Re: Dovecot passdb and postfix login
It seems to me that you have
passdb {
args = /etc/dovecot/local_sql_users.conf
driver = sql
}
but you don't have
userdb {
args = /etc/dovecot/local_sql_users.conf
driver = sql
}
Regards,
Ivo.
On 22.5.2020. 19:18, Laura Smith wrote:
Hi,
Long story short I've got a fully functional Dovecot IMAP instance and I am now
looking to upgrade some perimiter authenticated SMTP relays to authenticate
against the Dovecot instance.
Trouble is that I am seeing errors such as "auth: Warning: sql: Ignoring changed
user_query in /etc/dovecot/local_sql_users.conf, because userdb sql not used." in my
Postfix server logs and not able to successfully authenticate via AUTH LOGIN on the
Postfi instance.
Perhaps I'm missing something obvious from my config ? Here is the doveconf -n
from the Postfix server in question:
# 2.3.10.1 (a3d0e1171): /etc/dovecot/dovecot.conf
# OS: Linux 4.19.0-9-amd64 x86_64 Debian 10.4
# Hostname: foobar.example.com
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1:7
disable_plaintext_auth = no
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/local_sql_users.conf
driver = sql
}
service auth {
inet_listener {
address = 127.0.0.1
port = 7425
}
inet_listener {
address = ::1
port = 7425
}
unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl = no
The local_sql_users.conf is the same one that's used on the functioning IMAP
servers, just copied accross to the authenticated relay server:
$ sudo cat /etc/dovecot/local_sql_users.conf
driver = pgsql
connect = host=foo dbname=bar user=secret password=squirrel
default_pass_scheme = ARGON2ID
password_query = select dovecot_username as user,password from get_user('%u')
user_query = select 'vmail' as uid, 'vmail' as gid
iterate_query = select dovecot_username as user from get_users()
Re: Hierarchy separator recommendation?
On 26.4.2020. 12:17, Markus Winkler wrote:
Doesn't it, in the end, all come to translation from IMAP names
(user,folder) to OS filesystem names within dovecot (at some
benchmark tests expense) ? :-)
No, as there's a difference between "namespace / hierarchy" (mailbox
name) and "layout" separators (OS filesystem).
Hi Markus,
I was trying to write wannabe-joke / philosophical / theoretical
comment. It seems that I failed :-(
What I tried to say is something like this :
If some character is forbidden for usage in file or folder name in your
OS who stands in your way to "escape it" or use mappings e.g. use
9ca6aead2310a010cf445099d8c731490329f9af (result of
SHA1('Markus.Winkler')) instead of Markus.Winkler if '.' creates a
problem. You need just one additional file to record mapping info and
some CPU cycles / IO operations to do mappings every time you need to
access it (hence mentioning benchmark tests). Yes, admins would "love"
that and yes, this comment had no real value for dovecot users. Sorry.
Have a nice day,
Ivo.
Re: Hierarchy separator recommendation?
On 24.04.20 17:56, Admin Beckspaced wrote: what sort of troubles did you run into with the dot '.' as namespace separator? disadvantages could be: - shared folders with dots in user names - if you want to use dots in folder names What disadvantages are when using '/' as namespace separator? Why is '.' default (at least in .deb packages) if it is worse then '/' ? Doesn't it, in the end, all come to translation from IMAP names (user,folder) to OS filesystem names within dovecot (at some benchmark tests expense) ? :-)
Re: replication_full_sync_interval
On 14.4.2020. 17:35, Aki Tuomi wrote: Those full syncs are not done precisely on the clock. If there is lots of other operations going on, such as higher priority syncs, they get done first. Aki Good to know. I was afraid that something is not working as it should. Thanks Aki. Ivo
Re: got a listener on 993
Maybe this thread can help you with your first question :
https://dovecot.org/pipermail/dovecot/2014-August/097488.html
On 13.4.2020. 20:52, David Mehler wrote:
Hello,
Before I get in to my question is ssl on 993 or starttls on 143 better
from a security perspective?
I've noticed that I've got a dovecot listener on port 993, below is my
doveconf -n output I don't have an imaps listener uncommented should I
do so and set it's port to 0? Will that disable the 993 listener?
Thanks.
Dave.
# 2.3.10 (0da0eff44): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.10 (bf8ef1c2)
# OS: FreeBSD 12.1-RELEASE-p2 amd64
# Hostname: hostname.example.com
auth_cache_size = 10 M
auth_default_realm = example.com
auth_mechanisms = plain login
auth_realms = example.com
dict {
lastlogin = mysql:/usr/local/etc/dovecot/dovecot-last-login.conf
}
first_valid_gid = 2100
first_valid_uid = 2100
hostname = hostname.example.com
imap_client_workarounds = delay-newhostname tb-extra-hostnamebox-sep
tb-lsub-flags
imap_idle_notify_interval = 1 mins
last_valid_gid = 2100
last_valid_uid = 2100
lda_hostnamebox_autocreate = yes
lda_hostnamebox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = xxx.xxx.xxx.xxx
lmtp_rcpt_check_quota = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
hostname_access_groups = vhostname
hostname_fsync = never
hostname_gid = vhostname
hostname_home = /var/vhostname/hostnameboxes/%d/%n
hostname_location = dbox:~/hostname
hostname_plugins = acl fts fts_lucene mail_log notify quota trash
virtual welcome zlib mail_crypt
hostname_privileged_group = vhostname
hostname_server_admin = hostnameto:postmas...@example.com
hostname_uid = vhostname
managesieve_notify_capability = hostnameto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment hostnamebox date index ihave duplicate mime foreverypart
extracttext spamtest spamtestplus virustest editheader imapflags
notify imapsieve vnd.dovecot.imapsieve
namespace {
location =
sdbox:/var/vhostname/public/:CONTROL=~/hostname/public:INDEX=~/hostname/public
prefix = Public/
separator = /
subscriptions = yes
type = public
}
namespace {
hidden = no
list = yes
location =
hostnamedir:/var/vhostname/shared/office/.hostnamedir:CONTROL=~/.hostnamedir/control/office:INDEX=~/.hostnamedir/index/office
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
hostnamebox Drafts {
auto = subscribe
special_use = \Drafts
}
hostnamebox Sent {
auto = subscribe
special_use = \Sent
}
hostnamebox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
hostnamebox Trash {
auto = subscribe
autoexpunge = 30 days
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
fts = lucene
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_autoindex_exclude3 = \Spam
fts_autoindex_max_recent_msgs = 80
fts_index_timeout = 90
fts_lucene = whitespace_chars=@. normalize no_snowball
imapsieve_hostnamebox1_before =
file:/var/vhostname/sieve/global/learn-spam.sieve
imapsieve_hostnamebox1_causes = COPY
imapsieve_hostnamebox1_name = Spam
imapsieve_hostnamebox2_before =
file:/var/vhostname/sieve/global/learn-ham.sieve
imapsieve_hostnamebox2_causes = COPY
imapsieve_hostnamebox2_from = Spam
imapsieve_hostnamebox2_name = *
last_login_dict = proxy::lastlogin
last_login_key = # hidden, use -P to show it
hostname_crypt_curve = prime256v1
hostname_crypt_global_private_key = # hidden, use -P to show it
hostname_crypt_global_public_key = # hidden, use -P to show it
hostname_crypt_save_version = 2
hostname_log_events = delete undelete expunge copy
hostnamebox_delete hostnamebox_rename
hostname_log_fields = uid box msgid size
quota = count:User quota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_grace = 10%%
quota_rule2 = Trash:ignore
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 hostnamebox is full
quota_status_success = DUNNO
quota_vsizes = true
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
quota_warning5 = storage=75%% quota-warning 75 %u
sieve =
file:/var/vhostname/sieve/%d/%n/scripts;active=/var/vhostname/sieve/%d/%n/active-script.sieve
sieve_before = /var/vhostname/sieve/global/spam-global.sieve
sieve_extensions = +notify +imapflags
replication_full_sync_interval
Default value for replication_full_sync_interval is 24 hours. How is it then possible to get doveadm replicator status results like this one username priority fast sync full sync success sync failed someuser none 24:23:39 24:23:39 24:23:37 - # doveconf -a | grep replication_full_sync_interval replication_full_sync_interval = 1 days # dovecot --version 2.2.33.2 (d6601f4ec)
Re: %d ignored from auth-passwdfile.conf.ext configuration file
Did you try to log in as user "test" or "test@some_domain" ?
Is seems to me that you did not use full username (Error:
passwd-file(test,).
( %d domain domain part in user@domain, empty if user with no domain )
On 13.4.2020. 11:05, Andrei Petru Mura wrote:
I try to configure dovecot with virtual users. I put my users file in
folder /etc/dovecot/my_domain_name/users.
My auth-passwdfile.conf.ext file looks like this:
passdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/%d/users
}
When I try to log in, I get this:
dovecot: auth: Error:
passwd-file(test,some.ip.addr.here,):
stat(/etc/dovecot//users) failed: No such file or directory
As you can see, %d isn't interpreted. Why is this happening? Any hints?
Thanks,
Mura Andrei
doveadm replicator command
Can someone please explain to me what do commands "doveadm replicator add" and "doveadm replicator remove" really do. According to https://wiki.dovecot.org/Tools/Doveadm/Replicator they "Add the specified user(s) to the replicator." and "Remove the specified user from replicator.". Do they really do that? Since the default list of users for replication comes from doveadm user '*' (https://wiki.dovecot.org/Replication) I tried removing one user (e.g. xyz) from replication by using "doveadm replicator remove xyz" and it didn't work. Namely, after entering that command the only thing that I noticed is that "doveadm replicator status xyz" does not return any information. BUT, as soon as one mail arrives for that user "doveadm replicator status xyz" displays valid information and mail is replicated. Thanks in advance for any reply. # dovecot --version 2.2.33.2 (d6601f4ec)
Re: Re: Warning: Failed to do incremental sync
I am getting a lot of these messages (on the master side of replication) : dovecot: doveadm: Error: dsync-remote(userxyz): Warning: Failed to do incremental sync for mailbox INBOX, retry with a full sync (Modseq 81589 no longer in transaction log) Having "Error" and "Warning" on the same line is confusing, to start with. If I get it right. it means that very often (incremental) sync fails and replication starts again after 5 min but this time by doing full sync, which, I guess, is not good (more resources used). Since I am doing only one way replication what could be the reason for those errors/warnings? Nothing is changing files on the remote side besides dsync-server. Is there anything I can do to "fix" this ? # dovecot --version 2.2.33.2 (d6601f4ec)
Re: [Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
On Mon, 16 Jan 2012 18:20:39 +0200, Mark Sapiro m...@msapiro.net wrote: On 11:59 AM, IVO GELOV (CRM) wrote: The limitation of 1 message per week for any unique combination of sender/recipient does not stop backscatter - because each message can come with a new forged FROM address, and from different compromised mail servers. The spammer does not have control over the body of the auto-replies (which is something like I am not at the office, please write to my colleagues), but it still may cause the victims to take some measures. All true, but the sender in the sender/recipient combination is the forged From: that ultimately receives the backscatter and the recipient is your local user who set the vacation autoresponse. If you only have one or two local users on vacation at a time, any given backscatter recipient could receive at most one or two backscatter messages per week regardless of how many compromised servers the spammer sends from. And this assumes the spam is initially sent to multiple local users on vacation and gets past your local spam filtering. I don't know about you, but I have more significant potential backscatter sources to worry about. I see your point and I agree with you this is a minor problem. Thanks for your time, Mark. Best wishes, Ivo Gelov
Re: [Dovecot] Dovecot unable to locate mailbox
On Mon, 16 Jan 2012 14:38:44 +0200, Jason X, Maney jsxmo...@gmail.com wrote: Dear all, I hope someone can point me in the right direction. here. I have setup my Dovecot v2.0.13 on Ubuntu 11.10. The logs tells me that the mail location has failed as follows: = Jan 16 14:18:16 myservername dovecot: pop3-login: Login: user=userA, method=PLAIN, rip=aaa.bbb.ccc.ddd, lip=www.xxx.yyy.zzz, mpid=1360, TLS Jan 16 14:18:16 myservername dovecot: pop3(userA): Error: user molla: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/userA Jan 16 14:18:16 myservername dovecot: pop3(userA): Error: Invalid user settings. Refer to server log for more information. = Yet my config also come out strangely as below: # path given in the mail_location setting. # mail_location = maildir:~/Maildir # mail_location = mbox:~/mail:INBOX=/var/mail/%u # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n mail_location = maildir:~/Maildir # explicitly, ie. mail_location does nothing unless you have a namespace # mail_location, which is also the default for it. Hi, Jason. I will describe my configuration and probably you will find some usefull information. I am using Postfix as MTA and have configured Dovecot to be LDA. I have several domains, so I am using the following folder schema: /var/mail/vhosts = the root of the mail storage /var/mail/vhosts/domain_1 = first domain /var/mail/vhosts/domain_1/user_1 = first mailbox in this domain /var/mail/vhosts/domain_2 = another domain /var/mail/vhosts/domain_2/user_1 = first mailbox in the other domain This is achieved with the following setting in mail.conf: mail_location = maildir:/var/mail/vhosts/%d/%n But since I do not want to manually go and create the corresponding folders each time I add new user (I manage accounts through a MySQL table), I also use the following setting in lda.conf: lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes Perhaps you only need to add the latter settings in lda.conf and everything should run fine. Best wishes, IVO GELOV
Re: [Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
On Sun, 15 Jan 2012 23:36:48 +0200, Mark Sapiro m...@msapiro.net wrote: IVO GELOV (CRM) wrote: I still think that my idea with custom error codes is more useful - if the user is on vacation, the message is rejected immediately (no auto-reply is sent) and sender can see (hopefully, because most users just ignore error messages) the reason why the messages was rejected. A 4xx status will not do this. It should just cause the sending MTA to keep the message queued and keep retrying. Depending on the sending MTA's retry and notification policies, the sender may see no error or delay notification for several days. If you really want the sender to immediately see a rejection, you have to use a 5xx status. Yes, you are right. The error code is the smallest difficulty :)
Re: [Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
On Sun, 15 Jan 2012 23:50:02 +0200, Mark Sapiro m...@msapiro.net wrote: On 11:59 AM, Charles Marcus wrote: On 2012-01-14 12:23 PM, IVO GELOV (CRM) i...@crm.walltopia.com wrote: I have downloaded the latest version 4.0 - but it seems there is no way to prevent spammers to use forged email addresses. I decided to remove the vacation feature from our corporate mail server, because it actually opens a backdoor (even though only when someone decides to activate his vacation auto-reply) for spammers and puts a risk on the company (our server can be blacklisted). Sorry, I misread your message... However, (I *think*) there *is* a simple solution to your problem, if I now understand it correctly... Simply disallow anyone sending from an email address in your domain from sending without SASL_AUTHing... I don't see how this will help. The scenario the OP is concerned about is spammer@foreign.domain sends a message with forged From: and maybe envelope sender victim@other.foreign.domain to his user on vacation. The vacation program sends an autoresponse to the victim. However, why worry about this minimal backscatter? A good vacation program will not send more that one autoresponse per long time (a week?) for a given sender/recipient and won't include the original spam payload. So, even though a spammer might use this backdoor to cause your server to send messages to multiple recipients, the messages should not have spam payloads and shouldn't be sent more that once to a given end recipient. The limitation of 1 message per week for any unique combination of sender/recipient does not stop backscatter - because each message can come with a new forged FROM address, and from different compromised mail servers. The spammer does not have control over the body of the auto-replies (which is something like I am not at the office, please write to my colleagues), but it still may cause the victims to take some measures.
Re: [Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
On Sun, 15 Jan 2012 14:33:24 +0200, Charles Marcus cmar...@media-brokers.com
wrote:
On 2012-01-14 12:23 PM, IVO GELOV (CRM) i...@crm.walltopia.com wrote:
I have downloaded the latest version 4.0 - but it seems there is no
way to prevent spammers to use forged email addresses. I decided to
remove the vacation feature from our corporate mail server, because
it actually opens a backdoor (even though only when someone decides
to activate his vacation auto-reply) for spammers and puts a risk on
the company (our server can be blacklisted).
Sorry, I misread your message...
However, (I *think*) there *is* a simple solution to your problem, if I
now understand it correctly...
Simply disallow anyone sending from an email address in your domain from
sending without SASL_AUTHing...
The way I do this is:
in main.cf (I put all of my restrictions in
smtpd_recipient_restrictions) add:
check_sender_access ${hash}/nospoof,
somewhere after reject_unauth_destination *but before any RBL checks)
where nospoof contains:
# Prevent spoofing from domains that we own
allowed_addre...@example.com OK
allowed_addre...@example.com OK
example.com REJECT You must use sasl_auth to send from one of our
example.com email addresses...
and of course be sure to postmap the nospoof database after making any
changes...
These are the restrictions I apply (or had been applying for some time).
Anyway, for now I simply disabled the vacation plugin.
smtpd_client_restrictions = permit_mynetworks, check_client_access
mysql:/etc/postfix/sender_ip, permit_sasl_authenticated, reject_unknown_client
#reject_rhsbl_client blackhole.securitysage.com, reject_rbl_client
opm.blitzed.org,
#smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_client_access mysql:/etc/postfix/client_sql, reject_rbl_client
sbl.spamhaus.org, reject_rbl_client list.dsbl.org,reject_rbl_client
cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client
dnsbl.ahbl.org, permit
#smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_client_access mysql:/etc/postfix/client_ok, reject_rbl_client
sbl.spamhaus.org, reject_rbl_client list.dsbl.org,reject_rbl_client
cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client
dnsbl.ahbl.org, reject_unknown_client
###, check_policy_service inet:127.0.0.1:10040, reject_rbl_client
sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client
dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.ahbl.org
#,reject_rbl_client opm.blitzed.org, reject_rbl_client relays.ordb.org,
reject_rbl_client dun.dnsrbl.net
#REJECT_NON_FQDN_HOSTNAME - proverka dali HELO e pylno Domain ime (sus suffix)
#smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_rhsbl_sender rhsbl.ahbl.org, reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender multi.surbl.org
#reject_rhsbl_sender blackhole.securitysage.com, reject_rhsbl_sender
opm.blitzed.org,
#smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_sender_access mysql:/etc/postfix/sender_sql, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_rhsbl_sender rhsbl.ahbl.org,
reject_rhsbl_sender block.rhs.mailpolice.com, reject_rhsbl_sender
rhsbl.sorbs.net, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender
dsn.rfc-ignorant.org, permit
#, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rhsbl_sender
relays.ordb.org, reject_rhsbl_sender dun.dnsrbl.net
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unauth_pipelining, check_recipient_access
regexp:/etc/postfix/dspam_incoming
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
Re: [Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
On Fri, 13 Jan 2012 20:03:36 +0200, Charles Marcus cmar...@media-brokers.com wrote: On 2012-01-13 12:11 PM, IVO GELOV (CRM) i...@crm.walltopia.com wrote: I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address. I think you are using an extremely old/outdated version... The latest version would not suffer this problem, because it has a lot of message types that it will *not* respond to, including messages appearing to be from yourself... Get the latest version fro the postfixadmin package. However, I don't know how to use it without also using postfixadmin (it creates databases for storing the vacation message, etc)... I have downloaded the latest version 4.0 - but it seems there is no way to prevent spammers to use forged email addresses. I decided to remove the vacation feature from our corporate mail server, because it actually opens a backdoor (even though only when someone decides to activate his vacation auto-reply) for spammers and puts a risk on the company (our server can be blacklisted). I still think that my idea with custom error codes is more useful - if the user is on vacation, the message is rejected immediately (no auto-reply is sent) and sender can see (hopefully, because most users just ignore error messages) the reason why the messages was rejected. Probably Dovecot-auth does not offer such flexibility right now - but it worths considering.
[Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation
Hello to all members. I am using Dovecot for 5 years, but this is my first post here. I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address. Forging can be prevented with several Postfix settings, which I did in the past - but was forced to remove, because our company occasionaly has clients with improper configurations and those settings prevent us to receive their legitimate mail (and this of course is not good for the business). So I have though about another idea. Since I use Dovecot-auth to verify mailbox existence - I just wonder is it possible to somehow indicate specific error code (and hopefully descriptive text also) to Postfix (e.g. 450 or some other temporary failure) when the owner of the mailbox is currently on vacation ? Best wishes, IVO GELOV
