[Dovecot] Why deliver+usercheck? deliver+MTA?

Charles Marcus CMarcus at Media-Brokers.com
Wed Oct 13 17:34:30 EEST 2010


On 2010-10-13 5:32 AM, Lukas Haase wrote:
> I successfully configured dovecot using virtual users (and LDAP/AD).
> deliver is the LDA and verifies if the user exists (as recommended in
> the WIKI).

Not that it matters - but when you say 'deliver is the LDA' - do you
mean you are using the dovecot-LDA? Or postfix's deliver?

> However, the howtos in the Wiki say *nothing* about the case that the
> recipients should be verified *before* receiving the messages (prevent
> backscatter, ...).

No offense, but this is basic MTA-101 stuff... if you don't already know
this, you shouldn't be running a mail server.

> All configurations in the dovecot-Wiki (postfix and exim) just accept
> the mails and pass them to deliver.

A link to the exact one you used would be helpful... if there is a
problem with the wiki, it can/should be fixed, but I don't think thats
the case here...

> Also, all howtos which I found on the web. If the user does not
> exist, the mail is bounced because the mail was already accepted by
> the MTA. Nowadays this is an unacceptable configuration!

I agree - but 'all howtos' is a bit vague...

You need to provide links to the exactr HowTos/Wiki pages you used...

> Is there a special reason why there is no discussion about this?

Because dovecot is an IMAP/POP server, not an MTA, and recipient
verification is basic/standard MTA-101 stuff you should already know.

> However, as postfix seems to be really too unflexible

Ummm... prove it? Postfix is extremely flexible, and extremely easy to
set up in its basic configuration. It can get quite complex in large and
complex environments, but that is to be expected.

> I have set up exim to handle incoming mail and do the usercheck in
> the router (with an LDAP query).

Postfix does this out of the box using either reject_unlisted_recipient
(default), or reject_unverified_recipient (for downstream servers not in
your direct control and for which you don't have current lists of valid
recipients (but be sure that the downstream server is ok with you doing
this and can handle the traffic).

> But now the user is doubled-checked: Once when receiving with exim
> and a second time in deliver. This is not necessary, so I guess I can
> disable the LDAP query for deliver and set up a static userdb.
> 
> Why does the Wiki recommened to verfify with deliver when the user
> needs to be checked at the MTA anyway?

Still waiting for proof of where it says this. The way I understand it,
the userdb lookup the LDA *can* (doesn't *have* to) perform isn't for
verification purposes, it's for getting environment details - ie,
overriding settings for specific users.

-- 

Best regards,

Charles


More information about the dovecot mailing list