Abel Lucano writes:
>
> briefly:
> -qmail-1.0.3 + fastforward + dotforward running smoothly
>
> -3 userids: mingfs, mingca, mingdg
>
> -an inherited /etc/aliases big file with these 2 entries:
> mingfs-garcia: mingdg
> mingfs-calc: mingca
>
> when sending mail to an alias [EMAIL PROTECTED] (mingca's alias)
>
> <[EMAIL PROTECTED]>:
> Sorry, no mailbox here by that name. (#5.1.1)
>
> qmail try to send to an unexistent "mail list" belonging to a mingfs user
> overriding the alias entry in /etc/aliases
>
> my dirty solution(?) at this moment is put a .qmail-garcia file in ~mingfs
> for a while with an &mingdg line (horror!);
> I'm searching a real solution meantime.
-- Qmail Local Delivery
Qmail will only ever deliver mail to a non-root user. Every alias
match, every file delivery, every program delivery, is done under the
ageis of a known non-root user. Qmail (actually qmail-lspawn) has two
ways to determine which Unix user gets which mail.
---- User location via qmail-getpw
By default, qmail-lspawn will run an external program which searches
/etc/passwd for a matching username. This program will be run as the
qmailp user, must be named qmail-getpw, and located in the qmail bin
directory. It can be replaced by a program of your own choosing,
although at some risk of being overwritten should someone run make
setup in the qmail source directory (ordinarily a safe enough thing to
do). Not that *I* have ever done that--ever again.
Qmail-getpw is handed the entire local part of the address. It's
responsible for determining the UID, GID, and home directory of the
user, and for locating the user/extension split. The first three are
easy once the user has been determined. Qmail-getpw uses the
following search algorithm:
1) Set the user to the entire local string and the extension to null.
2) search /etc/passwd for a non-root user who owns their home directory.
3) If it's found, exit with the current user and extension.
4) Search from the end of the user for the break character
(usually '-').
5) If one was found, move the tail of the user to the head of the
extension, and go to step 2.
5) If none can be found, set the user to "alias", and the
extension to the entire local part.
This algorithm differs from the one originally used. At first, no
searching was done. The username was split from the extension by
searching from the left of the username for the break character. If
it was found, then the username and extension would be split right
there. If not, then the extension was empty.
Clearly this causes a problem if you have one user named "miller", and
another named "miller-ross". Miller would get all of the mail, and
miller-ross, none. Users control their own mail, and miller is the
user under this algorithm. One work-around is to create another user
named "miller_ross" with the same UID/GID/homedir, and to create a
~miller/.qmail-ross which forwards mail to miller_ross. Not a great
solution from a security standpoing, since miller controls
miller-ross's mail.
You might have hoped to create a ~alias/.qmail-miller-ross, but that
wouldn't have worked. The user under this algorithm was miller, and
miller controls his own mail, not alias. Fortunately, qmail now
searches for the longest matching name, which has solved that problem.
So now, qmail-getpw finds miller-ross, but only if she has an account
listed in /etc/passwd. What if her address is an alias? Several
possibilities come to mind:
o You could simply trust miller to leave the .qmail-ross file
alone. This is not completely out of the question--what if you
are doing this on a machine which has no user logins?
o You could create an account named miller-ross, and deal with the
mail from inside that account.
o You could direct the entire domain into a virtualdomain. The user
who controls the virtualdomains's delivery is presumably a trusted
postmaster. He can deal with miller-ross's mail by creating a
.qmail-miller-ross file. And he can deal with the rest of the
mail with a .qmail-default file containing:
|forward "$LOCAL"@localhost
Presumably localhost is in control/locals. If it isn't, you can
use any name that is.
o Or, you can use users/assign.
---- User location via users/assign
The other method for mapping a local address into a UID, GID, and home
directory of the user, and for locating the user/extension split, is
to use a database. /etc/passwd is a database with line-oriented
records, one record per line with colon-separated fields. So is
users/assign. The fields are different, and the file must end in a
single line with a period in it, but the files are generally similar.
To make the job of creating users/assign easier, qmail comes with a
program called qmail-pw2u. It reads /etc/passwd and writes
users/assign, according to certain rules. The base rules which are
always observed are the same ones as qmail-getpw (no root users, home
directory must exist, and home directory must be owned by user). In
addition, you can cause some users to be excluded by listing them in
users/exclude. Or you can cause all but some users to be excluded, by
listing them in users/include. And you can give users additional
names, so that if miller-ross was intended to be another name for
millerr, you could give them an entry in users/mailnames,
e.g. millerr:millerr,miller-ross.
Caution: Once you create a users/assign file, and build the users/cdb
database using qmail-newu, it stops deliveries based on /etc/passwd.
When you add a user, you MUST add them to users/assign, or re-run
qmail-pw2u.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
