Re: Postfix Virtual Users with maildrop
/dev/rob0 a écrit : On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote: Wietse Venema a écrit : Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. alternatively, make sure maildrop is setuid (isn't this the default?) and run it as a trusted user (the list of trusted users is configured at maildrop build time). check maildrop docs. Another alternative to consider, since the mailbox scheme seemed pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps populated as needed and desired. A simple scheme might be to use a common group for all (such as virtual_gid_maps=static:vmail) with separate UIDs per domain. A more complex approach can be done, such as separate UIDs per mailbox, and a shared GID per domain. Then you have to create your maildirs with correct ownership when creating a new account. That said, I prefer Wietse suggestion... I do too, except I don't see the need for maildrop in this scenario. Looks like a job for local(8) on its own. seems OP relies on maildrop filtering capabilities (I see a maildrop.rc in his post). Of course, in the dovecot case, I would use dovecot-sieve ...
Postfix Virtual Users with maildrop
Hello, I am trying to build a flexible mail system using different combinations of mailing softwares (eg. Postfix maildrop Dovecot, Exim Dovecot, qmail maildrop Courier IMAP ...), at any time system administrator may decide to interchange between combinations without making a design change. For that purpose I have chosen a hierarchy like this for storing mails (I am using qmail style Maildirs by the way): /var/mailsystem |-- user1 | |-- user1dom1.net | | |-- mailus...@user1dom1.net | | | `-- Maildir | | `-- mailus...@user1dom1.net | | `-- Maildir | `-- user1dom2.net | `-- m...@user1dom2.net | `-- Maildir `-- user2 `-- user2dom.net `-- testu...@user2dom.net `-- Maildir user1and user2 are Unix system users that may have zero or more mail accounts associated with their zero or more domains. /var/mailsystem/[user] directory and all its subdirectories owned by Unix system user [user] and have 0700 file permissions. When I use Postfix as MTA and maildrop as MDA, I have encountered a mail delivery problem related with user permissions. Here is my virtual trasnport line for maildrop in Postfix's master.cf file. maildrop unix - n n - - pipe flags=DRhu user=user1 argv=/usr/local/bin/maildrop -V 6 -w 90 /var/mailsystem/user1/${nexthop}/${us...@${nexthop}/maildrop.rc As you can see this only works for user user1 because of hardcoded user1 in service parameters. What I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. A solution for this problem may be setting maildrop's user id to root but since they may cause security compromise I don't like suid binaries.
Re: Postfix Virtual Users with maildrop
Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. Wietse
Re: Postfix Virtual Users with maildrop
Wietse Venema a écrit : Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. alternatively, make sure maildrop is setuid (isn't this the default?) and run it as a trusted user (the list of trusted users is configured at maildrop build time). check maildrop docs. That said, I prefer Wietse suggestion...
Re: Postfix Virtual Users with maildrop
On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote: Wietse Venema a écrit : Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. alternatively, make sure maildrop is setuid (isn't this the default?) and run it as a trusted user (the list of trusted users is configured at maildrop build time). check maildrop docs. Another alternative to consider, since the mailbox scheme seemed pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps populated as needed and desired. A simple scheme might be to use a common group for all (such as virtual_gid_maps=static:vmail) with separate UIDs per domain. A more complex approach can be done, such as separate UIDs per mailbox, and a shared GID per domain. Then you have to create your maildirs with correct ownership when creating a new account. That said, I prefer Wietse suggestion... I do too, except I don't see the need for maildrop in this scenario. Looks like a job for local(8) on its own. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header