Re: using virtual_uid_maps with maildrop transport
[For clarity, I have re-added the remainder of my email that was snipped.] * Wietse Venema wie...@porcupine.org [150801 16:58]: Marvin Renich: Whether you have one real user for all virtual users or a setup with one real user for each of many virtual domains, you must still have at least one real user, Nope, that is incorrect. The UNIX kernel does not care if a UID or GID has a symbolic user-land name, and therefore virtual(8) does not require that, either. Your mis-conception invalidates all your further arguments. I apologize for not making myself more clear. When I said real user it was to differentiate it from virtual user (i.e. the recipient user name in the virtual domain). user was not intended to imply user name, only an identity (uid w/ or w/o an entry in /etc/passwd) that the virtual(8) driver uses for delivery. The point I was trying to make was that allowing a numeric uid is good, but allowing the admin to choose between using a numeric uid or a user name from /etc/passwd (or other user database used by getpwent(3)) is better and has a significant advantage for migration or disaster recovery. possibly many. If the only way to specify the real user(s) is by numeric ID, then the configuration must be edited when moving the postfix setup to another machine (and depending on how it is edited, there might be a significant chance for mistakes). If names were allowed, this would not be necessary. In either case, you must ensure that the new machine has the appropriate real users with their Maildir folders. I don't see a reason to not allow names, and allowing names makes things easier. These questions are on the same general topic, but do not depend on whether the above suggestion is accepted or rejected: Btw, I do not see anything in either the virtual(8) man page or the descriptions of virtual_mailbox_maps, virtual_uid_maps, or virtual_gid_maps in postconf(5) that describes what happens if virtual_mailbox_maps has an entry for a virtual user, but virtual_uid_maps does not. What real uid is used to deliver the mail? Also, if virtual_uid_maps has an entry for a user, but virtual_gid_maps does not, how is the real gid determined? ...Marvin
Re: using virtual_uid_maps with maildrop transport
* Viktor Dukhovni postfix-us...@dukhovni.org [150723 09:17]: Not possible. The virtual_uid_maps parameter is a feature of the virtual(8) not the pipe(8) transport. And it stores a numeric uid, not a login name. Why do virtual_uid_maps and virtual_gid_maps require a numeric uid/gid? Allowing names is much more robust. If you migrate your postfix setup to a different existing machine, or if you have a catastrophic failure and restore by starting with a fresh distribution installation and then restoring the postfix configuration from backups, the uid/gid's for the real users that manage the virtual users may be different, but presumably the names will be the same. Now you have to fetch the old passwd and group files and translate the numbers in the virtual_uid_maps and virtual_gid_maps files. Is there some security or other reason that I am missing to not allow names? If not, would a feature request to allow this be welcome? ...Marvin
Re: using virtual_uid_maps with maildrop transport
Marvin Renich: * Wietse Venema wie...@porcupine.org [150801 15:52]: Marvin Renich: * Viktor Dukhovni postfix-us...@dukhovni.org [150723 09:17]: Not possible. The virtual_uid_maps parameter is a feature of the virtual(8) not the pipe(8) transport. And it stores a numeric uid, not a login name. Why do virtual_uid_maps and virtual_gid_maps require a numeric uid/gid? The primary reason virtual(8) exists is to support non-UNIX accounts. For example, all mailboxes can have the same UID and GID. The local(8) delivery agent is for UNIX accounts only. Whether you have one real user for all virtual users or a setup with one real user for each of many virtual domains, you must still have at least one real user, Nope, that is incorrect. The UNIX kernel does not care if a UID or GID has a symbolic user-land name, and therefore virtual(8) does not require that, either. Your mis-conception invalidates all your further arguments. Wietse
Re: using virtual_uid_maps with maildrop transport
Marvin Renich: * Viktor Dukhovni postfix-us...@dukhovni.org [150723 09:17]: Not possible. The virtual_uid_maps parameter is a feature of the virtual(8) not the pipe(8) transport. And it stores a numeric uid, not a login name. Why do virtual_uid_maps and virtual_gid_maps require a numeric uid/gid? The primary reason virtual(8) exists is to support non-UNIX accounts. For example, all mailboxes can have the same UID and GID. The local(8) delivery agent is for UNIX accounts only. Wietse
Re: using virtual_uid_maps with maildrop transport
* Wietse Venema wie...@porcupine.org [150801 15:52]: Marvin Renich: * Viktor Dukhovni postfix-us...@dukhovni.org [150723 09:17]: Not possible. The virtual_uid_maps parameter is a feature of the virtual(8) not the pipe(8) transport. And it stores a numeric uid, not a login name. Why do virtual_uid_maps and virtual_gid_maps require a numeric uid/gid? The primary reason virtual(8) exists is to support non-UNIX accounts. For example, all mailboxes can have the same UID and GID. The local(8) delivery agent is for UNIX accounts only. Whether you have one real user for all virtual users or a setup with one real user for each of many virtual domains, you must still have at least one real user, possibly many. If the only way to specify the real user(s) is by numeric ID, then the configuration must be edited when moving the postfix setup to another machine (and depending on how it is edited, there might be a significant chance for mistakes). If names were allowed, this would not be necessary. In either case, you must ensure that the new machine has the appropriate real users with their Maildir folders. I don't see a reason to not allow names, and allowing names makes things easier. Btw, I do not see anything in either the virtual(8) man page or the descriptions of virtual_mailbox_maps, virtual_uid_maps, or virtual_gid_maps in postconf(5) that describes what happens if virtual_mailbox_maps has an entry for a virtual user, but virtual_uid_maps does not. What real uid is used to deliver the mail? Also, if virtual_uid_maps has an entry for a user, but virtual_gid_maps does not, how is the real gid determined? ...Marvin
Re: using virtual_uid_maps with maildrop transport
On Thu, Jul 23, 2015 at 09:08:53AM -0400, Marvin Renich wrote:
I would like to use something like
virtual_mailbox_domains = domain1.org domain2.org
virtual_uid_maps = hash:/etc/postfix/virtual_uids
virtual_transposrt = maildrop
with
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d
${user_from_virtual_uid_maps}
${user} ${domain} ${extension} ${recipient} ${nexthop}
Not possible. The virtual_uid_maps parameter is a feature of the
virtual(8) not the pipe(8) transport. And it stores a numeric uid,
not a login name.
You'll need to implement any required lookups in a wrapper
program around the underlying maildrop transport.
--
Viktor.
Re: using virtual_uid_maps with maildrop transport
* Viktor Dukhovni postfix-us...@dukhovni.org [150723 09:17]: Not possible. The virtual_uid_maps parameter is a feature of the virtual(8) not the pipe(8) transport. And it stores a numeric uid, not a login name. You'll need to implement any required lookups in a wrapper program around the underlying maildrop transport. Thanks. ...Marvin
