Virtual users @ virtual domains / better documentation?

Piotr Auksztulewicz dcml at hasiok.net
Tue Mar 9 21:12:13 EET 2021 

> I have configured postfix so it will deliver mail to virtual mailboxes. For 
> some reason, the mail is not delivered to the virtual mailboxes unless both 
> $virtual_alias_domains and $virtual_alias_maps are left undefined: these 
> directives are apparently for aliasing virtual users "@" virtual domains to 
> "real" unix users on the local system.
> 
> --%%==
> # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
> #
> # The VIRTUAL_README document gives information about the many forms
> # of domain hosting that Postfix supports.
> virtual_mailbox_domains = domain1.example.org domain2.example.com
> virtual_transport = virtual
> #virtual_alias_domains = domain1.example.org domain2.example.com
> virtual_mailbox_base = /var/mail/vhosts
> virtual_mailbox_maps = hash:/etc/postfix/vmailbox
> virtual_minimum_uid = 100
> virtual_uid_maps = static:5000
> virtual_gid_maps = static:5000
> #virtual_alias_maps = hash:/etc/postfix/virtual
> ==%--

First of all I won't recommend using native postfix 'virtual'
delivery agent, if you already have dovecot as the mailbox server.
It will work ok, as long as you use standard mailbox or maildir
store in dovecot, but does not allow to use some dovecot-specific
options, does not allow more modern storage formats (dbox),
does not update indexes at delivery time and does not allow to run
sieve scripts.

IMO it's better to use either dovecot-lda configured as
a postfix 'pipe' service, or LMTP.

> If the $virtual_alias_maps directive invalidates virtual mailboxes, then "the 
> usual" aliases (postmaster@, etc.) for the virtual domains would have to be 
> listed in
>     /etc/aliases
> along with the non-virtual aliases, but this does not work either, and 
> generates a warning when "newaliases" is run.
> 
> postalias: warning: /etc/aliases, line 99: name must be local
> 
> So as far as I can tell, no aliasing at all is available for 
> "virtual_mailbox_domains" in postfix

Yes, there's no easy way to do aliases in postfix for a domain
that's declared as virtual_mailbox. You can alias virtual_mailbox
domain addresses to local adresses, virtual_alias to virtual_mailbox,
but not virtual_mailbox to virtual_mailbox, if I am correct.

If you switch to dovecot-lda or LMTP, the aliases are best handled
on the dovecot side by appropriate userdb setup. Using a database
is handy. You could also setup virtual_mailbox_maps in postfix to
use the same database so you have the same source of data.
For my small setup I use sqlite, but one could use mysql.

> I am still unsure how to authenticate the virtual users on postfix. PAM 
> authentication works fine for non-virtual users. The following command 
> gives two options for authentication: cyrus-sasl and dovecot-sasl.
> 
>     # postconf -a
>     cyrus
>     dovecot
> 

Use smtpd_sasl_* settings and configure dovecot to provide
auth listener socket (either UNIX or TCP).

-- 
Piotr "Malgond" Auksztulewicz                     firstname at lastname.net

More information about the dovecot mailing list