[Dovecot] Why deliver+usercheck? deliver+MTA?
daniel at dlutt.de
Wed Oct 13 14:08:14 EEST 2010
Lukas Haase wrote on 10/13/2010:
> I successfully configured dovecot using virtual users (and LDAP/AD).
> deliver is the LDA and verifies if the user exists (as recommended in
> the WIKI).
> However, the howtos in the Wiki say *nothing* about the case that the
> recipients should be verified *before* receiving the messages (prevent
> backscatter, ...). All configurations in the dovecot-Wiki (postfix and
> exim) just accept the mails and pass them to deliver. Also, all howtos
> which I found on the web. If the user does not exist, the mail is
> bounced because the mail was already accepted by the MTA. Nowadays this
> is an unacceptable configuration!
By default, Postfix rejects mails for unknown local users.If Postfix
accepts mails for unknown users than it's a configuration problem or
you don't maintain a list of valid users.
> Is there a special reason why there is no discussion about this?
It's Postfix related - Dovecot does no checks about valid recipients
for Postfix but you can use the same data sources as for Dovecot - no
need to maintain user lists for Postfix and Dovecot.
Because Postfix needs to check for valid recipients why should there a
special hint in the Dovecot Wiki about that? You must first make sure
that Postfix works as expected - no other IMAP Server checks vor valid
> However, as postfix seems to be really too unflexible I have set up exim
> to handle incoming mail and do the usercheck in the router (with an LDAP
> query). But now the user is doubled-checked: Once when receiving with
> exim and a second time in deliver. This is not necessary, so I guess I
> can disable the LDAP query for deliver and set up a static userdb.
Why is Postfix unflexible? Use reject_unverified_recipient for dynamic
verification of valid recipients and there's no need to maintain
static files. You could also use a LDAP query to retreive a list of
valid recipients before you accept the mail for non-existing users.
> Why does the Wiki recommened to verfify with deliver when the user needs
> to be checked at the MTA anyway?
Checking of valid recipients is a Postfix job so you can use
relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps
(depending on your configuration).
Btw: what does the Wiki recommend? Weblink?
More information about the dovecot