[Dovecot] Why deliver+usercheck? deliver+MTA?

[Lukas Haase]

Hi,

Thanks your your reply.

Am 13.10.2010 12:03, schrieb Jerry:
> On Wed, 13 Oct 2010 11:32:50 +0200
> Lukas Haase<lukashaase at gmx.at>  articulated:
>
>> Hi,
>>
>> I successfully configured dovecot using virtual users (and LDAP/AD).
>> deliver is the LDA and verifies if the user exists (as recommended in
>> the WIKI).
>>
>> However, the howtos in the Wiki say *nothing* about the case that the
>> recipients should be verified *before* receiving the messages
>> (prevent backscatter, ...). All configurations in the dovecot-Wiki
>> (postfix and exim) just accept the mails and pass them to deliver.
>> Also, all howtos which I found on the web. If the user does not
>> exist, the mail is bounced because the mail was already accepted by
>> the MTA. Nowadays this is an unacceptable configuration!
>>
>> Is there a special reason why there is no discussion about this?
>>
>> However, as postfix seems to be really too unflexible I have set up
>> exim to handle incoming mail and do the usercheck in the router (with
>> an LDAP query). But now the user is doubled-checked: Once when
>> receiving with exim and a second time in deliver. This is not
>> necessary, so I guess I can disable the LDAP query for deliver and
>> set up a static userdb.
>>
>> Why does the Wiki recommened to verfify with deliver when the user
>> needs to be checked at the MTA anyway?
>
> First of all, I totally disagree about your Postfix comments. I have
> personally found it to be rather easy to configure, and totally RTF
> compliant, unlike some other MTAs.

Ok. Then please tell me how to:

1.) Connect Domain example.com to dovecot with virtual users (use 
deliver as LDA)
2.) Connect Domain example.com to mailman (e.g. list1 at example.com)

Either I am too dumb or this pretty easy setup is not possible with 
postfix (but with exim of course).

(I think the reason is that mailman relies on the pipe "|" in the 
aliases database. But this only works with postfix's LDA. Also a 
different transport would work - but it is the same domain).

> In any case, only the MTA can bounce
> mail without causing back-scatter.

You didn't catch what I mean.

First the one way to prevent backscatter is to NOT accept any mail with 
invalid recipient. As soon as the MTA accepts mail and AFTERWARDS finds 
out that the user does not exist it may become a backscatter problem!

To my question:
First look at [1]. With this setup, ANY (!) mail is accepted by postfix 
without any checks! The check is only done by deliver, but this is too 
late. If the receipient does not exist, the mail gets bounced.

So why there is not even a hint for virtual_mailbox_maps or similar.

Then, search google for the same problem. You will find thousand of 
HOWTOs but not a single HOWTO has the hint that the MTA *must* check the 
validity of the user.

Now look at [2]. It is the same. Also in this setup all mails for the 
domain are accepted

> Postfix has checks in place to check
> and reject or accept mail.

Yes, that is what I said.

But again, the first question : Why is there not even a hint that this 
(important) thing also needs to be configured?

And question 2:

> It is not Dovecot's job to do so. By the
> time Dovecot receives the message the recipient should have all ready
> been verified.

There are a few places (e.g. [3,4]) where it is recommended to check 
users existence with deliver. Why should this be necessary when the MTA 
checks existence?

[4] even states: "Unless your MTA already verifies that the user exists 
before calling deliver, you'll most likely want deliver itself to verify 
the user's existence."

But in general this must be the case anyway for the reasons mentioned 
above (maybe except for some contrived cases).



Regards,
Luke


[1] http://wiki.dovecot.org/LDA/Postfix
[2] http://wiki.dovecot.org/LDA/Exim
[3] http://wiki.dovecot.org/UserDatabase/Prefetch
[4] http://wiki.dovecot.org/UserDatabase/Static