Re: virtualizing local users

From: Ralf Hildebrandt (no email)
Date: Tue Jul 02 2002 - 01:50:30 EDT

• Next message: Jean-Pierre Schwickerath: "Re: SASL (SMTP-AUTH) and access rights of /etc/shadow"
• Previous message: Ronny Seffner: "SASL (SMTP-AUTH) and access rights of /etc/shadow"
• Maybe in reply to: Phil Howard: "virtualizing local users"
• Next in thread: Ralf Hildebrandt: "Re: virtualizing local users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, Jul 01, 2002 at 05:21:15PM -0500, Phil Howard wrote:

> How does a delivery agent "hook up" to Postfix? Is LMTP the only way,
> or can it be a dynamic library?

You can always call it using "mailbox_command" or "local_transport" or
"mailbox_transport".

> What about local_recipient_maps and/or making smtpd reject unknown users
> when the delivery is keeping separate users spaces for each domain (which
> apparently is what is called virtual).

These are just syntactical sugar.
Merely maps that rell smtpd to reject the mail right away.

> 1. Support for many domains.
>
> 2. Support for separate user name space for each domain (except where
> a domain is linked/aliased to another, then they share the user
> name space).

virtual_maps

> 3. NOT one giant map with every user at domain dot That will be too big to
> maintain. A separate map for each domain is best.

That's what you think.
It performs best wiuth one map (which can be constructed/merged from
many small map). OTOH, sql or LDAP come to mind.

> 4. Mail delivered to ${prefix}/${domain}/${user}/ in maildir format

procmail can do that. Dunno about "virtual"

> 5. If ${prefix}/${domain}/${user}/ exists, the address is valid for
> delivery. If it doesn't, then the address is non-existant.

Interesting. That would be using the FS as map.
In that case, smtpd couldn't run chrooted.

> 6. If ${prefix}/${domain}/${user}/.forward exists, obey it.

So no "virtual" LDA then.

> 7. One single system user owns everything from ${prefix}/ on down.

OK.

> To carry out some of these things, the thought I had was to write a new
> map type handler which does a lookup for an existing directory or file.

It already exists (I thinK!) as a patch.

-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Eh? Linux is luserproof? What kind of "proper" set up is that, ripping
out all removable media devices and ethernet, freezing the hard drive
spindle, encasing it in concrete and dropping it off a pier? 
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

• Next message: Jean-Pierre Schwickerath: "Re: SASL (SMTP-AUTH) and access rights of /etc/shadow"
• Previous message: Ronny Seffner: "SASL (SMTP-AUTH) and access rights of /etc/shadow"
• Maybe in reply to: Phil Howard: "virtualizing local users"
• Next in thread: Ralf Hildebrandt: "Re: virtualizing local users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]