dovecot lmtp and virtual_mailbox_maps

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

dovecot lmtp and virtual_mailbox_maps

David Wells - Alfavinil S.A.
Good afternoon.

Dovecot is relaying mails to users that do not exist in the
virtual_mailbox_maps to the dovecot lmtp. I'm using dovecot's lmtp to
deliver mails for a virtual domain. The relevant postfix conf is as follows
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_mailbox_domains = example.com
> virtual_mailbox_maps = hash:/etc/postfix/vmailbox
> virtual_transport = lmtp:unix:private/dovecot-lmtp

The file virtual contains the following entry
> [hidden email]    postmaster

The file vmailbox contains the following entries
> [hidden email]    OK
> [hidden email]    OK

If I send an email to the address [hidden email] it is
successfully delivered to the mailbox as expected but if I send an email
to the address [hidden email], which isn't listed in the map, it
also gets delivered to the dovecot-lmtp process and as dovecot has the
option "allow_all_users=yes" in it's userdb it delivers it to a user
that doesn't exist. What I make of the documentation found in
http://www.postfix.org/VIRTUAL_README.html#in_virtual_other is that if
the recipient of the mail isn't listed in the map it should not get
delivered to the lmtp process so, is my interpretation of the document
wrong or is there something else to it?

Thank you very much in advance.
Best regards,
David Wells.


Reply | Threaded
Open this post in threaded view
|

Re: dovecot lmtp and virtual_mailbox_maps

@lbutlr
On Sep 26, 2019, at 1:29 PM, David Wells - Alfavinil S.A. <[hidden email]> wrote:
> and as dovecot has the option "allow_all_users=yes”

Simple, don’t do that.

Somewhere in your chain something has to validate the users, otherwise yes, everything will be accepted because that is what you told the system to do.


--
"I hate to advocate drugs, alcohol, violence, or insanity to anyone, but
they've always worked for me." --Hunter Thompson

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lmtp and virtual_mailbox_maps

David Wells - Alfavinil S.A.
I have to, i'm authenticating users against samba's ldap using gssapi.

Isn't postfix supposed to stop the mail before handing it to lmtp if
it's own map doesn't include the recipient?

Thanks!
Best regards,
David Wells.


El 26/09/2019 a las 17:08, @lbutlr escribió:
> On Sep 26, 2019, at 1:29 PM, David Wells - Alfavinil S.A. <[hidden email]> wrote:
>> and as dovecot has the option "allow_all_users=yes”
> Simple, don’t do that.
>
> Somewhere in your chain something has to validate the users, otherwise yes, everything will be accepted because that is what you told the system to do.
>
>

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lmtp and virtual_mailbox_maps

Viktor Dukhovni
In reply to this post by David Wells - Alfavinil S.A.
> On Sep 26, 2019, at 3:29 PM, David Wells - Alfavinil S.A. <[hidden email]> wrote:
>
> The file vmailbox contains the following entries
>> [hidden email]    OK
>> [hidden email]    OK
>
> If I send an email to the address [hidden email] it is
> successfully delivered to the mailbox as expected but if I send an email
> to the address [hidden email], which isn't listed in the map, it
> also gets delivered to the dovecot-lmtp process

Depends on *how* you send it.  The unlisted address should
be rejected via SMTP, but would be accepted via local
submission.

> and as dovecot has the
> option "allow_all_users=yes" in it's userdb it delivers it to a user
> that doesn't exist. What I make of the documentation found in
> http://www.postfix.org/VIRTUAL_README.html#in_virtual_other is that if
> the recipient of the mail isn't listed in the map it should not get
> delivered to the lmtp process so, is my interpretation of the document
> wrong or is there something else to it?

Once the message enters the queue, recipient validation is no longer
in scope, and it is delivered to the transport for the destination.

--
        Viktor.