On Thursday 22 April 2010 16:36:33 Thomas Leuxner wrote: > On Thu, Apr 22, 2010 at 01:12:24PM +0200, Rainer Frey wrote: > > Do you define all valid recipients there (e.g. in you example virtual > > file lo...@domain.tld)? > > Yes.
So a valid recipient must be in the passwd file and in the postfix virtual alias file? This does not solve the problem of using the same flat-file user database between doevecot and postfix, and of course int that case you can define a virtual_mailbox_map as well, which works well (no kludge like aliasing an address to itself to terminate recursive alias expansion) and is semantically correct. > > But this is at the delivery stage, when the mail has already been > > accepted. This means, if no homedir/mailbox is found, bounce mails are > > sent, to potentially forged senders. That is backscatter. > > > > I'm not talking about aliases, I'm talking about recipient addresses of > > virtual mailboxes. You need to verify whether a mailbox exists for a > > recipient address in the SMTP server before accepting the message. > > Possibly. No, not possibly, but most definitely. Causing backscatter is not acceptable and leads to the server being blacklisted at some sites. > But this could then be fixed by adding another recipient > restriction, is that what is bothering you? But what recipient restriction? There's only: * reject_unlisted_recipient, which needs a non-empty recipient lookup map for the domain class * reject_unverified_recipient, the address verification mentioned below * check_recipient_access, which again needs a postfix lookup table with valid recipients. > > Indeed, but you offered the original poster your solution as one that > > "should be good enough for what you are trying to achieve", but your > > solution leaves out the aspect of the valid recipient list for the > > virtual mailbox domain address class. > > This was not meant to say this is the ultimate one and only solution. > See for recipient_restrictions esspecially, everyone may have different > needs. But at least someone *may* a starting point. Feel free to refine > the setup. Well, it leaves out the *one tricky part* of using a flat file database for virtual users with dovecot and postfix: there is no common format that both understand directly. [ This quotation is missing the doubt whether postfix address verification works with LMTP (or even pipe) ] > > Of course, but it would be a viable alternative to a lookup table for the > > recipients. > > Will look into it, but maybe you can add your thoughts how you would do. If it works, it is a good alternative that is used in similar setups, although mostly with relay_domains and servers like Exchange that speak SMTP. The ADDRESS_VERIFICATION_README details the limitations and drawbacks > Thomas Rainer
