Virtual users @ virtual domains / better documentation?
Matt Anton
matt at lv223.org
Mon Mar 15 13:21:00 EET 2021
Le Tue, 09 Mar 2021 08:47:12 -0900,
justina colmena ~biz <justina at colmena.biz> a écrit :
> If the $virtual_alias_maps directive invalidates virtual mailboxes,
> then "the usual" aliases (postmaster@, etc.) for the virtual domains
> would have to be listed in
> /etc/aliases
> along with the non-virtual aliases, but this does not work either,
> and generates a warning when "newaliases" is run.
>
> postalias: warning: /etc/aliases, line 99: name must be local
>
> So as far as I can tell, no aliasing at all is available for
> "virtual_mailbox_domains" in postfix
/etc/aliases for local alias only. Use "virtual_alias_maps =
hash:$config_directory/virtual" for virtual addresses
(left-hand) resolution to virtual and or (local addresses if need to)
(right-hand) on this table.
Then set in postfix main.cf the *_transport:
virtual_transport = lmtp:unix:private/dovecot-lmtp # this path is
relative to /var/spool/postfix/
mailbox_transport = ${virtual_transport}
> I am still unsure how to authenticate the virtual users on postfix.
> PAM authentication works fine for non-virtual users. The following
> command gives two options for authentication: cyrus-sasl and
> dovecot-sasl.
>
> # postconf -a
> cyrus
> dovecot
>
> Postfix also works with cyrus-sasl if the passwords are set in
> "/etc/sasldb2" via the "saslpasswd2" command, but dovecot doesn't
> seem to work with cyrus-sasl, and has its own type of sasl
> authentication.
>
> I realize this is not a postfix list, so my real question here is,
> What do I need in order for dovecot to authenticate the virtual users
> and allow them to read their mail and obtain authorization to send
> mail via postfix on the same system?
cyrus-sasl isn't needed if you're running dovecot (dovecot does provide
an SASL authentication socket).
From postfix view, use in main.cf:
smtpd_sasl_security_options = noanymous, noactive, nodictionary
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth # this path is relative to
/var/spool/postfix/
From dovecot view, configure a service auth:
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
Then for your virtual users, you'll need to maintain a virtual users
table backend (be it flat file, SQL, etc.):
<https://doc.dovecot.org/configuration_manual/authentication/>
--
matt [at] lv223.org
GPG key ID: 7D91A8CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: Signature digitale OpenPGP
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210315/95b3ceca/attachment-0001.sig>
More information about the dovecot
mailing list