From: Wietse Venema (no email)
Date: Tue Nov 27 2007 - 09:41:19 EST
Kirk Strauser:
> On Monday 26 November 2007, Kirk Strauser wrote:
> > My local delivery is via Cyrus, and I'm trying to get Postfix to use
> > sasldb2 for local_recipient_maps. I'm running into a problem with
> > spurious results from postmap. For example:
> >
> > $ sudo postmap -s /usr/local/etc/sasldb2 | grep ^joeuser
> > joeuser joepassword
> > $ sudo postmap -q joeuser /usr/local/etc/sasldb2
> > <blank>
> >
> > It seems to find joeuser whenever it's dumping all the items, but when
> > it's actually *looking* for joeuser, nada. Am I doing something wrong?
>
> Never being one to shy away from over-engineering, I wrote a Makefile to
> sync my sasldb to a local_recipients hash:
>
> ########
> SASLDB=/usr/local/etc/sasldb2
> POSTCONF=/usr/local/etc/postfix
> RECIPIENTS=${POSTCONF}/local_recipients
> VIRTUAL=${POSTCONF}/virtual
>
> all: virtual.db local_recipients.db
>
> virtual.db: virtual
> postmap ${VIRTUAL}
>
> local_recipients.db: virtual
This should be: local_recipients.db: ${SASLDB}
> postmap -s ${SASLDB} > ${RECIPIENTS}
> postmap ${RECIPIENTS}
> ########
In the light of the other thread of password exposures, this would
also help. It avoids copying passwords to the recipients table.
local_recipients.db: ${SASLDB}
postmap -s ${SASLDB} | awk '{print $1,"x"}' > ${RECIPIENTS}.new
postmap ${RECIPIENTS}.new
mv ${RECIPIENTS}.new.db ${RECIPIENTS}.db
It also protects against empty recipient files when ${SASLDB} can't
be dumped for some reason.
Wietse
|
|
|