http://groups.google.com/groups? ... U.edu.tw%26rnum%3D5
Message 1 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 02:43:07 PST
I am trying to virtualize the users on a new mail server.
What I mean by that is that the user names will not be listed
in the /etc/passwd file. There is another file which looks
like the first 2 fields of /etc/passwd or /etc/shadow which
contains the list of valid users. The main question is how
might I get Postfix to check this file for known users?
I do have the option to make this be virtual or not virtual
since this mail server is serving only one space of usernames
(that is, xyzzy@foo and xyzzy@bar are the same mailbox and
same user). But I have been looking through the various ways
to configure either approach and I simply don't find a way to
do this. Mail is being delivered OK, and picked up OK using
vm-pop3d as the pop3 server (which reads the alternate file
to get user passwords). So once I can get Postfix to know
the users are existing (if they are in that file), then it
should all be working.
I definitely do not want to add these users to /etc/passwd or
/etc/shadow. There are conflicts between the user space for
mail and the user space for shell logins (which have no local
mail), so this isn't an option.
I also want to avoid (means if there is no other way, then this
can be done, but I definitely want to exhaust all other possible
approaches first) having a separate file to maintain just for
Postfix to do user lookups. Basically this means if there is
a way to use the shadow file format, that's preferred, but any
map format Postfix can handle will do as a last resort.
No single configuration description pops out at me and says this
will do what I want. And I can't see any combinations that
might create the same effect. Anyone have any ideas on this?
Note that there is no virtual translation. User "xyzzy" has a
mailbox named "xyzzy" in (via symlink) /var/spool/mail in the
traditional mailbox format.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 2 in thread
寄件者:Jean-Pierre Schwickerath (lists@schwicky.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 03:03:54 PST
Phil Howard <phil-postfix-users@ipal.net> wrote:
> What I mean by that is that the user names will not be listed
> in the /etc/passwd file. There is another file which looks
> like the first 2 fields of /etc/passwd or /etc/shadow which
> contains the list of valid users. The main question is how
> might I get Postfix to check this file for known users?
There is a parameter called local_recipient_maps
--cut--
local_recipient_maps = $alias_maps unix:passwd.byname
--cut--
There you could add your file(s) in any format that postfix
understands...
Jean-Pierre
--
Powered by Linux From Scratch - http://schwicky.net
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141
Nothing is impossible... Everything is relative!
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 3 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 04:41:46 PST
On Mon, Jul 01, 2002 at 12:02:14PM +0200, Jean-Pierre Schwickerath wrote:
│ Phil Howard <phil-postfix-users@ipal.net> wrote:
│
│ > What I mean by that is that the user names will not be listed
│ > in the /etc/passwd file. There is another file which looks
│ > like the first 2 fields of /etc/passwd or /etc/shadow which
│ > contains the list of valid users. The main question is how
│ > might I get Postfix to check this file for known users?
│
│ There is a parameter called local_recipient_maps
│ --cut--
│ local_recipient_maps = $alias_maps unix:passwd.byname
│ --cut--
│
│ There you could add your file(s) in any format that postfix
│ understands...
So what do I put there to make it understand /etc/passwd format?
Is there a document or man page that lists all the formats?
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 4 in thread
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 07:57:36 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> I am trying to virtualize the users on a new mail server.
> What I mean by that is that the user names will not be listed
> in the /etc/passwd file. There is another file which looks
> like the first 2 fields of /etc/passwd or /etc/shadow which
> contains the list of valid users. The main question is how
> might I get Postfix to check this file for known users?
This is the wrong question. The right question is:
What delivery agent and POP/IMAP server combination should I use to
deliver mail to users without a shell account (not listed in /etc/passwd)?
For a specific choice of delivery agent and POP/IMAP server, what is the
best way to manage the virtual user account information?
Is it possible to enter the virtual user accounts into just one
database that will be used by all components ("smtpd" user validation,
delivery agent, POP/IMAP server)?
The most important factor is your choice of POP/IMAP server. Some can be
integrated tightly with Postfix and some cannot.
Your best bet is likely (I am not an expert on this topic, this is
my impression from recent posts to the list) Courier IMAP. There is a
patch for Postfix to enable it to use "userdb" as a Postfix map type.
Check some of the Courier HOWTO documents recently advertised on the list.
If none provide sufficient detail, perhaps someone can volunteer the
missing recipes.
Postfix has no support for "password-like" maps except /etc/passwd
accessed via getpwnam(3).
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View: Complete Thread (36 articles)
Original Format
新闻群组:mailing.postfix.users
日期:2002-07-01 08:55:35 PST
On Mon, Jul 01, 2002 at 10:56:21AM -0400, Victor.Duchovni@morganstanley.com wrote:
│ On Mon, 1 Jul 2002, Phil Howard wrote:
│
│ > I am trying to virtualize the users on a new mail server.
│ > What I mean by that is that the user names will not be listed
│ > in the /etc/passwd file. There is another file which looks
│ > like the first 2 fields of /etc/passwd or /etc/shadow which
│ > contains the list of valid users. The main question is how
│ > might I get Postfix to check this file for known users?
│
│ This is the wrong question. The right question is:
│
│ What delivery agent and POP/IMAP server combination should I use to
│ deliver mail to users without a shell account (not listed in /etc/passwd)?
The POP server is already chosen.
The answer to this question will be interesting for the next project.
But there is a different set of requirements for that one. I can post
them if you would like to offer advice on that.
│ For a specific choice of delivery agent and POP/IMAP server, what is the
│ best way to manage the virtual user account information?
│
│ Is it possible to enter the virtual user accounts into just one
│ database that will be used by all components ("smtpd" user validation,
│ delivery agent, POP/IMAP server)?
│
│
│ The most important factor is your choice of POP/IMAP server. Some can be
│ integrated tightly with Postfix and some cannot.
│
│ Your best bet is likely (I am not an expert on this topic, this is
│ my impression from recent posts to the list) Courier IMAP. There is a
│ patch for Postfix to enable it to use "userdb" as a Postfix map type.
│ Check some of the Courier HOWTO documents recently advertised on the list.
│ If none provide sufficient detail, perhaps someone can volunteer the
│ missing recipes.
Courier IMAP did not meet migration requirements for this server.
Mailbox format is required in this case so that user mail is not
lost. I will be using rsync to syncronize the mailboxes from the
old machine to the new one, then transfer IP addresses and restart.
The POP server used is vm-pop3d. It is past the time to allocate
the additional time to change the software used or to work out the
strategy to change from mailbox to maildir format. Physical move of
servers takes place 13 July. The migration must take place at the
maintenance window allocated for least user disruption.
For another project as mentioned above, Courier IMAP appears to be
a good choice. I don't know what you mean by "userdb", but then I
haven't gotten to the point of fully RTFM-ing Courier IMAP, yet.
Maybe this will all be obvious at that time.
│ Postfix has no support for "password-like" maps except /etc/passwd
│ accessed via getpwnam(3).
So the workaround is to have 2 maps, one for vm-pop3d to look up its
passwords, another for postfix to verify the existance of users. It's
something I wanted to avoid, but I have changed to another strategy
to manage accounts on this machine. It's quick and dirty. Each user
has a single file in a directory. The file contains their password.
These files are collected to construct the two needed files (and then
postmap is run to generate the hash db file Postfix will use).
At this point, Postfix is not recognizing users in the file even
though it is specified in local_recipient_maps. I just started
working on this so I haven't vetted all the possible errors, yet.
But it looks as though local_recipient_maps has no effect as it
still recognizes users that do happen to be in /etc/passwd.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
寄件者:Ralf Hildebrandt (Ralf.Hildebrandt@charite.de)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 10:09:57 PST
On Mon, Jul 01, 2002 at 10:48:03AM -0500, Phil Howard wrote:
> Courier IMAP did not meet migration requirements for this server.
> Mailbox format is required in this case so that user mail is not
> lost. I will be using rsync to syncronize the mailboxes from the
> old machine to the new one, then transfer IP addresses and restart.
Hello? There are conversion scripts for mbox -> maildir
> The POP server used is vm-pop3d. It is past the time to allocate
> the additional time to change the software used or to work out the
> strategy to change from mailbox to maildir format. Physical move of
> servers takes place 13 July. The migration must take place at the
> maintenance window allocated for least user disruption.
You can even convert on the fly! New delivery to Maildir, then, while
new mail is coming in you can still convert the old mailboxes in the
background.
--
Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt@charite.de
Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
"Java is, in many ways, C++--." - Michael Feldman.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 7 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 11:09:25 PST
On Mon, Jul 01, 2002 at 07:09:32PM +0200, Ralf Hildebrandt wrote:
│ On Mon, Jul 01, 2002 at 10:48:03AM -0500, Phil Howard wrote:
│
│ > Courier IMAP did not meet migration requirements for this server.
│ > Mailbox format is required in this case so that user mail is not
│ > lost. I will be using rsync to syncronize the mailboxes from the
│ > old machine to the new one, then transfer IP addresses and restart.
│
│ Hello? There are conversion scripts for mbox -> maildir
│
│ > The POP server used is vm-pop3d. It is past the time to allocate
│ > the additional time to change the software used or to work out the
│ > strategy to change from mailbox to maildir format. Physical move of
│ > servers takes place 13 July. The migration must take place at the
│ > maintenance window allocated for least user disruption.
│
│ You can even convert on the fly! New delivery to Maildir, then, while
│ new mail is coming in you can still convert the old mailboxes in the
│ background.
It would be nice if there was the luxury of time to go study all that.
But when an old server starts to die, you don't generally think about
"Oh, let's change the file format so we can change the POP server".
Maybe these things could be done, but it would also be prudent to test
things first, too. Given the short amount of time in this case, it is
barely enough to test a machine, OS, MTA, and POP server. Perhaps I
shouldn't have even tried to virtualize the domain at all, but it will
deal with some issues this server has had.
I do prefer the maildir format. But this wasn't the time for it.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 8 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 11:38:42 PST
On Mon, Jul 01, 2002 at 12:02:14PM +0200, Jean-Pierre Schwickerath wrote:
│ Phil Howard <phil-postfix-users@ipal.net> wrote:
│
│ > What I mean by that is that the user names will not be listed
│ > in the /etc/passwd file. There is another file which looks
│ > like the first 2 fields of /etc/passwd or /etc/shadow which
│ > contains the list of valid users. The main question is how
│ > might I get Postfix to check this file for known users?
│
│ There is a parameter called local_recipient_maps
│ --cut--
│ local_recipient_maps = $alias_maps unix:passwd.byname
│ --cut--
│
│ There you could add your file(s) in any format that postfix
│ understands...
I now have:
local_recipient_maps = hash:/etc/virtual/users
The file named "users" has each LHS with the username by itself and
the RHS with just "OK". But the names are not recognized. Names
that are in /etc/passwd are recognized even though I did not code
unix:passwd.byname on local_recipient_maps at all. It's like it
just doesn't see it at all and still uses the default.
What do I look for next?
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 9 in thread
寄件者:Jean-Pierre Schwickerath (lists@schwicky.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 12:12:46 PST
Phil Howard <phil-postfix-users@ipal.net> wrote:
> he file named "users" has each LHS with the username by itself and
> the RHS with just "OK". But the names are not recognized.
I had a look into the VIRTUAL_README file and saw you might want to try
this:
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
and fill your /etc/postfix/vmailbox file with records like
usernameusernameMailbox
so that mail for username is put into the
"/var/mail/vhosts/usernameMailbox" File
Jean-Pierre
--
Powered by Linux From Scratch - http://schwicky.net
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141
Nothing is impossible... Everything is relative!
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 10 in thread
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 12:26:50 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> local_recipient_maps = hash:/etc/virtual/users
>
> The file named "users" has each LHS with the username by itself and
> the RHS with just "OK". But the names are not recognized. Names
> that are in /etc/passwd are recognized even though I did not code
> unix:passwd.byname on local_recipient_maps at all. It's like it
> just doesn't see it at all and still uses the default.
>
> What do I look for next?
>
logs.
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
寄件者:Jean-Pierre Schwickerath (lists@schwicky.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 13:05:06 PST
Phil Howard <phil-postfix-users@ipal.net> wrote:
> This is not going in the right direction. I'm trying to find a way
> to have LESS data files hanging around.
I thought you were looking for a way not to list local users in your
/etc/passwd file but somewhere else so as to trully seperate login users
and mail users.
Jean-Pierre
--
Powered by Linux From Scratch - http://schwicky.net
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141
Nothing is impossible... Everything is relative!
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 12 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 13:58:15 PST
On Mon, Jul 01, 2002 at 03:25:22PM -0400, Victor.Duchovni@morganstanley.com wrote:
│ On Mon, 1 Jul 2002, Phil Howard wrote:
│
│ > local_recipient_maps = hash:/etc/virtual/users
│ >
│ > The file named "users" has each LHS with the username by itself and
│ > the RHS with just "OK". But the names are not recognized. Names
│ > that are in /etc/passwd are recognized even though I did not code
│ > unix:passwd.byname on local_recipient_maps at all. It's like it
│ > just doesn't see it at all and still uses the default.
│ >
│ > What do I look for next?
│ >
│
│ logs.
It says bounced, unknown user. I would be looking for something like
maybe why it can't read the file? I checked and double checked the
file permissions, and it should be able to read it. Should I make it
owned by the postfix user?
Here's what I get:
=============================================================================
Jul 1 15:55:12 rack4 postfix/smtpd[6364]: connect from vega.ipal.net[209.102.192.64]
Jul 1 15:55:12 rack4 postfix/smtpd[6364]: 72025F5: client=vega.ipal.net[209.102.192.64]
Jul 1 15:55:12 rack4 postfix/cleanup[6365]: 72025F5: message-id=<20020701205511.85C28293@vega.ipal.net>
Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
Jul 1 15:55:12 rack4 postfix/cleanup[6365]: 7E069125: message-id=<20020701205512.7E069125@rack4.intur.net>
Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 7E069125: from=<>, size=2025, nrcpt=1 (queue active)
Jul 1 15:55:14 rack4 postfix/smtp[6369]: 7E069125: to=<phil@ipal.net>, relay=vega.ipal.net[209.102.192.80], delay=2, status=sent (250 Ok: queued as 77E0F292)
=============================================================================
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 13 in thread
寄件者:Ralf Hildebrandt (Ralf.Hildebrandt@charite.de)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:03:52 PST
On Mon, Jul 01, 2002 at 03:56:20PM -0500, Phil Howard wrote:
> Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
> Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
> Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
At least we now know that "local" is involved.
Wasn't the whole idea NOT to use "local" but some other LDA, like
"virtual"?
--
Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt@charite.de
Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
I wish you'd tell me what kind of systems they're using instead,
because HP can't be doing much worse than Sun "would you like the
compiler or internet options with that" Microsystems, or Silicon "hey
be glad the support-contract number isn't a 1-900" Graphics. Then
there's Digital "It sucks in 64 bits, you can't suck in 64 bits
anywhere else" Equipment Corp (Did we mention it's 64 bits?).
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 14 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:39:00 PST
On Mon, Jul 01, 2002 at 10:03:54PM +0200, Jean-Pierre Schwickerath wrote:
│ Phil Howard <phil-postfix-users@ipal.net> wrote:
│
│ > This is not going in the right direction. I'm trying to find a way
│ > to have LESS data files hanging around.
│
│ I thought you were looking for a way not to list local users in your
│ /etc/passwd file but somewhere else so as to trully seperate login users
│ and mail users.
There were two, and now three. But I don't see the point in having
a map that translates x -> x for every different user.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 15 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:40:39 PST
On Mon, Jul 01, 2002 at 10:59:28PM +0200, Ralf Hildebrandt wrote:
│ On Mon, Jul 01, 2002 at 03:56:20PM -0500, Phil Howard wrote:
│
│ > Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
│ > Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
│ > Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
│
│ At least we now know that "local" is involved.
│ Wasn't the whole idea NOT to use "local" but some other LDA, like
│ "virtual"?
But it is local. Just not the same user base as the system.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 16 in thread
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:45:29 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> It says bounced, unknown user. I would be looking for something like
> maybe why it can't read the file? I checked and double checked the
> file permissions, and it should be able to read it. Should I make it
> owned by the postfix user?
>
> Here's what I get:
> =============================================================================
> Jul 1 15:55:12 rack4 postfix/smtpd[6364]: connect from vega.ipal.net[209.102.192.64]
> Jul 1 15:55:12 rack4 postfix/smtpd[6364]: 72025F5: client=vega.ipal.net[209.102.192.64]
> Jul 1 15:55:12 rack4 postfix/cleanup[6365]: 72025F5: message-id=<20020701205511.85C28293@vega.ipal.net>
> Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
> Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
> Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
> Jul 1 15:55:12 rack4 postfix/cleanup[6365]: 7E069125: message-id=<20020701205512.7E069125@rack4.intur.net>
> Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 7E069125: from=<>, size=2025, nrcpt=1 (queue active)
> Jul 1 15:55:14 rack4 postfix/smtp[6369]: 7E069125: to=<phil@ipal.net>, relay=vega.ipal.net[209.102.192.80], delay=2, status=sent (250 Ok: queued as 77E0F292)
> =============================================================================
>
This is finally useful. Please examine your logs closely. The bounce is
from the "local" delivery agent, not from "smtpd". So local_recipient_maps
is not the issue. Delivery for the domain is being passed to the "local"
delivery agent. The local delivery agent does deliver to non-shell users
(what uid should the mailbox belong to? what user should pipes in .forward
files run as? ...)
What delivery agent are you expecting to use?
Your choices are:
virtual- Postfix virtual delivery agent
maildrop - Courier delivery agent
deliver - Cyrus delivery agent
whatever comes with your POP server?
...
Each of these delivery agents has its own database format. Set up the
appropriate transport table entries (or redefine local_transport) and
configure any necessary delivery agent tables.
As I said the first time, the answer depends on your choice of delivery
agent which ties into your choice of POP/IMAP server.
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 17 in thread
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:48:19 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> On Mon, Jul 01, 2002 at 10:59:28PM +0200, Ralf Hildebrandt wrote:
>
> │ On Mon, Jul 01, 2002 at 03:56:20PM -0500, Phil Howard wrote:
> │
> │ > Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
> │ > Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
> │ > Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
> │
> │ At least we now know that "local" is involved.
> │ Wasn't the whole idea NOT to use "local" but some other LDA, like
> │ "virtual"?
>
> But it is local. Just not the same user base as the system.
>
Sadly you misundertood the "local" delivery agent. Its input namespace
is the set of local shell accounts + any aliases. Its output namespace
(mailboxes it delivers *to*) is just the space of shell acounts.
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 18 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 14:54:51 PST
On Mon, Jul 01, 2002 at 10:59:28PM +0200, Ralf Hildebrandt wrote:
│ On Mon, Jul 01, 2002 at 03:56:20PM -0500, Phil Howard wrote:
│
│ > Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
│ > Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
│ > Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
│
│ At least we now know that "local" is involved.
│ Wasn't the whole idea NOT to use "local" but some other LDA, like
│ "virtual"?
Obviously I've picked the wrong concept here. If "local" and
"virtual" can't be the same thing, I'm not sure how to get this
done.
When a very basic simple one-host setup is done, I don't have to
use a map which translates a username to path (file for mailbox or
directory for maildir). So why should it be different for virtual?
Oh I know, because of the traditional kludge to fake virtual that
originated with sendmail, where user@domain was translated to a
local system user. But I don't need that. If local can deliver
to /var/spool/mail/${user} why not allow something to deliver to
/var/spool/vmail/${domain}/${user}. This would be such a simple
concept and not need a map file (but certain you can have one that
can override the default for the cases where you want something
different done).
It looks like what I need to do is abandon virtualizing on this
server, and address how I want to set up the NEXT project. It seems
figuring things out is going to take more time than I thought. The
next project does have more time, though not enough time to develop
a new MTA for it. Now would it be better for me to try to figure it
out and have others fix my mistakes, or explain it up front and let
you tell me what concept in Postfix matches up to it (if any)?
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 19 in thread
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 15:05:16 PST
On Mon, Jul 01, 2002 at 05:46:42PM -0400, Victor.Duchovni@morganstanley.com wrote:
│ On Mon, 1 Jul 2002, Phil Howard wrote:
│
│ > On Mon, Jul 01, 2002 at 10:59:28PM +0200, Ralf Hildebrandt wrote:
│ >
│ > │ On Mon, Jul 01, 2002 at 03:56:20PM -0500, Phil Howard wrote:
│ > │
│ > │ > Jul 1 15:55:12 rack4 postfix/qmgr[6337]: 72025F5: from=<phil@ipal.net>, size=508, nrcpt=1 (queue active)
│ > │ > Jul 1 15:55:12 rack4 postfix/smtpd[6364]: disconnect from vega.ipal.net[209.102.192.64]
│ > │ > Jul 1 15:55:12 rack4 postfix/local[6367]: 72025F5: to=<ka9wgn@rack4.intur.net>, relay=local, delay=0, status=bounced (unknown user: "ka9wgn")
│ > │
│ > │ At least we now know that "local" is involved.
│ > │ Wasn't the whole idea NOT to use "local" but some other LDA, like
│ > │ "virtual"?
│ >
│ > But it is local. Just not the same user base as the system.
│ >
│
│ Sadly you misundertood the "local" delivery agent. Its input namespace
│ is the set of local shell accounts + any aliases. Its output namespace
│ (mailboxes it delivers *to*) is just the space of shell acounts.
So what should I be using to deliver the mail into mailboxes on the local
machine, where the mailbox is a name exactly the same as the user part
of the address, appended to a path (/var/spool/mail), where every mailbox
is owned by one specific system user. The mailed-to users do not have
home directories, so there is no .forward file. If there are any addresses
that need to be forwarded to some other, a map for that is good, but if
the address is not found in the map, it should just be delivered normally.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
Message 20 in thread
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 15:05:29 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> Obviously I've picked the wrong concept here. If "local" and
> "virtual" can't be the same thing, I'm not sure how to get this
> done.
This is the first step, knowing what you don't know.
>
> When a very basic simple one-host setup is done, I don't have to
> use a map which translates a username to path (file for mailbox or
> directory for maildir). So why should it be different for virtual?
> Oh I know, because of the traditional kludge to fake virtual that
> originated with sendmail, where user@domain was translated to a
> local system user. But I don't need that. If local can deliver
> to /var/spool/mail/${user} why not allow something to deliver to
> /var/spool/vmail/${domain}/${user}. This would be such a simple
> concept and not need a map file (but certain you can have one that
> can override the default for the cases where you want something
> different done).
>
The "virtual" delivery agent is not very sophisticated. I believe that
this is in part because most sites don't use it! It is not very useful by
itself, and a complete POP/IMAP product (such as Cyrus or Courier) comes
with a dedicated delivery agent.
> It looks like what I need to do is abandon virtualizing on this
> server, and address how I want to set up the NEXT project. It seems
> figuring things out is going to take more time than I thought. The
> next project does have more time, though not enough time to develop
> a new MTA for it. Now would it be better for me to try to figure it
> out and have others fix my mistakes, or explain it up front and let
> you tell me what concept in Postfix matches up to it (if any)?
>
Yes, for now it may be simplest to deliver using "local" to shell accounts
listed in /etc/passwd. Some of us think that migrating to Courier is not
too difficult given the availability of decent HOWTO documents, but a
conservative step-by-step approach is wise. First get your server working,
then teach it new tricks.
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View this article only
新闻群组:mailing.postfix.users
日期:2002-07-01 15:21:44 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> So what should I be using to deliver the mail into mailboxes on the local
> machine, where the mailbox is a name exactly the same as the user part
> of the address, appended to a path (/var/spool/mail), where every mailbox
> is owned by one specific system user. The mailed-to users do not have
> home directories, so there is no .forward file. If there are any addresses
> that need to be forwarded to some other, a map for that is good, but if
> the address is not found in the map, it should just be delivered normally.
>
Use a better (than "virtual") delivery agent which comes with your virtual
user POP/IMAP server.
The simplest configuration with the bundled VDA is to use the "static" map
for virtual_uid_maps and virtual_gid_maps. Then use a suitable map type
(perhaps MySQL or "userdb" to share data with the POP/IMAP server) to
manage just virtual_mailbox_maps.
There is no support for a "/some/path/%d/%u" format template in the
virtual delivery agent which ships with Postfix.
--
Viktor.
寄件者:Phil Howard (phil-postfix-users@ipal.net)
主旨:Re: virtualizing local users
View: Complete Thread (36 articles)
Original Format
新闻群组:mailing.postfix.users
日期:2002-07-01 15:22:16 PST
On Mon, Jul 01, 2002 at 06:03:42PM -0400, Victor.Duchovni@morganstanley.com wrote:
│ On Mon, 1 Jul 2002, Phil Howard wrote:
│
│ > Obviously I've picked the wrong concept here. If "local" and
│ > "virtual" can't be the same thing, I'm not sure how to get this
│ > done.
│
│ This is the first step, knowing what you don't know.
│
│ >
│ > When a very basic simple one-host setup is done, I don't have to
│ > use a map which translates a username to path (file for mailbox or
│ > directory for maildir). So why should it be different for virtual?
│ > Oh I know, because of the traditional kludge to fake virtual that
│ > originated with sendmail, where user@domain was translated to a
│ > local system user. But I don't need that. If local can deliver
│ > to /var/spool/mail/${user} why not allow something to deliver to
│ > /var/spool/vmail/${domain}/${user}. This would be such a simple
│ > concept and not need a map file (but certain you can have one that
│ > can override the default for the cases where you want something
│ > different done).
│ >
│
│ The "virtual" delivery agent is not very sophisticated. I believe that
│ this is in part because most sites don't use it! It is not very useful by
│ itself, and a complete POP/IMAP product (such as Cyrus or Courier) comes
│ with a dedicated delivery agent.
How does a delivery agent "hook up" to Postfix? Is LMTP the only way,
or can it be a dynamic library?
What about local_recipient_maps and/or making smtpd reject unknown users
when the delivery is keeping separate users spaces for each domain (which
apparently is what is called virtual).
│ > It looks like what I need to do is abandon virtualizing on this
│ > server, and address how I want to set up the NEXT project. It seems
│ > figuring things out is going to take more time than I thought. The
│ > next project does have more time, though not enough time to develop
│ > a new MTA for it. Now would it be better for me to try to figure it
│ > out and have others fix my mistakes, or explain it up front and let
│ > you tell me what concept in Postfix matches up to it (if any)?
│ >
│
│ Yes, for now it may be simplest to deliver using "local" to shell accounts
│ listed in /etc/passwd. Some of us think that migrating to Courier is not
│ too difficult given the availability of decent HOWTO documents, but a
│ conservative step-by-step approach is wise. First get your server working,
│ then teach it new tricks.
Once the server is working, it won't be changed for a while.
But, there is the next project. This is what it needs:
1. Support for many domains.
2. Support for separate user name space for each domain (except where
a domain is linked/aliased to another, then they share the user
name space).
3. NOT one giant map with every user@domain. That will be too big to
maintain. A separate map for each domain is best.
4. Mail delivered to ${prefix}/${domain}/${user}/ in maildir format
5. If ${prefix}/${domain}/${user}/ exists, the address is valid for
delivery. If it doesn't, then the address is non-existant.
6. If ${prefix}/${domain}/${user}/.forward exists, obey it.
7. One single system user owns everything from ${prefix}/ on down.
To carry out some of these things, the thought I had was to write a new
map type handler which does a lookup for an existing directory or file.
The "name" for the map will actually be a complex specification that
tells the path, what to return if the file object does not exist, what
to return if it is a directory, and what to return if it is a file with
a special code to indicate that the file should be read and its content
be returned. Then Postfix can think it is a map, but it's just a directory.
Users will be added/deleted/changed by web CGI programs. Rebuilding a
whole map is a bad idea in this case.
--
-----------------------------------------------------------------
│ Phil Howard - KA9WGN │ Dallas │ http://linuxhomepage.com/ │
│ phil-nospam@ipal.net │ Texas, USA │ http://phil.ipal.org/ │
-----------------------------------------------------------------
寄件者:Victor.Duchovni@morganstanley.com (Victor.Duchovni@morganstanley.com)
主旨:Re: virtualizing local users
View: Complete Thread (36 articles)
Original Format
新闻群组:mailing.postfix.users
日期:2002-07-01 18:43:47 PST
On Mon, 1 Jul 2002, Phil Howard wrote:
> How does a delivery agent "hook up" to Postfix? Is LMTP the only way,
> or can it be a dynamic library?
Either LMTP, or a UNIX command line invocation via "pipe" (the
delivery agents that come with Postfix use the internal queue manager <->
delivery agent IPC, they also directly touch the queue file and bounce
logs). The internal interfaces are not documented and are subject to
change, so at this time only "LMTP" and "pipe" are suitable for
"third-party" delivery agents. In practice this is good enough.
>
> What about local_recipient_maps and/or making smtpd reject unknown users
> when the delivery is keeping separate users spaces for each domain (which
> apparently is what is called virtual).
>
If the VDA recipient tables are available via a suitable Postfix map type,
"smtpd" can validate recipients against these tables. The "userdb" format
used by Courier is available (via a patch) as a Postfix map type. One day
there may be an interface for dynamically loading new map types.
> 1. Support for many domains.
>
> 2. Support for separate user name space for each domain (except where
> a domain is linked/aliased to another, then they share the user
> name space).
Any VDA will do 1 & 2.
>
> 3. NOT one giant map with every user@domain. That will be too big to
> maintain. A separate map for each domain is best.
Your intuition is wrong here. Searching multiple (possible hundreds) of
maps for a single key scales poorly. In fact one single map is best.
Making a sensible front-end tool that provides per domain views is a
separate problem (can use say "select ... where ..."). A good IMAP server
comes with virtual user and virtual domain administration tools.
>
> 4. Mail delivered to ${prefix}/${domain}/${user}/ in maildir format
Any VDA will do this, but for some the mailboxes for each user may need to
be explicitly mapped to the appropriate path.
>
> 5. If ${prefix}/${domain}/${user}/ exists, the address is valid for
> delivery. If it doesn't, then the address is non-existant.
This cannot be done from "smtpd", it needs to be able to run "chrooted"
and with low privileges. You need a map to validate the users. Surely
users need a password entry to read their mail, so a path entry for their
mailbox is not asking too much. Any multi-column database (MySQL, LDAP,
userdb, ...) will be able to all the necessary data in one row per user.
>
> 6. If ${prefix}/${domain}/${user}/.forward exists, obey it.
This is available with some VDAs (but not the "virtual" delivery
agent bundled with Postfix).
>
> 7. One single system user owns everything from ${prefix}/ on down.
$virtual_uid_maps = static:12345
$virtual_gid_maps = static:12345
> To carry out some of these things, the thought I had was to write a new
> map type handler which does a lookup for an existing directory or file.
> The "name" for the map will actually be a complex specification that
> tells the path, what to return if the file object does not exist, what
> to return if it is a directory, and what to return if it is a file with
> a special code to indicate that the file should be read and its content
> be returned. Then Postfix can think it is a map, but it's just a directory.
>
This will not work because of "chroot" and security issues. Just drive
both the VDA and Postfix from a shared "userdb", MySQL or LDAP database.
> Users will be added/deleted/changed by web CGI programs. Rebuilding a
> whole map is a bad idea in this case.
>
Berkeley DB maps support incremental insertion, but this is not
crashproof unless you turn on logging and transactions, doing Postfix
compatible locking may also be an issue, also Postfix may need to open
the map with logging and transactions turned on in order to do crash
recovery, this is not the case with the current Berkeley DB <-> Postfix
glue. For live incremental updates your best may be LDAP, MySQL or (via a
patch) PostSQL.
Note on the other hand that even large Berkeley DB maps can be rebuilt
from scratch very quickly (5s on my machine for ~16MB on disk .db file
with ~140000 records). If you build a copy of the map, open it, sync it,
and rename it, you have a light weight crash-proof (atomic) Berkeley DB
rebuild. If this happens infrequently (less than once every 5 minutes) you
will be better off with Berkeley DB than with any complex/slow DBMS than
supports incremental insertion of records.
Does anyone else have good experiences with other dynamic map types that
support efficient frequent incremental rebuilds and are robust against
crashes?
[ Michael Tokarev: how quickly does your tinycdb build large maps ~100000
rows ~16 MB image ].
--
Viktor.
-
To unsubscribe, send mail to majordomo@postfix.org with content
(not subject): unsubscribe postfix-users
|
发表于 2002-11-12 04:19
|