Re: Virtual users @ virtual domains / better documentation?
Le Tue, 09 Mar 2021 08:47:12 -0900,
justina colmena ~biz a écrit :
> If the $virtual_alias_maps directive invalidates virtual mailboxes,
> then "the usual" aliases (postmaster@, etc.) for the virtual domains
> would have to be listed in
> /etc/aliases
> along with the non-virtual aliases, but this does not work either,
> and generates a warning when "newaliases" is run.
>
> postalias: warning: /etc/aliases, line 99: name must be local
>
> So as far as I can tell, no aliasing at all is available for
> "virtual_mailbox_domains" in postfix
/etc/aliases for local alias only. Use "virtual_alias_maps =
hash:$config_directory/virtual" for virtual addresses
(left-hand) resolution to virtual and or (local addresses if need to)
(right-hand) on this table.
Then set in postfix main.cf the *_transport:
virtual_transport = lmtp:unix:private/dovecot-lmtp # this path is
relative to /var/spool/postfix/
mailbox_transport = ${virtual_transport}
> I am still unsure how to authenticate the virtual users on postfix.
> PAM authentication works fine for non-virtual users. The following
> command gives two options for authentication: cyrus-sasl and
> dovecot-sasl.
>
> # postconf -a
> cyrus
> dovecot
>
> Postfix also works with cyrus-sasl if the passwords are set in
> "/etc/sasldb2" via the "saslpasswd2" command, but dovecot doesn't
> seem to work with cyrus-sasl, and has its own type of sasl
> authentication.
>
> I realize this is not a postfix list, so my real question here is,
> What do I need in order for dovecot to authenticate the virtual users
> and allow them to read their mail and obtain authorization to send
> mail via postfix on the same system?
cyrus-sasl isn't needed if you're running dovecot (dovecot does provide
an SASL authentication socket).
From postfix view, use in main.cf:
smtpd_sasl_security_options = noanymous, noactive, nodictionary
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth # this path is relative to
/var/spool/postfix/
From dovecot view, configure a service auth:
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
Then for your virtual users, you'll need to maintain a virtual users
table backend (be it flat file, SQL, etc.):
Re: Virtual users @ virtual domains / better documentation?
> I have configured postfix so it will deliver mail to virtual mailboxes. For > some reason, the mail is not delivered to the virtual mailboxes unless both > $virtual_alias_domains and $virtual_alias_maps are left undefined: these > directives are apparently for aliasing virtual users "@" virtual domains to > "real" unix users on the local system. > > --%%== > # ADDRESS REDIRECTION (VIRTUAL DOMAIN) > # > # The VIRTUAL_README document gives information about the many forms > # of domain hosting that Postfix supports. > virtual_mailbox_domains = domain1.example.org domain2.example.com > virtual_transport = virtual > #virtual_alias_domains = domain1.example.org domain2.example.com > virtual_mailbox_base = /var/mail/vhosts > virtual_mailbox_maps = hash:/etc/postfix/vmailbox > virtual_minimum_uid = 100 > virtual_uid_maps = static:5000 > virtual_gid_maps = static:5000 > #virtual_alias_maps = hash:/etc/postfix/virtual > ==%-- First of all I won't recommend using native postfix 'virtual' delivery agent, if you already have dovecot as the mailbox server. It will work ok, as long as you use standard mailbox or maildir store in dovecot, but does not allow to use some dovecot-specific options, does not allow more modern storage formats (dbox), does not update indexes at delivery time and does not allow to run sieve scripts. IMO it's better to use either dovecot-lda configured as a postfix 'pipe' service, or LMTP. > If the $virtual_alias_maps directive invalidates virtual mailboxes, then "the > usual" aliases (postmaster@, etc.) for the virtual domains would have to be > listed in > /etc/aliases > along with the non-virtual aliases, but this does not work either, and > generates a warning when "newaliases" is run. > > postalias: warning: /etc/aliases, line 99: name must be local > > So as far as I can tell, no aliasing at all is available for > "virtual_mailbox_domains" in postfix Yes, there's no easy way to do aliases in postfix for a domain that's declared as virtual_mailbox. You can alias virtual_mailbox domain addresses to local adresses, virtual_alias to virtual_mailbox, but not virtual_mailbox to virtual_mailbox, if I am correct. If you switch to dovecot-lda or LMTP, the aliases are best handled on the dovecot side by appropriate userdb setup. Using a database is handy. You could also setup virtual_mailbox_maps in postfix to use the same database so you have the same source of data. For my small setup I use sqlite, but one could use mysql. > I am still unsure how to authenticate the virtual users on postfix. PAM > authentication works fine for non-virtual users. The following command > gives two options for authentication: cyrus-sasl and dovecot-sasl. > > # postconf -a > cyrus > dovecot > Use smtpd_sasl_* settings and configure dovecot to provide auth listener socket (either UNIX or TCP). -- Piotr "Malgond" Auksztulewicz firstn...@lastname.net
Virtual users @ virtual domains / better documentation?
I have configured postfix so it will deliver mail to virtual mailboxes. For some reason, the mail is not delivered to the virtual mailboxes unless both $virtual_alias_domains and $virtual_alias_maps are left undefined: these directives are apparently for aliasing virtual users "@" virtual domains to "real" unix users on the local system. --%%== # ADDRESS REDIRECTION (VIRTUAL DOMAIN) # # The VIRTUAL_README document gives information about the many forms # of domain hosting that Postfix supports. virtual_mailbox_domains = domain1.example.org domain2.example.com virtual_transport = virtual #virtual_alias_domains = domain1.example.org domain2.example.com virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 #virtual_alias_maps = hash:/etc/postfix/virtual ==%-- If the $virtual_alias_maps directive invalidates virtual mailboxes, then "the usual" aliases (postmaster@, etc.) for the virtual domains would have to be listed in /etc/aliases along with the non-virtual aliases, but this does not work either, and generates a warning when "newaliases" is run. postalias: warning: /etc/aliases, line 99: name must be local So as far as I can tell, no aliasing at all is available for "virtual_mailbox_domains" in postfix I am still unsure how to authenticate the virtual users on postfix. PAM authentication works fine for non-virtual users. The following command gives two options for authentication: cyrus-sasl and dovecot-sasl. # postconf -a cyrus dovecot Postfix also works with cyrus-sasl if the passwords are set in "/etc/sasldb2" via the "saslpasswd2" command, but dovecot doesn't seem to work with cyrus-sasl, and has its own type of sasl authentication. I realize this is not a postfix list, so my real question here is, What do I need in order for dovecot to authenticate the virtual users and allow them to read their mail and obtain authorization to send mail via postfix on the same system? signature.asc Description: This is a digitally signed message part.
