Hi,
while setting up my first Postfix (2.7) server on a Debian/Lenny
system, along with Dovecot (1.2.x), with most tables maintained in a
PostgreSQL database, I've hit a problem in the mail delivery part (as
opposed to receiving mail) for which I can't see a good solution. Some
advice and/or pointers to "best practice" papers would be much
appreciated.
Except for 'root' and a short list of admins, there are no system users
on the box. When ready, it should handle email for several domains. So
I understood that I have to follow the "virtual domains, no system
users" part of the VIRTUAL_README. I've done that and can now create an
email address and get emails delivered to the right mailbox, only by
manipulating database entries.
Now I also want to deliver emails to programs ("pipe:" transport?),
and/or run programs on email delivery, possibly in addition to storing
the email in a mailbox. So far, because of other factors (quota support
etc), I've decided to use Dovecot's LDA as the virtual_transport, but I
can't see neither in Postfix nor in Dovecot, how to run additional
programs for this purpose. Some use cases would be to facilitate SMS
alerting, which users should be able to switch on and off at their
discreetion, eg. based on the contents and/or sender and/or recipient
address of an email, or to duplicate the email in such a case to
different email addresses, or to feed a trouble ticket system or other
software package (ML managers etc), or forwarding some (not all) emails
to a different mail server, or when their quota is up, or whatever.
I've already tried to use transport_map entries to specify "local:"
delivery for those special emails, which would give me a home to work
in, plus (I think) reduced privileges, but Postfix still insisted on
delivering the email by "virtual:", ie, to Dovecot. Restarting Postfix
did have no effect.
So far, I see the following options:
* Add the affected domains to mydestination and switch them using the
alias mechanism. Very unwieldy, plus there is no easy way to drop
privileges while delivering email.
* Use a sieve script to copy such emails to special addresses which
are then handled according to the mechanism outlined above. Very
ugly and error prone, too.
* Use a different virtual_transport (which one?).
My basic postfix configuration (will be augmented to have policy
support etc), currently looks like this:
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
bounce_queue_lifetime = 5d
canonical_classes = envelope_sender, header_sender
canonical_maps = pgsql:/etc/postfix/canonical_maps
config_directory = /etc/postfix
default_process_limit = 100
disable_dns_lookups = no
local_recipient_maps = $alias_maps
mailbox_size_limit = 0
maximal_queue_lifetime = 5d
message_size_limit = 107286400
mydestination = bugs.oeko.net, w3.oeko.net, localhost.oeko.net, localhost
myhostname = w3.oeko.net
mynetworks = 127.0.0.1/32
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_sasl_mechanism_filter = plain
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_auth_destination
permit_sasl_authenticated reject_unauth_destination
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/*.oeko.net.crt
smtpd_tls_key_file = /etc/ssl/private/*.oeko.net.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
transport_maps = pgsql:/etc/postfix/transport_maps
virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps
virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps
virtual_mailbox_base = /srv/mailboxen/
virtual_mailbox_domains = pgsql:/etc/postfix/virtual_mailbox_domains
virtual_mailbox_limit = 107286400
virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps
virtual_transport = dovecot
virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps
Kind regards,
--Toni++
