On Sat, 03 Jan 2026 10:54:36 +0100,
Albert ARIBAUD <[email protected]> wrote:
>
> Hi Martijn,
>
> Thanks for the detailed solution!
>
> I eventually solved my problem another way: I kept all dovecot virtual
> users under a single system user 'vmail', and I made Dovecot handle
> virtual address aliasing, i.e., Dovecot's LMTP accepts either virtual
> users or virtual aliases as the RCPT TO: recipient, and deliver in the
> actual Maildir.
>
> My smtpd.conf now looks like
>
> -----------------------
> table virtual-users sqlite:/etc/smtpd-sqlite.conf
>
> action "lmtp_dovecot" lmtp "/run/dovecot/lmtp" rcpt-to user "vmail"
> userbase <virtual-users>
>
> match for rcpt-to <virtual-users> action "lmtp_dovecot"
> -----------------------
>
> The `user "vmail"` clause on the "action" line prevents OpenSMTPd from
> querying userinfo at all, and the `rcpt-to <virtual-users>` in the
> match clause ensures that only those virtual users (or aliases) known
> by Dovecot will match (as opposed to the previous `for domain <virtual-
> users>` clause, which would match any address, known or otherwise, in a
> domain known to Dovecot).
>
> (note: system users and system aliases are handled by a different part
> of the OpenSMTPd config.)
>
I run almost similar setup but which uses system aliases as well.
At the end of /etc/mail/aliases I do have a block with aliases for my mail
system and all users is split into two possible endings like this:
[email protected]: vmail
[email protected]: /dev/null
so, my email goes to vmail user, and noreply@ goes to /dev/null :)
Inside smt I do have configuration like this:
table local-emails file:/etc/mail/local-emails
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
...
action "local_mail" mbox alias <aliases>
match from local for local action "local_mail"
...
action deliver_lmtp lmtp "/var/spampd/spampd.socket" \
rcpt-to virtual <aliases>
match from any for domain <domains> \
! rcpt-to <local-emails> action deliver_lmtp
Here a logic:
1. domains is a list of virtual domains which system is handled, can be
avoided but I still use it for filter-dkimsign, so why not?
2. local-emails is a list of emails which is accesible only from my mail
system, it can't be reached outside
3. everything that cames inside is sent to spampd and it's delivers email
to dovecot.
--
wbr, Kirill
