Hi Heiko,
Here is the router:
virtual_aliases:
driver = redirect
debug_print = "R: Check address using virtual_aliases for
$local_part@$domain"
allow_fail
allow_defer
hide data = CHECK_VIRTUAL_ALIASES
user = vmail
group = mail
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
#Dovecot auth check
# check_local_user
local_parts = ! root
transport = dovecot_lmtp
cannot_route_message = Unknown user
And this is the transport:
dovecot_lmtp:
driver = lmtp
socket = /var/run/dovecot/lmtp
#return_path_add
#maximum number of deliveries per batch, default 1
batch_max = 200
This might also be helpful (this is with check_local_user commented out in the
router)
--------> local_user router <--------
local_part=nosuchuser domain=domainproblem.com
checking domains
cached yes match for +local_domains
cached lookup data = NULL
domainproblem.com in "+local_domains"? yes (matched
"+local_domains" - cached)
checking local_parts
NoSuchUser in "! root"? yes (end of list)
R: local_user for nosuchuser at domainproblem.com
calling local_user router
local_user router called for NoSuchUser at domainproblem.com
domain = domainproblem.com
queued for dovecot_lmtp transport: local_part = nosuchuser
domain = domainproblem.com
errors_to=NULL
domain_data=NULL localpart_data=NULL
routed by local_user router
envelope to: NoSuchUser at domainproblem.com
transport: dovecot_lmtp
Cannot do callout: neither router nor transport provided a host list
----------- end verify ------------
deny: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check domains = +relay_to_domains
domainproblem.com in "empty"? no (end of list)
domainproblem.com in "+relay_to_domains"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "accept"
accept: condition test succeeded in ACL "acl_check_rcpt"
SMTP>> 250 Accepted
250 Accepted
This is when it?s not commented out:
--------> local_user router <--------
local_part=m.markov domain=domainproblem.com
checking domains
cached yes match for +local_domains
cached lookup data = NULL
domainproblem.com in "+local_domains"? yes (matched
"+local_domains" - cached)
checking local_parts
m.markov in "! root"? yes (end of list)
checking for local user
seeking password data for user "m.markov": using cached result
getpwnam() returned NULL (user not found)
local_user router skipped: m.markov is not a local user
I currently have check_local_user disabled because nobody will be able to
receive emails.
> On 17 Nov 2016, at 21:33, Heiko Schlittermann <hs at
schlittermann.de> wrote:
>
> Hi,
>
> Marti Markov <marti1234 at gmail.com> (Mi 16 Nov 2016 04:28:28 CET):
>> After adding the configuration bit:
>>
>> deny
>> message = invalid recipient
>> domains = +local_domains
>> !verify = recipient/callout=no_cache
>>
>> from: http://wiki2.dovecot.org/LMTP/Exim
<http://wiki2.dovecot.org/LMTP/Exim> running update-exim4.conf and service
exim4 restart
>>
>> the server is still accepting emails to recipients that do not exist in
dovecot.
>
> How is the router, targeting the messages to dovecot, configured? And
> how the transport, responsible for the delivery to dovecot?
>
> Best regards from Dresden/Germany
> Viele Gr??e aus Dresden
> Heiko Schlittermann
> --
> SCHLITTERMANN.de ---------------------------- internet & unix support -
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --------------- key ID: F69376CE -
> ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Heiko Schlittermann
2016-Nov-21 10:50 UTC
Exim still accepting emails to nonexistent users
Hi Marti, (Please do not send CC to my private account) Marti Markov <marti1234 at gmail.com> (Mo 21 Nov 2016 03:52:54 CET):> > Here is the router: > > virtual_aliases:?> hide data = CHECK_VIRTUAL_ALIASES> local_user: > debug_print = "R: local_user for $local_part@$domain" > driver = accept > domains = +local_domains > #Dovecot auth check > # check_local_user > local_parts = ! root > transport = dovecot_lmtp > > And this is the transport: > > dovecot_lmtp: > driver = lmtp > socket = /var/run/dovecot/lmtp > #return_path_add > #maximum number of deliveries per batch, default 1 > batch_max = 200Ok, the router cannot check the existence of the user. check_local_user won't help you, as long as the $local_part is not a system user locally. Basically you got 2 possibilities: a) check in the routing stage by accessing the user database -> testable with: exim -bv user at exampl.com b) check in the transport stage by using a callout -> testable with: swaks ? --pipe 'exim -bhc i.i.i.i' a) Routing stage You need to interact with the user database dovecot uses. Either you access the user database directory (flat file, LDAP, whatever) or you use the ${readsocket?} feature of Exim to talk to dovecot. b) Transport stage You need to configure the dovecot LMTP to refuse messages to unknown uses. This you can test using swaks (it's capable of talking LMTP). Once this LMTP works (refusing unknown users) you can use callouts for verification during SMTP time. (exim -bv ? will still tell you, that the message is *routable*, but exim -bh and the pipe mode of swaks may help you. Ha ?.> transport: dovecot_lmtp > Cannot do callout: neither router nor transport provided a host listThis can be 'fixed' if you use (not tested) dovecot_lmtp: driver = smtp protocol = lmtp host = localhost port = 2525 and have the dovecot LMTP run on a local TCP port Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20161121/e0c21988/attachment.sig>
Heiko Schlittermann
2016-Nov-21 11:16 UTC
Exim still accepting emails to nonexistent users
Hi, Heiko Schlittermann <hs at schlittermann.de> (Mo 21 Nov 2016 11:50:13 CET):> a) Routing stage > You need to interact with the user database dovecot uses. > Either you access the user database directory (flat file, LDAP, > whatever) or you use the ${readsocket?} feature of Exim to talk to > dovecot.The readsocket trick doesn't seem to work anymore. Using $ socat STDIO UNIX:/run/dovecot/auth-master < VERSION 1 1 < SPID 16290 > VERSION 1 1 > USER 42 hs12 service=imap < USER 1 hs12 uid=500 gid=500 home=/var/vmail/home/h/hs12 (the spaces are tabs). But using Exim exim -be '${readsocket{/run/dovecot/auth-userdb}{VERSION\t1\t1\nUSER\t1\hs12\tservice=imap\n}}' does not work. Exim closes the sending side right after the final \n with shutdown(2). Dovecot seems to see this as if the connection should be closed now and closes the connection, w/o any response. As it's not unusual to shutdown(2) the sender if the message is sent, I'd see this as a bug on the dovecot side. There is no reason to consider the connection as dead, just because the sender closed its sending side of the connection. Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20161121/ce9b50c2/attachment.sig>