On Sun, Jul 14, 2002 at 04:47:40PM +0200, Matthias Andree wrote: | Derrick 'dman' Hudson <dm...@dman.ddts.net> writes: | | > The MTA *still* won't deliver to a non-existant recipient. Instead of | > attempting a delivery, it will bounce the mail with an "address | > unroutable" message. | | Wrong. The MTA figures it needs to leave the delivery up to the MDA. The | MDA then will say EX_TEMPFAIL when it means EX_NOUSER -> bug. "No such | user" is a permanent condition and must not trigger a temporary error.

That's not how I use exim. First it checks the domain. If it is a local domain, then it checks the local part. It only accepts the RCPT TO if the local part is valid.

| > | Bounce proxy flooding cannot happen this way because the user could | > | just send direct mail instead. | > | > I'm not sure what bounce proxy flooding is. | | "delayed bounce". Send a *short* mail with a forged sender envelope | address to a qmail site or some other site that runs a software that | accepts mail for unknown users in the local domain, and wait. qmail (or | some other software) accepts the mail, figures the sender is unknown, | creates a bounce and sends it back to what it thinks is the originator | -- but it isn't because the envelope sender address was forged. Now do | that with multiple envelope recipients and see how many bounces that | site creates and floods the other site with.

Ahh, nice! A very good reason to check the local part at RCPT time rather than wait for the MDA to say "EX_NOUSER" and then send a bounce.

| > | With "mailbox_command=/usr/bin/maildrop plus options here", it's fine | > | with Postfix also, but that way, it won't work for virtual users (the | > | local(8) transport does not do this). With Postfix, you'd then have two | > | choices: use the virtual(8) transport, which is ultra-safe, but does not | > | support filtering or .forward, or use maildrop(8) as new transport, | > | which requires maildrop to return EX_NOUSER. (And yes, Postfix supports | > | rejecting mail for users outside virtual_mailbox_maps at the SMTP port, | > | but not at the sendmail port). | > | > Ahh, I see your problem. It's not that maildrop isn't a correctly | > functioning MDA, but rather it isn't a correctly functioning _postfix | > transport_, which requires a different interface. | | Nope. Maildrop violates /usr/include/sysexits.h by returning "temporary" | condition when it's a permanent condition. That's clearly a bug.

Maybe it is temporary ... maybe you didn't update the virtual db yet? (just a thought. maybe right, maybe wrong, maybe right when the admin "oopses")

| > | > It is simply a matter of configuring exim (or $MTA) properly, and then | > | > maildrop will never see messages it isn't supposed to be seeing. | > | | > | Depending in your needs, that simply won't work out. | > | > exim has support for ldap, postgresql, mysql, dbm, cdb, "lsearch", and | > other databases. Choose your poison :-). | | Postfix also has, but why bother to look that same thing up twice? cdb | is cheap, SQL or LDAP is not.

Yeah, why should maildrop duplicate the lookup?

| > | This is needed for virtual mailboxes delivered to virtual users. Virtual | > | users are not known to the Unix OS. | > | > Every UNIX process is run as some UNIX user. | | Yes, but you don't separate mail accounts by UNIX users (all virtual | users use the same UNIX user), but by path name.

True.

| > If maildrop is run as the user 'mail', and $HOME is set to, say | > /usr/local/mail/virtual/<domain>/<local_part>, then maildrop will look | > for /usr/local/mail/virtual/<domain>/<local_part>/.mailfilter as the | > filter file. maildrop would be happy, then, and not care that | > $local_part isn't a UNIX user. Alternatively, couldn't one just | > specify which filter file to use on the command line? | | You don't have multiple home directories for the same UNIX user.

Does maildrop reset $HOME according to the result of getpwnam()? I certainly hope not. If it does, then you're right that my "trick" won't work. The basis of my trick is using the MTA to set the environment (including $HOME) from the "virtual" data, and then maildrop simply reads the data and behaves properly without even knowing the word "virtual" exists.

-D

http://dman.ddts.net/~dman/