< Day Day Up > |
Recipe 20.15. Using Postfix's Virtual Mailbox Domains20.15.1 ProblemYou would like to host more than one domain on your Postfix server, or you want to get away from using Linux system accounts for your mail user accounts. That is, you'd like to be able to give users email accounts without having to create actual Linux accounts on your mail server. Giving out as few accounts as possible makes your systems more secure. 20.15.2 SolutionUse Postfix's virtual mailbox domains. This lets you create virtual mailboxes without having to create system user accounts. Then set up your users' logins in userdb in Courier, for either POP or IMAP. First, add these lines to /etc/postfix/main.cf, substituting your own domain name or names, and directories: virtual_mailbox_domains = tuxcomputing.com test.net foober.com virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 1000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_alias_maps = hash:/etc/postfix/virtual Now edit or create /etc/postfix/vmailbox. In this file, you pair up your usernames with their local mail storage directories, which in this example are under /var/mail/vhosts: akkana@tuxcomputing.com tuxcomputing.com/akkana/ dancer@tuxcomputing.com tuxcomputing.com/dancer/ telsa@test.net test.net/telsa/ telsa.gwynne@test.net test.net/telsa/ val.henson@foober.com foober.com/valh/ # catch-all address for the domain- you'll be sorry, # you'll get nothing but spam and virii @foober.com foober.com/catchall The trailing slashes indicate Maildirs. (Remove them to create mbox format, like in the catchall example.) Then convert the file to a Postfix lookup table: # postmap /etc/postfix/vmailbox Now you need to create your users' logins. This is done not in Postfix, but in Courier. Create or edit /etc/courier/userdb. Add your new users to /etc/courier/userdb, using the following format. Be sure to insert a tab stop after the login name, and give each one a unique UID/GID: telsa uid=1100gid=1100|home=/var/mail/vhosts/telsa|shell=/bin/bash|imappw=|pop3pw= There must be no spaces anywhere on the line. Now comes the tedious part. You need to generate a new password for each new user, using userdbpw. This example creates md5-hashed passwords: $ userdbpw -md5 Password: Reenter password: $1$G41nVriv$GzWaLKidkoVIE2DxMxHBx1 Now copy this into /etc/courier/userdb: telsa uid=1100gid=1100|home=/var/mail/vhosts/telsa|shell=/bin/bash|imappw=$1$G41nVriv$G zWaLKidkoVIE2DxMxHBx1|pop3pw=$1$G41nVriv$GzWaLKidkoVIE2DxMxHBx1 Don't forget to write down your username/password pairs! When you're finished, stop authdaemond, and convert /etc/courier/userdb file to a hashed database: # /etc/init.d/courier-authdaemon stop # makeuserdb Now configure Courier to use /etc/courier/userdb for authentication, in addition to system passwords. Do this in /etc/courier/authdaemonrc: ##NAME: authmodulelist:0 # # The authentication modules that are linked into # authdaemond. The # default list is installed. You may selectively # disable modules simply # by removing them from the following list. The # available modules you # can use are: authcustom authcram authuserdb authldap # authpgsql authmysql authpam authmodulelist="authuserdb" "authpam" Finally, restart authdaemonrc: # /etc/init.d/courier-authdaemon start Now your users can configure their mail clients, and you're done. 20.15.3 DiscussionAlways double-check filepaths, as there are some differences on the different distributions. There are four possible services that you can give users access to in /etc/courier/userdb: systempw, pop3pw, esmtppw, and imappw. Only users with system accounts can use systempw. If you like, you may limit system users to mail service only by replacing systempw with any of the other three options. If you have many domains, you can list them in a text file, one domain per line, and point virtual_mailbox_domains to the file: virtual_mailbox_domains = /etc/postfix/virtual_domains Having Courier authenticate with both /etc/courier/userdb and /etc/passwd can really slow things down. You can migrate your existing users into /etc/courier/userdb to speed up authentications. First, migrate your existing users: # /usr/sbin/pw2userdb > oldusers.text This dumps the contents of /etc/shadow into a text file, in the correct format for Courier, like this: carla uid=1000|gid=1000|home=/home/carla|shell=/bin/bash|systempw=$1$.Mi$1huUDUGHKJjs784 75fhyXg2xtoFdm0|gecos=carla schroder,,, 1000= carla www-data uid=33|gid=33|home=/var/www|shell=/bin/sh|systempw=*| gecos=www-data 33= www-data postfix uid=102|gid=102|home=/var/spool/postfix|shell=/bin/false|systempw=! 102= postfix Take this and create or edit the file /etc/courier/userdb. Simply copy and paste the entries you want to use. |
< Day Day Up > |