Re: Postfix Virtual Users with maildrop
/dev/rob0 a écrit :
On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
Wietse Venema a écrit :
Emre Yazici:
I want to is to dynamically set corresponding user so that
Postfix can invoke maildrop with that user's permissions and
mail delivery be made with the correct user rights.
Use the Postfix local(8) delivery agent, and execute the maildrop
command via the mailbox_command (or mailbox_command_maps)
mechanism.
alternatively, make sure maildrop is setuid (isn't this the
default?) and run it as a trusted user (the list of trusted users
is configured at maildrop build time). check maildrop docs.
Another alternative to consider, since the mailbox scheme seemed
pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
populated as needed and desired. A simple scheme might be to use a
common group for all (such as virtual_gid_maps=static:vmail) with
separate UIDs per domain.
A more complex approach can be done, such as separate UIDs per
mailbox, and a shared GID per domain. Then you have to create your
maildirs with correct ownership when creating a new account.
That said, I prefer Wietse suggestion...
I do too, except I don't see the need for maildrop in this scenario.
Looks like a job for local(8) on its own.
seems OP relies on maildrop filtering capabilities (I see a
maildrop.rc in his post). Of course, in the dovecot case, I would use
dovecot-sieve ...
Postfix Virtual Users with maildrop
Hello,
I am trying to build a flexible mail system using different combinations
of mailing softwares (eg. Postfix maildrop Dovecot, Exim Dovecot,
qmail maildrop Courier IMAP ...), at any time system administrator
may decide to interchange between combinations without making a design
change. For that purpose I have chosen a hierarchy like this for storing
mails (I am using qmail style Maildirs by the way):
/var/mailsystem
|-- user1
| |-- user1dom1.net
| | |-- mailus...@user1dom1.net
| | | `-- Maildir
| | `-- mailus...@user1dom1.net
| | `-- Maildir
| `-- user1dom2.net
| `-- m...@user1dom2.net
| `-- Maildir
`-- user2
`-- user2dom.net
`-- testu...@user2dom.net
`-- Maildir
user1and user2 are Unix system users that may have zero or more mail
accounts associated with their zero or more domains.
/var/mailsystem/[user] directory and all its subdirectories owned by
Unix system user [user] and have 0700 file permissions.
When I use Postfix as MTA and maildrop as MDA, I have encountered a mail
delivery problem related with user permissions. Here is my virtual
trasnport line for maildrop in Postfix's master.cf file.
maildrop unix - n n - - pipe
flags=DRhu user=user1 argv=/usr/local/bin/maildrop -V 6 -w 90
/var/mailsystem/user1/${nexthop}/${us...@${nexthop}/maildrop.rc
As you can see this only works for user user1 because of hardcoded user1
in service parameters. What I want to is to dynamically set
corresponding user so that Postfix can invoke maildrop with that user's
permissions and mail delivery be made with the correct user rights.
A solution for this problem may be setting maildrop's user id to root
but since they may cause security compromise I don't like suid binaries.
Re: Postfix Virtual Users with maildrop
Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. Wietse
Re: Postfix Virtual Users with maildrop
Wietse Venema a écrit : Emre Yazici: I want to is to dynamically set corresponding user so that Postfix can invoke maildrop with that user's permissions and mail delivery be made with the correct user rights. Use the Postfix local(8) delivery agent, and execute the maildrop command via the mailbox_command (or mailbox_command_maps) mechanism. alternatively, make sure maildrop is setuid (isn't this the default?) and run it as a trusted user (the list of trusted users is configured at maildrop build time). check maildrop docs. That said, I prefer Wietse suggestion...
Re: Postfix Virtual Users with maildrop
On Fri, Feb 19, 2010 at 07:32:27PM +0100, mouss wrote:
Wietse Venema a écrit :
Emre Yazici:
I want to is to dynamically set corresponding user so that
Postfix can invoke maildrop with that user's permissions and
mail delivery be made with the correct user rights.
Use the Postfix local(8) delivery agent, and execute the maildrop
command via the mailbox_command (or mailbox_command_maps)
mechanism.
alternatively, make sure maildrop is setuid (isn't this the
default?) and run it as a trusted user (the list of trusted users
is configured at maildrop build time). check maildrop docs.
Another alternative to consider, since the mailbox scheme seemed
pretty simple, is to use virtual(8) with virtual_{gid,uid}_maps
populated as needed and desired. A simple scheme might be to use a
common group for all (such as virtual_gid_maps=static:vmail) with
separate UIDs per domain.
A more complex approach can be done, such as separate UIDs per
mailbox, and a shared GID per domain. Then you have to create your
maildirs with correct ownership when creating a new account.
That said, I prefer Wietse suggestion...
I do too, except I don't see the need for maildrop in this scenario.
Looks like a job for local(8) on its own.
--
Offlist mail to this address is discarded unless
/dev/rob0 or not-spam is in Subject: header
