On 10 November 2017 at 22:59, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On Nov 10, 2017, at 8:22 AM, Tom Marcoen <tom.marc...@gmail.com> wrote: >> >> Last week however, I was reading a book on Dovecot written by Peer >> Heinlein and he says that if you put a Postfix server in front of >> Dovecot you should use 'relay_domains' for these domains, combined >> with 'transport_maps'. > > This is not necessary. LMTP is not SMTP, and you're not relaying > the mail. And even if you were, the destination is not a store- > and-forward MTA, but a mailstore. So it is not unreasonable to > model the associated domain as a virtual mailbox domain.
This makes sense. I'm not really relaying the email so perhaps a virtual mailbox domain makes more sense than a relay domain. Peer Heinlein also wrote a (very thick) book on Postfix but alas it's only in German so I will have to translate it before I can read it. On 11 November 2017 at 14:32, Wietse Venema <wie...@porcupine.org> wrote: > Viktor Dukhovni: >> > perhaps more importantly, what is the recommended way of sending >> > emails from Postfix to Dovecot? The advantage of Peer's method is that >> > you can place the Postfix server in a DMZ and it does not need access >> > to your MySQL/... database for username information. >> >> Losing recipient validation is NOT an advantage. Either way, >> you need to have a table of valid recipients to avoid backscatter. > > An alternative to a static table is dynamic recipient verification. > This uses a cache with proactive refresh. > http://www.postfix.org/ADDRESS_VERIFICATION_README.html > > Wietse That is exactly what Peer Heinlein also uses in his book but what I forgot to mention. I like this idea as it better isolates your DMZ server than when you have your DMZ server access your MySQL database. So am I correct that the general population would recommend/prefer virtual mailbox domains over relay domains in this situation?
