[Dovecot] Dovecot as LDA with Postfix and virtual users

/dev/rob0 rob0 at gmx.co.uk
Sun Mar 17 19:56:36 EET 2013 

On Sun, Mar 17, 2013 at 04:57:36PM +0100, Christian Benke wrote:
> On 17 March 2013 02:58, /dev/rob0 <rob0 at gmx.co.uk> wrote:
> > On Sun, Mar 17, 2013 at 01:20:55AM +0100, Christian Benke wrote:
> >> Some part in the configuration seems to miss though, as mails are
> >> received by Postfix, but instead of giving it to Dovecot for
> >> delivery, it delivers the mails itself.
> >
> > Perhaps surprisingly, this is a Postfix issue, not a Dovecot one.
> 
> No, i was expecting it :-) I just wasn't sure where it belongs to.
> 
> >> Mar 17 00:02:46 poab postfix/local[15341]: 66AD04E23EE: to=<benkkk AT
> >> example.com>, relay=local, delay=0.35, delays=0.3/0.01/0/0.04,
> >> dsn=2.0.0, status=sent (delivered to mailbox)
> >
> > This is postfix/local, which means it is not being routed to your
> > virtual_transport. It means example.com is in mydestination.
> 
> > You did not even set mydestination, thus you get the default. You
> > really should review the Postfix Basic Configuration README:
> 
> No, i tried a lot yesterday and i started from a working 
> postfix/dovecot-setup with PAM. The config i posted above was 
> merely the last incarnation. Should probably have emphasized that.
> 
> I commented out mydestination because i received warnings that i 
> shouldn't list them in both mydestination and 
> virtual_mailbox_domains.

With mydestination commented out you get the default, which is not an 
empty set.

$ /usr/sbin/postconf -d mydestination
mydestination = $myhostname, localhost.$mydomain, localhost

> Still, dovecot LDA has not been called either when the
> mydestination-parameter was present:
> 
> Mar 16 21:54:56 poab postfix/smtpd[4197]: connect from
> mail-we0-f176.google.com[74.125.82.176]
> Mar 16 21:54:56 poab postfix/smtpd[4197]: setting up TLS connection
> from mail-we0-f176.google.com[74.125.82.176]
> Mar 16 21:54:56 poab postfix/smtpd[4197]: Anonymous TLS connection
> established from mail-we0-f176.google.com[74.125.82.176]: TLSv1 with
> cipher RC4-SHA (128/128 bits)
> Mar 16 21:54:56 poab dovecot: auth: Debug: Loading modules from
> directory: /usr/lib/dovecot/modules/auth
> Mar 16 21:54:56 poab dovecot: auth: Debug: Module loaded:
> /usr/lib/dovecot/modules/auth/libdriver_mysql.so
> Mar 16 21:54:56 poab dovecot: auth: Debug: Module loaded:
> /usr/lib/dovecot/modules/auth/libdriver_pgsql.so
> Mar 16 21:54:56 poab dovecot: auth: Debug: Module loaded:
> /usr/lib/dovecot/modules/auth/libdriver_sqlite.so
> Mar 16 21:54:56 poab dovecot: auth: Debug: passwd-file
> /etc/dovecot/users: Read 1 users in 0 secs
> Mar 16 21:54:56 poab dovecot: auth: Debug: auth client connected (pid=0)
> Mar 16 21:54:56 poab postfix/trivial-rewrite[4202]: warning: do not
> list domain example.com in BOTH mydestination and
> virtual_mailbox_domains
> Mar 16 21:54:56 poab postfix/smtpd[4197]: 856034E1FD1:
> client=mail-we0-f176.google.com[74.125.82.176]
> Mar 16 21:54:56 poab postfix/cleanup[4203]: 856034E1FD1:
> message-id=<CAAMQ8bS2bi6HG=u8bmC+e-_Yu47WrB6DWxhH2rGSushdvPnH4Q at mail.gmail.com>
> Mar 16 21:54:56 poab postfix/qmgr[4195]: 856034E1FD1: from=<benkkk AT
> wheemail.com>, size=1644, nrcpt=1 (queue active)
> Mar 16 21:54:56 poab postfix/trivial-rewrite[4202]: warning: do not
> list domain example.com in BOTH mydestination and
> virtual_mailbox_domains

This is undocumented, but when a domain is in some other class in 
addition to mydestination, mydestination takes priority. Don't count 
on that: just ensure that each address class definition (see the 
Address Class README) is unique.

> Mar 16 21:54:56 poab postfix/smtpd[4197]: disconnect from
> mail-we0-f176.google.com[74.125.82.176]
> Mar 16 21:54:56 poab postfix/local[4204]: 856034E1FD1: to=<benkkk AT
> example.com>, relay=local, delay=0.39, delays=0.33/0.01/0/0.06,
> dsn=2.0.0, status=sent (delivered to mailbox)

Thus we see again, mail is handled by the local_transport, local(8).

> Mar 16 21:54:56 poab postfix/qmgr[4195]: 856034E1FD1: removed
> 
> > Perhaps you'd be better off without the virtual mailboxes anyway?
> 
> Perhaps, and that's where i actually started from. Virtual users 
> are an attractive feature tough and as it didn't seem too 
> intimidating, i thought i could give it a try. 6 hours later, i
> was wiser.

Virtual mailboxes have their place, indeed, but more so for large 
numbers of domains and users. For a small-timer (as it sounds like 
you are), I wouldn't say they're attractive. Increased complexity, 
decreased functionality, [usually] security tradeoffs. (System users 
who own all and ONLY their own mail are not going to endanger others' 
mail. Virtual mailboxes typically are owned by a shared UID+GID, and 
a compromise of that UID or GID could threaten all mail.)

> I've gone back to the working PAM-config today and will try to 
> figure out SASL for now, maybe going back to virtual users later. 
> But i'm still interested in comments regarding the mydestination 
> issue, i can go back to the virtual user settings quickly to try.

If your domain is NOT listed in mydestination, but it IS listed in 
virtual_mailbox_domains, it will be handled by your 
virtual_transport. Quite as simple as that.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

More information about the dovecot mailing list