no such thing as a correct parameter from my perspective. I did
> not say that alias creation was to be unified/automated.
I'm not talking about aliases, I'm talking about recipient addresses of
virtual mailboxes. You need to verify whether a mailbox exists for a recipient
address in the SMTP server before accepting the message.
> Instead I said I
> did not even think this is good practice to me. Anyone with at least a bit
> of sed/awk knowledge can kludge it from the flat-files anyway.
Indeed, but you offered the original poster your solution as one that "should
be good enough for what you are trying to achieve", but your solution leaves
out the aspect of the valid recipient list for the virtual mailbox domain
address class.
> > Or do you use recipient validation via LMTP? (I didn't notice a
> > reject_unverified_recipient though) This at least won't work with
> > deliver, I'm not even sure about LMTP.
>
> This is not required in the example and optional at least:
Of course, but it would be a viable alternative to a lookup table for the
recipients.
Rainer
