On 2011-07-29 18:37, Andrea Ganduglia wrote:
Hi. I have a little issue with postfix and dovecot. Below you can find
my actual configuration, this works well if I use virtual_transport =
virtual but if I add those lines:
transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
my outbound traffic try to authenticate recipients and delivery fails
Jul 27 23:01:24 boxnic postfix/pipe[27788]: 1C3B525481B4:
to=<u...@example.com>, relay=spamassassin, delay=0.22,
delays=0.15/0/0/0.07, dsn=2.0.0, status=sent (delivered via
spamassassin service)
Jul 27 23:01:24 boxnic dovecot: auth(default): master in:
USER#0111#011u...@example.com#011service=deliver
Jul 27 23:01:24 boxnic dovecot: auth-worker(default):
sql(u...@example.com): SELECT maildir, 1001 AS uid, 1001 AS gid FROM
mailbox WHERE username = 'u...@example.com'
Jul 27 23:01:24 boxnic dovecot: auth-worker(default):
sql(u...@example.com): Unknown user
Jul 27 23:01:24 boxnic postfix/pipe[27704]: 47DF825481B6:
to=<u...@example.com>, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
dsn=5.1.1, status=bounced (user unknown)
in /etc/postfix/mysql_virtual_transport.cf I'm using this fake query:
SELECT "dovecot" AS transport;
My god, why is this so complicated ?
You're adding extra transport maps to a transport that is already the
default virtual transport, to override transport maps that are empty.
And to top it off, you're using a mysql map to return a static result.
Also, you're not using maildrop as a transport, so the above recipient
limit is never applied.
Seriously, consider unfscking this config.
If you set virtual_transport to dovecot (and I'm not saying that you
should), don't put it in a transport map.
Vice versa, if you put dovecot in a transport map, don't set it as your
virtual_transport.
When in doubt, do not hijack the default workings of postfix - it will
only cause trouble.
With dovecot inbound mail follows this route postfix -> spamassassin
-> dovecot -> sieve -> Maildir (it works!)
but outbound mail follows the same way, while I think should be
postfix -> smptd -> send (in any case with virtual pipe on
spamassissin!).
So apply your spam filter to the incoming connection only.
I assume you're using submission (port 587, SASL +TLS) for mail
submission - and if you're not, you should.
This leaves you free to add your content_filter to the port 25 smtpd(8)
listener.
How can I split delivery into two distinct paths for outbound and
inbound messages?
By using submission to submit outbound mail.
--master.cf--
smtp inet n - n - - smtpd
-o content_filter=spamassassin
That should be inbound only; prevent outbound users from using it by
REJECTing envelope senders in your domain(s).
maildrop unix - n n - - pipe
flags=DRhu user=postfix argv=/usr/bin/maildrop -d ${recipient}
Never used.
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
${sender} -d ${recipient}
This is used.
--
J.
