dovecot - Apr 2011 - SUMMARY: LDA vs LMTP, Cyrus SASL, verbose_proctitle

A summary of answers I got to the questiosn I posed.
> Is there a reason I should prefer LMTP over LDA for local delivery?
Thanks for the responses I received.  The benefits reported were
more/better information logging, and service isolation.

Also, one significant advantage not mentioned for LMTP was that one
delivery failure to multiple recipients can be disambiguated; LDA can only
return an exit code to be tested by the MTA, but the MTA cannot know
which recipient(s) generated the error.

This problem present can itself, for example, when one user has a
full mailbox.  An LDA will return EX_TEMPFAIL, and the message will be
requeued, and delivery will be retried for all recipients (even those
that were successfully delivered to).
> The Wiki doesn't differentiates LMTP vs LDA with respect to sendmail
> configuration, so am I correct that I just need to replace mail.local
> with dovecot-lda, which will choose LDA/LMTP based on dovecot.conf?
Not that simple, but I finally did find my answer in the Dovecot archives.
It's too bad I had to spend hours tearing apart the sendmail docs before
finding it

 	http://www.dovecot.org/list/dovecot/2010-September/052936.html

The .mc version of the configuration:

 	# Use LMTP for local delivery over IPC channel
 	FEATURE(`local_lmtp',`[IPC]')

 	# Location of LMTP socket
 	define(`LOCAL_MAILER_ARGS', `FILE /path/to/dovecot/lmtp')

 	# Replace default sendmail LMTP options: the same options
 	# with the 'P' flag removed so that the Return-Path is not
 	# added (again?)
 	define(`LOCAL_MAILER_FLAGS', `SXmnz9')

 	MAILER(`local')

I haven't tried this yet, but this is pretty close.
> Also, can I consolidate authentication by configuring dovecot to use
> what sendmail uses (Cyrus SASL) or vice versa?  The Wiki hints this is
> in the works.
No response, so I guess the answer is no.
> Lastly, toggling verbose_proctitle seems to have no effect on the output
> of ps.  Is verbose_proctitle broken for Solaris?
The answer to is verbose_proctitle is broken for Solaris.  There is
no setproctitle(), and ps does not report changes to a process's argv[]:

 	echo "main(int c,char**v){**v='x';sleep(9);}" | \
 		gcc -xc -o y -; ./y; rm y &
 	ps -f

You'll have to use "lsof", "pfiles" or "doveadm
who" to get the information.

Joseph Tam <jtam.home at gmail.com>

On 2011-04-11 9:19 PM, Joseph Tam wrote:
> This problem present can itself, for example, when one user has a
> full mailbox.  An LDA will return EX_TEMPFAIL, and the message will be
> requeued, and delivery will be retried for all recipients (even those
> that were successfully delivered to).
I'm not using the dovecot LDA at the moment so cannot verify, but I
really don't think this is correct - it would be 'really bad' if it
was...

Timo?

-- 

Best regards,

Charles

On Mon, 2011-04-11 at 18:19 -0700, Joseph Tam wrote:
> Also, one significant advantage not mentioned for LMTP was that one
> delivery failure to multiple recipients can be disambiguated; LDA can only
> return an exit code to be tested by the MTA, but the MTA cannot know
> which recipient(s) generated the error.
In almost all setups MTA delivers mails to LDA one at a time. Multiple
deliveries are useful only if you want to try to get the same mail file
hard linked to all recipients. So normally this is a non-issue.
> > Lastly, toggling verbose_proctitle seems to have no effect on the
output
> > of ps.  Is verbose_proctitle broken for Solaris?
> 
> The answer to is verbose_proctitle is broken for Solaris.  There is
> no setproctitle(), and ps does not report changes to a process's
argv[]:
> 
>  	echo "main(int c,char**v){**v='x';sleep(9);}" | \
>  		gcc -xc -o y -; ./y; rm y &
>  	ps -f
IIRC /usr/ucb/ps shows the changes.

Timo Sirainen <tss at iki.fi> wrote:
> On Mon, 2011-04-11 at 18:19 -0700, Joseph Tam wrote:
> 
> > Also, one significant advantage not mentioned for LMTP was that one
> > delivery failure to multiple recipients can be disambiguated; LDA can
only
> > return an exit code to be tested by the MTA, but the MTA cannot know
> > which recipient(s) generated the error.
> 
> In almost all setups MTA delivers mails to LDA one at a time. Multiple
> deliveries are useful only if you want to try to get the same mail file
> hard linked to all recipients. So normally this is a non-issue.
I guess my sendmail is not normal.  The default configuration does pool
multiple recipient delivery and run mail.local with all these users as
arguments in one invocation.

dovecot-lda doesn't seem to support multiple recipients per invocation,
so this won't be a problem.  The implication for sendmail users,
though, is that multiple concurrent deliveries must be disabled if you
use dovecot-lda (the 'm' flag must be removed from LOCAL_MAILER_FLAGS)
as implicitely done in

 	http://wiki2.dovecot.org/LDA/Sendmail

I notice the 'A' flag is missing here: doesn't this kill aliasing? 
If and
when I can fully test my setup, I will update this page.
> >       echo "main(int c,char**v){**v='x';sleep(9);}"
| \
> >               gcc -xc -o y -; ./y; rm y &
> >       ps -f
> 
> IIRC /usr/ucb/ps shows the changes.
Ah.  I'll take your word for it since I only have the SysV stuff
installed.  Thanks for the info.

Joseph Tam <jtam.home at gmail.com>