Loading ...
Sorry, an error occurred while loading the content.
 

Virtual Mailboxes

Expand Messages
  • Carlos Williams
    I was speaking with someone about Postfix and they suggested I use virtual mailboxes rather than system accounts for mailboxes. They indicated there is no
    Message 1 of 9 , Jul 31, 2008
      I was speaking with someone about Postfix and they suggested I use
      "virtual" mailboxes rather than system accounts for mailboxes. They
      indicated there is no point in utilzing UID's for mailusers and system
      accounts simply for Postfix however there appears to be hundreds /
      thousands of available UID / GID in the pool. Do you guys / girls see
      a benefit in this methodology or even understand the theory mentioned?
      I have only 300 users on my server and they all have their own
      /home/user directory w/ Maildir style Inboxes. No since this is the
      only function of this machine (email / Postfix), they never login and
      all are set to /bin/nologin.

      Thanks for your input / feedback / suggestions.

      --
      Man your battle stations...
    • Jorey Bump
      ... I never liked the idea of creating system users just for email, although I did it for years. Even with unusable login shells, home directories can get
      Message 2 of 9 , Jul 31, 2008
        Carlos Williams wrote, at 07/31/2008 09:48 AM:
        > I was speaking with someone about Postfix and they suggested I use
        > "virtual" mailboxes rather than system accounts for mailboxes. They
        > indicated there is no point in utilzing UID's for mailusers and system
        > accounts simply for Postfix however there appears to be hundreds /
        > thousands of available UID / GID in the pool. Do you guys / girls see
        > a benefit in this methodology or even understand the theory mentioned?
        > I have only 300 users on my server and they all have their own
        > /home/user directory w/ Maildir style Inboxes. No since this is the
        > only function of this machine (email / Postfix), they never login and
        > all are set to /bin/nologin.

        I never liked the idea of creating system users just for email, although
        I did it for years. Even with unusable login shells, home directories
        can get pretty untidy and challenging to back up for mail purposes
        (although Maildir does help a bit, here). I wanted to both eliminate
        unnecessary system users and support additional authentication
        mechanisms in a unified way, so I switched to a Postfix/Cyrus IMAPd
        combination, using Cyrus SASL for authentication. It's not as easy as
        'adduser bob', but it compartmentalizes things in a way that fits my
        brain better. I wish I could find something similar for FTP (none of the
        daemons I like seem to support Cyrus SASL).
      • Carlos Williams
        ... Thanks for that info. So you controls this account creation operation? If you don t adduser bob in Linux, which application do you interface with to
        Message 3 of 9 , Jul 31, 2008
          On Thu, Jul 31, 2008 at 10:13 AM, Jorey Bump <list@...> wrote:
          > I never liked the idea of creating system users just for email, although I
          > did it for years. Even with unusable login shells, home directories can get
          > pretty untidy and challenging to back up for mail purposes (although Maildir
          > does help a bit, here). I wanted to both eliminate unnecessary system users
          > and support additional authentication mechanisms in a unified way, so I
          > switched to a Postfix/Cyrus IMAPd combination, using Cyrus SASL for
          > authentication. It's not as easy as 'adduser bob', but it compartmentalizes
          > things in a way that fits my brain better. I wish I could find something
          > similar for FTP (none of the daemons I like seem to support Cyrus SASL).

          Thanks for that info. So you controls this account creation operation?
          If you don't "adduser bob" in Linux,
          which application do you interface with to create a virtual mailbox?
          Is this done in Postfix or Cyrus? I don't plan on using
          Cyrus since I already have Dovecot approved and integrated into my
          email server. I agree that creating useless login ID's and home
          directories is messy and pointless but I am trying to understand how
          this whole process works. Can this be done alone with Postfix and
          Dovecot Imapd?
        • Jorey Bump
          ... Adding a user takes two steps: 1. Create the user s mailbox in Cyrus using the cyradm tool. 2. Create the user s SASL login credentials, which are shared
          Message 4 of 9 , Jul 31, 2008
            Carlos Williams wrote, at 07/31/2008 08:18 PM:

            > So you controls this account creation operation?
            > If you don't "adduser bob" in Linux,
            > which application do you interface with to create a virtual mailbox?
            > Is this done in Postfix or Cyrus?

            Adding a user takes two steps:

            1. Create the user's mailbox in Cyrus using the cyradm tool.
            2. Create the user's SASL login credentials, which are shared by Postfix
            and Cyrus (supporting various backends).

            > I don't plan on using
            > Cyrus since I already have Dovecot approved and integrated into my
            > email server. I agree that creating useless login ID's and home
            > directories is messy and pointless but I am trying to understand how
            > this whole process works. Can this be done alone with Postfix and
            > Dovecot Imapd?

            Postfix also supports Dovecot SASL, so you'll have unified
            authentication there, as well. At the time I chose Cyrus IMAPd, Dovecot
            was still in beta and had some serious bugs, but I hear it's very solid,
            now. I've only used it years ago with system users, so someone else will
            have to chime in about its virtual user/mailbox support.

            One thing I like about Cyrus IMAPd is that it accepts delivery via LMTP,
            which is simple, flexible and scalable. I don't know if Dovecot has
            support for LMTP (not exactly a showstopper, but it's nice to have the
            option).
          • Robert Spencer
            ... I m also still getting my brain rapped around the idea. I found the following article very informative, it even links to CGI scripts for
            Message 5 of 9 , Jul 31, 2008
              On 8/1/08, Carlos Williams <carloswill@...> wrote:
              > On Thu, Jul 31, 2008 at 10:13 AM, Jorey Bump <list@...> wrote:
              >> I never liked the idea of creating system users just for email, although I
              >> did it for years. Even with unusable login shells, home directories can
              >> get
              >> pretty untidy and challenging to back up for mail purposes (although
              >> Maildir
              >> does help a bit, here). I wanted to both eliminate unnecessary system
              >> users
              >> and support additional authentication mechanisms in a unified way, so I
              >> switched to a Postfix/Cyrus IMAPd combination, using Cyrus SASL for
              >> authentication. It's not as easy as 'adduser bob', but it
              >> compartmentalizes
              >> things in a way that fits my brain better. I wish I could find something
              >> similar for FTP (none of the daemons I like seem to support Cyrus SASL).
              >
              > Thanks for that info. So you controls this account creation operation?
              > If you don't "adduser bob" in Linux,
              > which application do you interface with to create a virtual mailbox?
              <...>

              I'm also still getting my brain rapped around the idea. I found the
              following article very informative, it even links to CGI scripts for
              administration:

              http://workaround.org/articles/ispmail-etch/

              Scripts and extra contributions to the above:

              http://workaround.org/moin/PostfixTutorialContributions

              Another app worth looking at:

              http://sourceforge.net/projects/postfixadmin/

              One other thing, I've heard rumours of the ability of postfix to
              automagically create the users mailbox. Hopefully someone else can
              shed light on that.

              --
              Robert Spencer
            • Sahil Tandon
              ... Not sure what you mean here, but FWIW, I have Postfix configured to deliver to Maildir/ -- if the Maildir directory structure does not already exist for a
              Message 6 of 9 , Aug 1 8:03 PM
                Robert Spencer <roach.list@...> wrote:

                > One other thing, I've heard rumours of the ability of postfix to
                > automagically create the users mailbox. Hopefully someone else can
                > shed light on that.

                Not sure what you mean here, but FWIW, I have Postfix configured to deliver
                to Maildir/ -- if the Maildir directory structure does not already exist for
                a new user receiving mail, Postfix (through its delivery agent) does
                automatically create it.

                --
                Sahil Tandon <sahil@...>
              • carconni
                Hi, I m having a problem with virtual mailboxes. I need to create a catchall mailbox. One of my engineers wants to run a script on the mailbox so I really
                Message 7 of 9 , Feb 3, 2009
                  Hi,

                  I'm having a problem with virtual mailboxes.  I need to create a catchall mailbox.  One of my engineers wants to run a script on the mailbox so I really don't want to create an alias to a mailbox in the /var/spool/imap/user directory.  My engineer needs access to this mailbox, but aside from the local admin account, he only has an ldap account.  (For this initial setup, I used the local account)

                  I tried to set up this mail box as described here: http://www.postfix.org/VIRTUAL_README.html, but the mailbox isn't working and I'm getting some strange errors.  For starters, I don't have a relay_domain map (file) or any reference to it in my main.cf file and yet I'm getting this error in my system.log:  

                  Feb  2 21:52:15 mailserver postfix/trivial-rewrite[28824]: warning: do not list domain mynewvirtual.domain.com in BOTH virtual_mailbox_domains and relay_domains
                  Feb  2 21:52:15 mailserver lmtpunix[28950]: warning: unable to post message for user: anyone@..., mail is not enabled for this user

                  In addition, Im getting a warning message that mail is not enabled for this user but it's a catchall account, there shouldn't be any users, so I'm somewhat confused.  The 502 uid in the postconf output is the local admin account uid.  Can someone tell me where I'm going wrong?  

                  I appreciate any help I can get.  In addition to the postconf -n, I also included the referring files.

                  mailserver:/etc/postfix root# postconf -n
                  alias_maps = hash:/etc/postfix/lmail/myco.aliases,hash:/var/mailman/data/aliases
                  command_directory = /usr/sbin
                  config_directory = /etc/postfix
                  daemon_directory = /usr/libexec/postfix
                  debug_peer_level = 2
                  enable_server_options = yes
                  html_directory = no
                  inet_interfaces = all
                  local_recipient_maps = proxy:unix:passwd.byname $alias_maps
                  luser_relay = 
                  mail_owner = postfix
                  mailbox_transport = cyrus
                  mailq_path = /usr/bin/mailq
                  manpage_directory = /usr/share/man
                  message_size_limit = 0
                  mydestination = $myhostname,localhost.$mydomain,localhost,mail.myco.com,corp.myco.com,mail.corp.myco.com
                  mydomain = myco.com
                  mydomain_fallback = localhost
                  myhostname = mail.myco.com
                  mynetworks = 127.0.0.1/32,172.16.0.0/16,172.18.0.0/16,172.20.0.0/16,208.137.15.43,27.36.24.228,10.1.0.0/16,208.44.136.0/22,55.81.44.0/23
                  mynetworks_style = host
                  newaliases_path = /usr/bin/newaliases
                  queue_directory = /private/var/spool/postfix
                  readme_directory = /usr/share/doc/postfix
                  recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
                  sample_directory = /usr/share/doc/postfix/examples
                  sendmail_path = /usr/sbin/sendmail
                  setgid_group = postdrop
                  smtpd_client_restrictions = hash:/etc/postfix/smtpdreject
                  smtpd_enforce_tls = no
                  smtpd_pw_server_security_options = login,plain,cram-md5,gssapi
                  smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
                  smtpd_sasl_auth_enable = yes
                  smtpd_sasl_local_domain = myco.com
                  smtpd_tls_CAfile = /etc/certificates/mail.myco.com.chcrt
                  smtpd_tls_cert_file = /etc/certificates/Default.crt
                  smtpd_tls_key_file = /etc/certificates/Default.key
                  smtpd_use_pw_server = yes
                  smtpd_use_tls = no
                  soft_bounce = no
                  unknown_local_recipient_reject_code = 550
                  virtual_alias_domains = /etc/postfix/virtual_domains
                  virtual_alias_maps = hash:/etc/postfix/virtual_alias,hash:/etc/postfix/vmail/alerts,hash:/etc/postfix/vmail/pager.aliases
                  virtual_gid_maps = static:502
                  virtual_mailbox_base = /var/vmail
                  virtual_mailbox_domains = mynewvirtual.domain.com
                  virtual_mailbox_maps = hash:/etc/postfix/vmailbox
                  virtual_minimum_uid = 100
                  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
                  virtual_uid_maps = static:502


                  virtual_mailbox_base = /var/vmail:  

                  mailserver:/etc/postfix root# ls /var/vmail/
                  blogs.myco.com mynewvirtual.domain.com media.myco.com customer1.com

                  virtual_mailbox_maps = hash:/etc/postfix/vmailbox:

                  mailserver:/etc/postfix root# vi vmailbox
                  @... mynewvirtual.domain.com/catchall

                  no mention of mynewvirtual.domain is made in virtual_alis_maps or virtual_alias_domains.

                  Thank you again


                • Brian Evans - Postfix List
                  ... Note, when obfuscating domains, please use example.(com|net|org). Is there any relay_domains or mydestination settings that include this new domain?
                  Message 8 of 9 , Feb 3, 2009
                    carconni wrote:
                    > Hi,
                    >
                    > I'm having a problem with virtual mailboxes. I need to create a
                    > catchall mailbox. One of my engineers wants to run a script on the
                    > mailbox so I really don't want to create an alias to a mailbox in the
                    > /var/spool/imap/user directory. My engineer needs access to this
                    > mailbox, but aside from the local admin account, he only has an ldap
                    > account. (For this initial setup, I used the local account)
                    >
                    > I tried to set up this mail box as described
                    > here: http://www.postfix.org/VIRTUAL_README.html, but the mailbox
                    > isn't working and I'm getting some strange errors. For starters, I
                    > don't have a relay_domain map (file) or any reference to it in my
                    > main.cf file and yet I'm getting this error in my system.log:
                    >
                    > /Feb 2 21:52:15 mailserver postfix/trivial-rewrite[28824]: warning:
                    > do not list domain mynewvirtual.domain.com in BOTH
                    > virtual_mailbox_domains and relay_domains/
                    > /Feb 2 21:52:15 mailserver lmtpunix[28950]: warning: unable to post
                    > message for user: anyone@...
                    > <mailto:anyone@...>, mail is not enabled for this
                    > user/
                    >

                    Note, when obfuscating domains, please use example.(com|net|org).

                    Is there any relay_domains or mydestination settings that include this
                    new domain?
                    relay_domains defaults to $mydestination

                    > In addition, Im getting a warning message that mail is not enabled for
                    > this user but it's a catchall account, there shouldn't be any users,
                    > so I'm somewhat confused. The 502 uid in the postconf output is the
                    > local admin account uid. Can someone tell me where I'm going wrong?
                    >
                    > I appreciate any help I can get. In addition to the postconf -n, I
                    > also included the referring files.
                    >
                    > mailserver:/etc/postfix root# postconf -n
                    > alias_maps =
                    > hash:/etc/postfix/lmail/myco.aliases,hash:/var/mailman/data/aliases
                    > mydestination =
                    > $myhostname,localhost.$mydomain,localhost,mail.myco.com,corp.myco.com,mail.corp.myco.com
                    > mydomain = myco.com
                    > mydomain_fallback = localhost
                    > myhostname = mail.myco.com
                    > mynetworks =
                    > 127.0.0.1/32,172.16.0.0/16,172.18.0.0/16,172.20.0.0/16,208.137.15.43,27.36.24.228,10.1.0.0/16,208.44.136.0/22,55.81.44.0/23
                    > virtual_alias_domains = /etc/postfix/virtual_domains

                    What is in here? I hope you do not repeat "mynewvirtual.domain.com"

                    > virtual_alias_maps =
                    > hash:/etc/postfix/virtual_alias,hash:/etc/postfix/vmail/alerts,hash:/etc/postfix/vmail/pager.aliases
                    > virtual_gid_maps = static:502
                    > virtual_mailbox_base = /var/vmail
                    > virtual_mailbox_domains = mynewvirtual.domain.com
                    > virtual_mailbox_maps = hash:/etc/postfix/vmailbox
                    > virtual_transport = lmtp:unix:/var/imap/socket/lmtp
                    > virtual_mailbox_base = /var/vmail:
                    >

                    When virtual_transport does not equal virtual(8) delivery agent, the
                    result of virtual_mailbox_maps and virtual_mailbox_base are ignored.
                    Any other transport must know what to do with what is given as
                    virtual_mailbox_maps exists as verification only.

                    >
                    > mailserver:/etc/postfix root# ls /var/vmail/
                    > blogs.myco.com mynewvirtual.domain.com media.myco.com customer1.com
                    >
                    > virtual_mailbox_maps = hash:/etc/postfix/vmailbox:
                    >
                    > mailserver:/etc/postfix root# vi vmailbox
                    > @... mynewvirtual.domain.com/catchall

                    result not used by Postfix

                    >
                    > no mention of mynewvirtual.domain is made in virtual_alis_maps or
                    > virtual_alias_domains.
                    Brian
                  • mouss
                    ... by default relay_domains=$mydestination so any *.$mydomain is a relay domain. if you don t want this, set relay_domains = ... this message was logged by
                    Message 9 of 9 , Feb 3, 2009
                      carconni a écrit :
                      > Hi,
                      >
                      > I'm having a problem with virtual mailboxes. I need to create a
                      > catchall mailbox. One of my engineers wants to run a script on the
                      > mailbox so I really don't want to create an alias to a mailbox in the
                      > /var/spool/imap/user directory. My engineer needs access to this
                      > mailbox, but aside from the local admin account, he only has an ldap
                      > account. (For this initial setup, I used the local account)
                      >
                      > I tried to set up this mail box as described
                      > here: http://www.postfix.org/VIRTUAL_README.html, but the mailbox isn't
                      > working and I'm getting some strange errors. For starters, I don't have
                      > a relay_domain map (file) or any reference to it in my main.cf

                      by default

                      relay_domains=$mydestination

                      so any *.$mydomain is a relay domain.

                      if you don't want this, set
                      relay_domains =



                      > file and
                      > yet I'm getting this error in my system.log:
                      >
                      > /Feb 2 21:52:15 mailserver postfix/trivial-rewrite[28824]: warning: do
                      > not list domain mynewvirtual.domain.com in BOTH virtual_mailbox_domains
                      > and relay_domains/
                      > /Feb 2 21:52:15 mailserver lmtpunix[28950]: warning: unable to post
                      > message for user: anyone@...
                      > <mailto:anyone@...>, mail is not enabled for this user/
                      >

                      this message was logged by something called "lmtpunix". this is not postfix.


                      > In addition, Im getting a warning message that mail is not enabled for
                      > this user but it's a catchall account, there shouldn't be any users, so
                      > I'm somewhat confused.

                      There is no such thing as "catchall" in postfix. so please please
                      explain what you mean and how you implemented it.

                      > The 502 uid in the postconf output is the local
                      > admin account uid.

                      since you changed virtual_transport, virtual_(uid|gid)_maps are useless.

                      > Can someone tell me where I'm going wrong?
                      >

                      you configure things for "virtual", yet you use another delivery agent.

                      > [snip]
                      > mailserver:/etc/postfix root# ls /var/vmail/
                      > blogs.myco.com mynewvirtual.domain.com media.myco.com customer1.com
                      >
                      > virtual_mailbox_maps = hash:/etc/postfix/vmailbox:
                      >
                      > mailserver:/etc/postfix root# vi vmailbox
                      > @... mynewvirtual.domain.com/catchall
                      >

                      the right hand side (mailbox path) is useless since you override
                      virtual_transport.

                      use virtual_alias_maps instead.

                      > no mention of mynewvirtual.domain is made in virtual_alis_maps or
                      > virtual_alias_domains.
                      >
                      > Thank you again
                      >
                      >
                    Your message has been successfully submitted and would be delivered to recipients shortly.