- kclair wrote:
> Hi,both configurations are ok.
> I'm trying to determine what might be reasons for using
> virtual_uid_maps = static:NNNN
> versus assigning virtual uids on a per mailbox basis. Is it mostly
> for the sake of other programs accessing the mailbox? Or is there
> a security consideration from the standpoint of postfix?
In a "fully" static setup, the mailstore belongs to a single account,
and acces to mail must be done using this account or using the root
account (well, I am simplifying here, but if you play games with gid or
setuid, then the fully static setup is probably the wrong choice). in
general, users access their mail using a server (pop, imap, webmail) and
not by directly accessing files.
one thing that may be good or bad with a fully static setup is that the
MDA may put any mail anywhere (because it has full access to the
mailstore). so you can configure it to put mail for 'mouss' in 'kclair'
mailbox (without aliases/....). so, you must be careful if you use per
user mail filters (maildrop .mailfilter for instance): users must not be
able to deliver their junk into someone else mailbox. but this is not
very hard to enforce.
I personally use a fully static setup, as it makes it easy to retrain
bayes without resorting to a privileged program.
> Also, I can't quite make out what "static" means - does that just meanalmost all maps return a result based on a key. the static map always
> the same number will be used for the uid and gid?
return the same result. in your example 'NNNN' is returned whatever is
the recipient address.