On 7/11/21 3:46 PM, Ron Garret wrote:
Ah. That may be my problem then. I’m using Dovecot via LMTP for local
delivery. I thought that postfix would receive information about non-existent
users via that protocol, but I guess it doesn’t and ends up just accepting
everything.
So… is dovecot actually the thing that is generating the emails from
mailer-daemon? Is there a way to get this setup to do the Right Thing? If
not, why is LMTP even supported, because it seems to me that anyone who uses it
will have this problem.
(FYI, the reason I want to use LMTP is that I’m using sqlite for my user db,
but postfix does not play well with sqlite when other programs are trying to
access the same DB. I didn’t want to duplicate the user DB (I’m a big believer
in the DRY principle) so I wanted to localize DB access to a single process,
and that process has to be Dovecot.)
You've an additional option.
RECIPIENT ADDRESS VERIFICATION
read-up @
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/verify.8.html
http://www.postfix.org/postconf.5.html#relay_recipient_maps
http://www.postfix.org/ADDRESS_CLASS_README.html
e.g., I run an external instance of postfix that smtp relays mail that passes
all my 'heavy' filtering (postscreen, spam, virus, other milters, etc) to a
lightweight internal instance of postfix+dovecot over a non-public , secure
connection.
The internal postfix/dovecot instances share an sqlite3 DB, managed via
postfixadmin (https://postfixadmin.sourceforge.io)
Postfixadmin's DB contains only valid addresses; both postfix and dovecot on
that instance 'see' the same list.
This DB is local only, no user DB (other than postfix cache) exists on the
external DB. I.e., single process DB access, and no DB duplication, and that
process is Dovecot(+ the internal postfix instance)
By leaving blank, in main.cf on the external instance
relay_recipient_maps =
"the Postfix SMTP server accepts all recipients for domains listed with the
relay_domains parameter". Once that criterion is met, an address verification probe
is then exec'd 'by' the external instance 'against' the internal postfix instance's
recipient list, fed by that shared DB list.
no matching entry? not a valid recipient. internal instance notifies external
instance, which rejects accordingly.
Not everyone's cup-of-tea, but works perfectly for me.