12.3 Some Virtual Domain Details

Previous page
Table of content
Next page

Finally, here are a few virtual domain odds and ends.

12.3.1 qmail-foo Versus qmail-alias-foo

After qmail rewrites a virtual domain address into a local address, the local address is then handled just like any other address. In particular, if there's no match for the rewritten address, it's handled by ~alias. This means that if there's no local user myvirt, these two lines are equivalent:

myvirt.com:myvirt myvirt.com:alias-myvirt

Use the latter version, to make it explicit that you're not expecting the user to exist. That way if someone later creates a user myvirt, mail to that virtual domain won't mysteriously start failing.[2]

[2] Guess how I learned about this trick.

12.3.2 Local-Only Domains

If you provide a service gateway, such as mail-to-fax or mail-to-news, you'll probably want to let users on the local network use it, but not outsiders. To ensure that, create a subdomain for the gateway, (e.g., fax.example.com), but don't put the domain in the DNS. (If you have split-horizon DNS, with internal hosts seeing different data than external hosts, it's OK to put the gateway domain in the DNS visible to local hosts.) Also be sure not to put the gateway domain in rcpthosts, so that the only people who can send mail to the gateway domain are local users and authorized SMTP users who can send to nonlocal domains. Finally, in the gateway delivery program, check that the mail was sent to the virtual domain, not to the equivalent local address. If you do individual deliveries, that's easily handled in the .qmail file:

| case "$HOST" in fax|fax.example.com) exit 0 ;; *) bouncesaying "Not authorized." ;;  esac | gatewayprogram "$DEFAULT"

If you do batched delivery via a Maildir, this trick also works, because qmail treats a Maildir delivery as a program delivery using an internal program:

| case "$HOST" in fax|fax.example.com) exit 0 ;; *) bouncesaying "Not authorized." ;;  esac ./faxmaildir/

In either case, the delivery program can check the domain itself, by checking $HOST in individual deliveries or by checking the domain in the Delivered-To: line in batched gateways, but it's usually easier to check in the .qmail file so the gateway doesn't have to be coded to know what domain it's handling.

An alternate approach is to make all addresses virtual. That is, create a virtual domain for all the local mailboxes, and put something like localdomain in locals but not rcpthosts for miscellaneous, locally generated mail. If you have many local users, this approach is painful because you have to map all the users' mail from the virtual domain into their mailboxes, but it's not a bad idea on systems that are supposed to be POP toasters or gateways without local shell users.


Previous page
Table of content
Next page
qmail
qmail
ISBN: 1565926285
EAN: 2147483647
Year: 2006
Pages: 152
Authors: John R. Levine
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
A Practitioners Guide to Software Test Design
The Complete Cisco VPN Configuration Guide
Competency-Based Human Resource Management
The Oracle Hackers Handbook: Hacking and Defending Oracle
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy