> I think your approach would work, however, if I set > up aliases similar to: > > @barbaz.mydomain.com -> barbaz at mydomain.com. > > I believe I can do that in postfix with some regex magic.Yes, that would work perfectly without any regex. You just point the catchall alias to the "user". @barbaz.mydomain.com -> barbaz at mydomain.com> one stumbling block could be that we don't > know the various subdomains ahead of time. > > The subdomain can be any value that the user > wants, and we don't want them to have to > precreate them before they can use an addressBest to my knowledge this is not possible with postfix. But ask the postfix mailing list to get a definitive answer. In postfix you have to tell it the domains it accepts mail for, anything else it considers relaying. Otherwise how does postfix know that email is meant to be saved here or it is just passing through and you want postfix to query DNS to find out where it goes (if relaying is even allowed).> The purpose of the system is that users can create disposable/temporary > email addresses for various testing jobs.Are you aware of postfix recipient_delimiter? It allows for disposable / wild card addresses. If enabled in postfix, you setup a mailbox user like barbaz at mydomain.com and any address with that user and the delimiter would still get delivered to that user. barbaz at mydomain.com -> barbaz at mydomain.com barbaz+randomtext at mydomain.com -> barbaz at mydomain.com barbaz+test1 at mydomain.com -> barbaz at mydomain.com You can change the + to any symbol you want postfix to look out for.> I think my "creating users" was me wanting to make sure that when > postfix > passes an email for "barbaz at mydomain.com" to Dovecot, then Dovecot will > store it and wait for > someone to come along and impersonate barbaz. i.e. "barbaz" doesn't > have to exist as a user > already before Dovecot will store the mail.If you are using LMTP dovecot will only accept emails from postfix that it can lookup the /directory/path to from one of the userdb{} or passdb{} sections. If dovecot can not find a match in any of the userdb{} or passdb{} it will reject the email as user unknown causing postfix to send a undeliverable notice email back to the envelope sender address, also known as back-scatter. I am not aware of a way to use wildcard addresses in dovecot userdb{}, i don't think its possible but i don't know what i don't know.
Interesting. Have you looked at this? https://serverfault.com/questions/133190/host-wildcard-subdomains-using-postfix [People have too much "flair" and rep points and I can't participate in those stackexchange discussions or ask or answer like I used to.] On October 27, 2021 3:15:01 PM AKDT, dovecot at ptld.com wrote:>> I think your approach would work, however, if I set >> up aliases similar to: >> >> @barbaz.mydomain.com -> barbaz at mydomain.com. >> >> I believe I can do that in postfix with some regex magic. > >Yes, that would work perfectly without any regex. >You just point the catchall alias to the "user". >@barbaz.mydomain.com -> barbaz at mydomain.com > > > >> one stumbling block could be that we don't >> know the various subdomains ahead of time. >> >> The subdomain can be any value that the user >> wants, and we don't want them to have to >> precreate them before they can use an address > >Best to my knowledge this is not possible with postfix. But ask the >postfix mailing list to get a definitive answer. In postfix you have to >tell it the domains it accepts mail for, anything else it considers >relaying. Otherwise how does postfix know that email is meant to be >saved here or it is just passing through and you want postfix to query >DNS to find out where it goes (if relaying is even allowed). > > > >> The purpose of the system is that users can create disposable/temporary >> email addresses for various testing jobs. > >Are you aware of postfix recipient_delimiter? It allows for disposable / >wild card addresses. If enabled in postfix, you setup a mailbox user >like barbaz at mydomain.com and any address with that user and the >delimiter would still get delivered to that user. > > barbaz at mydomain.com -> barbaz at mydomain.com > barbaz+randomtext at mydomain.com -> barbaz at mydomain.com > barbaz+test1 at mydomain.com -> barbaz at mydomain.com > >You can change the + to any symbol you want postfix to look out for. > > > >> I think my "creating users" was me wanting to make sure that when >> postfix >> passes an email for "barbaz at mydomain.com" to Dovecot, then Dovecot will >> store it and wait for >> someone to come along and impersonate barbaz. i.e. "barbaz" doesn't >> have to exist as a user >> already before Dovecot will store the mail. > >If you are using LMTP dovecot will only accept emails from postfix that >it can lookup the /directory/path to from one of the userdb{} or >passdb{} sections. If dovecot can not find a match in any of the >userdb{} or passdb{} it will reject the email as user unknown causing >postfix to send a undeliverable notice email back to the envelope sender >address, also known as back-scatter. I am not aware of a way to use >wildcard addresses in dovecot userdb{}, i don't think its possible but i >don't know what i don't know.-- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20211027/4a285bce/attachment.html>
On Thu, 28 Oct 2021 at 00:15, <dovecot at ptld.com> wrote:> > I think your approach would work, however, if I set > > up aliases similar to: > > > > @barbaz.mydomain.com -> barbaz at mydomain.com. > > > > I believe I can do that in postfix with some regex magic. > > Yes, that would work perfectly without any regex. > You just point the catchall alias to the "user". > @barbaz.mydomain.com -> barbaz at mydomain.com > >I've managed to get this working in postfix - I needed the regex rather than a static map, as I need to extract the unknown subdomain portion but it seems to be working. I have been able to get postfix to save it to a file as well and it seems to work as I expected.> [..] > > The purpose of the system is that users can create disposable/temporary > > email addresses for various testing jobs. > > Are you aware of postfix recipient_delimiter? It allows for disposable / > wild card addresses. If enabled in postfix, you setup a mailbox user > like barbaz at mydomain.com and any address with that user and the > delimiter would still get delivered to that user. > > barbaz at mydomain.com -> barbaz at mydomain.com > barbaz+randomtext at mydomain.com -> barbaz at mydomain.com > barbaz+test1 at mydomain.com -> barbaz at mydomain.com > > You can change the + to any symbol you want postfix to look out for. >We were using this approach on a different domain but our issue was that we have multiple people on the same piece of work and so they needed to share access to all of the mails. We decided on the approach I'm describing as we also wanted to have control at the DNS level to do this such as expiring addresses.> > > I think my "creating users" was me wanting to make sure that when > > postfix > > passes an email for "barbaz at mydomain.com" to Dovecot, then Dovecot will > > store it and wait for > > someone to come along and impersonate barbaz. i.e. "barbaz" doesn't > > have to exist as a user > > already before Dovecot will store the mail. > > If you are using LMTP dovecot will only accept emails from postfix that > it can lookup the /directory/path to from one of the userdb{} or > passdb{} sections. If dovecot can not find a match in any of the > userdb{} or passdb{} it will reject the email as user unknown causing > postfix to send a undeliverable notice email back to the envelope sender > address, also known as back-scatter. I am not aware of a way to use > wildcard addresses in dovecot userdb{}, i don't think its possible but i > don't know what i don't know. >So I think this will be the main issue now - there's no way of knowing the addresses ahead of time, so it sounds like I'll need to add them to userdb{} when they hit postfix and before they get passed to dovecot. For my sins I'm building this on Kubernetes so dovecot is on a separate "machine" at the moment. The userdb will be in postgres, as I'm using that for other things, so I guess I'll need to update that in postfix somewhere. This is a fairly low volume system, so I can probably take the hit of a DB query per email. Currently postfix doesn't even seem to be attempting to talk to dovecot but that's one for the postfix list. Thanks again for the help. Cheers, Felix -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20211028/cc8b12bd/attachment.html>