Emre Yazici a écrit :
> /dev/rob0 yazm?s,:
>> On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
>>
>>> Wietse Venema a écrit :
>>>
>>>> Emre Yazici:
>>>>
>>>>> I want to is to dynamically set corresponding user so that Postfix
>>>>> can invoke maildrop with that user's permissions and mail delivery
>>>>> be made with the correct user rights.
>>>>>
>>>> Use the Postfix local(8) delivery agent, and execute the maildrop
>>>> command via the mailbox_command (or mailbox_command_maps) mechanism.
>>>>
>>> alternatively, make sure maildrop is setuid (isn't this the default?)
>>> and run it as a "trusted user" (the list of trusted users is
>>> configured at maildrop build time). check maildrop docs.
>>>
>>
>> Another alternative to consider, since the mailbox scheme seemed
>> pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
>> populated as needed and desired. A simple scheme might be to use a
>> common group for all (such as "virtual_gid_maps=static:vmail") with
>> separate UIDs per domain.
>>
>> A more complex approach can be done, such as separate UIDs per
>> mailbox, and a shared GID per domain. Then you have to create your
>> maildirs with correct ownership when creating a new account.
>>
>>
>>> That said, I prefer Wietse suggestion...
>>>
>>
>> I do too, except I don't see the need for maildrop in this scenario.
>> Looks like a job for local(8) on its own.
>>
> Using separate UID and a common GID leads to problem with maldrop
> because I use custom mailfilter file for each virtual user. From the
> maildrop manual page:
>
>> maildrop is very paranoid: both $HOME/.mailfilters, and
> $HOME/.mailfilters/filterfile must be owned by the user, and may not
> have any group or world permissions.
>
At the time I used maildrop, I didn't use $home/.mailfilter. Instead, I
included the user file from the global /etc/maildroprc. something like:
BASE=/some/path
USER=$1
DOMAIN=$2
exception {
include "${BASE}/${DOMAIN}/${USER}/maildrop.rc"
}
