Loading ...
Sorry, an error occurred while loading the content.
 

Postfix Virtual Users with maildrop

Expand Messages
  • Emre Yazici
    Hello, I am trying to build a flexible mail system using different combinations of mailing softwares (eg. Postfix & maildrop & Dovecot, Exim & Dovecot, qmail &
    Message 1 of 7 , Feb 19, 2010
      Hello,

      I am trying to build a flexible mail system using different combinations
      of mailing softwares (eg. Postfix & maildrop & Dovecot, Exim & Dovecot,
      qmail & maildrop & Courier IMAP ...), at any time system administrator
      may decide to interchange between combinations without making a design
      change. For that purpose I have chosen a hierarchy like this for storing
      mails (I am using qmail style Maildirs by the way):

      /var/mailsystem
      |-- user1
      | |-- user1dom1.net
      | | |-- mailuser1@...
      | | | `-- Maildir
      | | `-- mailuser2@...
      | | `-- Maildir
      | `-- user1dom2.net
      | `-- mail@...
      | `-- Maildir
      `-- user2
      `-- user2dom.net
      `-- testuser@...
      `-- Maildir


      user1and user2 are Unix system users that may have zero or more mail
      accounts associated with their zero or more domains.

      /var/mailsystem/[user] directory and all its subdirectories owned by
      Unix system user [user] and have 0700 file permissions.

      When I use Postfix as MTA and maildrop as MDA, I have encountered a mail
      delivery problem related with user permissions. Here is my virtual
      trasnport line for maildrop in Postfix's master.cf file.

      maildrop unix - n n - - pipe
      flags=DRhu user=user1 argv=/usr/local/bin/maildrop -V 6 -w 90
      /var/mailsystem/user1/${nexthop}/${user}@${nexthop}/maildrop.rc

      As you can see this only works for user user1 because of hardcoded user1
      in service parameters. What I want to is to dynamically set
      corresponding user so that Postfix can invoke maildrop with that user's
      permissions and mail delivery be made with the correct user rights.

      A solution for this problem may be setting maildrop's user id to root
      but since they may cause security compromise I don't like suid binaries.
    • Wietse Venema
      ... Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. Wietse
      Message 2 of 7 , Feb 19, 2010
        Emre Yazici:
        > I want to is to dynamically set
        > corresponding user so that Postfix can invoke maildrop with that user's
        > permissions and mail delivery be made with the correct user rights.

        Use the Postfix local(8) delivery agent, and execute the maildrop
        command via the mailbox_command (or mailbox_command_maps) mechanism.

        Wietse
      • mouss
        ... alternatively, make sure maildrop is setuid (isn t this the default?) and run it as a trusted user (the list of trusted users is configured at maildrop
        Message 3 of 7 , Feb 19, 2010
          Wietse Venema a écrit :
          > Emre Yazici:
          >> I want to is to dynamically set
          >> corresponding user so that Postfix can invoke maildrop with that user's
          >> permissions and mail delivery be made with the correct user rights.
          >
          > Use the Postfix local(8) delivery agent, and execute the maildrop
          > command via the mailbox_command (or mailbox_command_maps) mechanism.
          >

          alternatively, make sure maildrop is setuid (isn't this the default?)
          and run it as a "trusted user" (the list of trusted users is configured
          at maildrop build time). check maildrop docs.

          That said, I prefer Wietse suggestion...
        • /dev/rob0
          ... Another alternative to consider, since the mailbox scheme seemed pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps populated as needed and
          Message 4 of 7 , Feb 19, 2010
            On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
            > Wietse Venema a écrit :
            > > Emre Yazici:
            > >> I want to is to dynamically set corresponding user so that
            > >> Postfix can invoke maildrop with that user's permissions and
            > >> mail delivery be made with the correct user rights.
            > >
            > > Use the Postfix local(8) delivery agent, and execute the maildrop
            > > command via the mailbox_command (or mailbox_command_maps)
            > > mechanism.
            >
            > alternatively, make sure maildrop is setuid (isn't this the
            > default?) and run it as a "trusted user" (the list of trusted users
            > is configured at maildrop build time). check maildrop docs.

            Another alternative to consider, since the mailbox scheme seemed
            pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
            populated as needed and desired. A simple scheme might be to use a
            common group for all (such as "virtual_gid_maps=static:vmail") with
            separate UIDs per domain.

            A more complex approach can be done, such as separate UIDs per
            mailbox, and a shared GID per domain. Then you have to create your
            maildirs with correct ownership when creating a new account.

            > That said, I prefer Wietse suggestion...

            I do too, except I don't see the need for maildrop in this scenario.
            Looks like a job for local(8) on its own.
            --
            Offlist mail to this address is discarded unless
            "/dev/rob0" or "not-spam" is in Subject: header
          • mouss
            ... seems OP relies on maildrop filtering capabilities (I see a maildrop.rc in his post). Of course, in the dovecot case, I would use dovecot-sieve ...
            Message 5 of 7 , Feb 20, 2010
              /dev/rob0 a écrit :
              > On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
              >> Wietse Venema a écrit :
              >>> Emre Yazici:
              >>>> I want to is to dynamically set corresponding user so that
              >>>> Postfix can invoke maildrop with that user's permissions and
              >>>> mail delivery be made with the correct user rights.
              >>> Use the Postfix local(8) delivery agent, and execute the maildrop
              >>> command via the mailbox_command (or mailbox_command_maps)
              >>> mechanism.
              >> alternatively, make sure maildrop is setuid (isn't this the
              >> default?) and run it as a "trusted user" (the list of trusted users
              >> is configured at maildrop build time). check maildrop docs.
              >
              > Another alternative to consider, since the mailbox scheme seemed
              > pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
              > populated as needed and desired. A simple scheme might be to use a
              > common group for all (such as "virtual_gid_maps=static:vmail") with
              > separate UIDs per domain.
              >
              > A more complex approach can be done, such as separate UIDs per
              > mailbox, and a shared GID per domain. Then you have to create your
              > maildirs with correct ownership when creating a new account.
              >
              >> That said, I prefer Wietse suggestion...
              >
              > I do too, except I don't see the need for maildrop in this scenario.
              > Looks like a job for local(8) on its own.

              seems OP relies on maildrop "filtering" capabilities (I see a
              maildrop.rc in his post). Of course, in the dovecot case, I would use
              dovecot-sieve ...
            • Emre Yazici
              ... Using separate UID and a common GID leads to problem with maldrop because I use custom mailfilter file for each virtual user. From the ...
              Message 6 of 7 , Feb 20, 2010
                /dev/rob0 yazm?s,:
                > On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
                >
                >> Wietse Venema a écrit :
                >>
                >>> Emre Yazici:
                >>>
                >>>> I want to is to dynamically set corresponding user so that
                >>>> Postfix can invoke maildrop with that user's permissions and
                >>>> mail delivery be made with the correct user rights.
                >>>>
                >>> Use the Postfix local(8) delivery agent, and execute the maildrop
                >>> command via the mailbox_command (or mailbox_command_maps)
                >>> mechanism.
                >>>
                >> alternatively, make sure maildrop is setuid (isn't this the
                >> default?) and run it as a "trusted user" (the list of trusted users
                >> is configured at maildrop build time). check maildrop docs.
                >>
                >
                > Another alternative to consider, since the mailbox scheme seemed
                > pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
                > populated as needed and desired. A simple scheme might be to use a
                > common group for all (such as "virtual_gid_maps=static:vmail") with
                > separate UIDs per domain.
                >
                > A more complex approach can be done, such as separate UIDs per
                > mailbox, and a shared GID per domain. Then you have to create your
                > maildirs with correct ownership when creating a new account.
                >
                >
                >> That said, I prefer Wietse suggestion...
                >>
                >
                > I do too, except I don't see the need for maildrop in this scenario.
                > Looks like a job for local(8) on its own.
                >
                Using separate UID and a common GID leads to problem with maldrop
                because I use custom mailfilter file for each virtual user. From the
                maildrop manual page:

                > maildrop is very paranoid: both $HOME/.mailfilters, and
                $HOME/.mailfilters/filterfile must be owned by the user, and may not
                have any group or world permissions.
              • mouss
                ... At the time I used maildrop, I didn t use $home/.mailfilter. Instead, I included the user file from the global /etc/maildroprc. something like:
                Message 7 of 7 , Feb 20, 2010
                  Emre Yazici a écrit :
                  > /dev/rob0 yazm?s,:
                  >> On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
                  >>
                  >>> Wietse Venema a écrit :
                  >>>
                  >>>> Emre Yazici:
                  >>>>
                  >>>>> I want to is to dynamically set corresponding user so that Postfix
                  >>>>> can invoke maildrop with that user's permissions and mail delivery
                  >>>>> be made with the correct user rights.
                  >>>>>
                  >>>> Use the Postfix local(8) delivery agent, and execute the maildrop
                  >>>> command via the mailbox_command (or mailbox_command_maps) mechanism.
                  >>>>
                  >>> alternatively, make sure maildrop is setuid (isn't this the default?)
                  >>> and run it as a "trusted user" (the list of trusted users is
                  >>> configured at maildrop build time). check maildrop docs.
                  >>>
                  >>
                  >> Another alternative to consider, since the mailbox scheme seemed
                  >> pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
                  >> populated as needed and desired. A simple scheme might be to use a
                  >> common group for all (such as "virtual_gid_maps=static:vmail") with
                  >> separate UIDs per domain.
                  >>
                  >> A more complex approach can be done, such as separate UIDs per
                  >> mailbox, and a shared GID per domain. Then you have to create your
                  >> maildirs with correct ownership when creating a new account.
                  >>
                  >>
                  >>> That said, I prefer Wietse suggestion...
                  >>>
                  >>
                  >> I do too, except I don't see the need for maildrop in this scenario.
                  >> Looks like a job for local(8) on its own.
                  >>
                  > Using separate UID and a common GID leads to problem with maldrop
                  > because I use custom mailfilter file for each virtual user. From the
                  > maildrop manual page:
                  >
                  >> maildrop is very paranoid: both $HOME/.mailfilters, and
                  > $HOME/.mailfilters/filterfile must be owned by the user, and may not
                  > have any group or world permissions.
                  >

                  At the time I used maildrop, I didn't use $home/.mailfilter. Instead, I
                  included the user file from the global /etc/maildroprc. something like:

                  BASE=/some/path
                  USER=$1
                  DOMAIN=$2
                  exception {
                  include "${BASE}/${DOMAIN}/${USER}/maildrop.rc"
                  }
                Your message has been successfully submitted and would be delivered to recipients shortly.