Viktor Dukhovni <postfix-us...@dukhovni.org> wrote ..
> You're indeed falling into the very trap I tried to steer you away
> from, that is, describing problems only in free-from prose, rather
> than clearly stated data (logs, configs, ...).
No, I'm really not, and I'm a little insulted that you would accuse me of
such. For the two questions I asked, logs are useless since I am asking
generalized questions about the way postfix "thinks." I don't want to talk
specifics, I want to talk generalizations. I only provided enough information
to show where my general questions came from, not to define the questions
themselves. Feel free to think of the questions I asked more philosophically
than transactionally, since as I mentioned the specific problems I had in using
the virtusertable with postfix have been understood and fixed (my detailing
those with postconf output and logs would be a complete waste of your time, so
I didn't - but it was writing them up to post here that allowed me to see the
answers, so thank you for that).
Wietse Venema <wie...@porcupine.org> wrote ..
> Internally in Postfix, all email addresses are in user@domain form.
> The null sender address is required by RFCm and is the main exception.
This clearly and concisely answers the first question. Because *I* think of
a user as a file in /var/spool/mail doesn't mean postfix does, and it
apparently does not. So I will try not to anymore either. I need to start
thinking of validuser as instead validu...@ns01.lofcom.com which I have *never*
done before. Old dog. Learning new trick. Woof.
> This outperforms Sendmail, is more modular and maintainable, less prone
> to turn minor bugs into major security issues, ... But indeed there is
> no delivery failure notification during the incoming SMTP connection.
This answers the second question perfectly, thank you.
> That's why Postfix has recipient validation. You should not be
> accepting inbound messages for non-existent recipients. Avoid
> wildcard rewrites that accept mail for all localparts, only to
> then bounce most of them.
Yes, I understand this (I never use catchalls), again it was more a fear of
the possibility that a bad rewrite (missed space in a virtusertable line for
example) might cause postfix to do bad things as it did in this case; and other
than my never making a mistake, I wondered if there was some methodology to
have postfix cover my *ss. Clearly not. I suspect sendmail would act exactly as
badly given the same situation, it just never came up that I *saw* the reverse
transaction happen because I was following logs at the time.
Onward. After I finish reading my "homework," I plan to add submission and
the existing Let's Encrypt certificate and force encryption on 587 and allow it
on 25. I expect to make a whole bunch of mistakes there, too (I make a lot of
mistakes...ask Jaroslaw Rafa), and may be back during that stage of the
process. Belly off the ground, crawling some, time to see if I can at least
make it to my knees.
Charlie
