Re: Virtual users @ virtual domains / better documentation?

Mon, 15 Mar 2021 08:22:49 -0700 

Le Tue, 09 Mar 2021 08:47:12 -0900,
justina colmena ~biz <just...@colmena.biz> a écrit :

> If the $virtual_alias_maps directive invalidates virtual mailboxes,
> then "the usual" aliases (postmaster@, etc.) for the virtual domains
> would have to be listed in
>     /etc/aliases
> along with the non-virtual aliases, but this does not work either,
> and generates a warning when "newaliases" is run.
> 
> postalias: warning: /etc/aliases, line 99: name must be local
> 
> So as far as I can tell, no aliasing at all is available for 
> "virtual_mailbox_domains" in postfix

/etc/aliases for local alias only. Use "virtual_alias_maps =
hash:$config_directory/virtual" for virtual addresses
(left-hand) resolution to virtual and or (local addresses if need to)
(right-hand) on this table.

Then set in postfix main.cf the *_transport:
virtual_transport = lmtp:unix:private/dovecot-lmtp # this path is
relative to /var/spool/postfix/
mailbox_transport = ${virtual_transport}

> I am still unsure how to authenticate the virtual users on postfix.
> PAM authentication works fine for non-virtual users. The following
> command gives two options for authentication: cyrus-sasl and
> dovecot-sasl.
> 
>     # postconf -a
>     cyrus
>     dovecot
> 
> Postfix also works with cyrus-sasl if the passwords are set in
> "/etc/sasldb2" via the "saslpasswd2" command, but dovecot doesn't
> seem to work with cyrus-sasl, and has its own type of sasl
> authentication.
> 
> I realize this is not a postfix list, so my real question here is,
> What do I need in order for dovecot to authenticate the virtual users
> and allow them to read their mail and obtain authorization to send
> mail via postfix on the same system?

cyrus-sasl isn't needed if you're running dovecot (dovecot does provide
an SASL authentication socket).

From postfix view, use in main.cf:
smtpd_sasl_security_options = noanymous, noactive, nodictionary
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth # this path is relative to
/var/spool/postfix/

From dovecot view, configure a service auth:

service auth {
    unix_listener /var/spool/postfix/private/auth {
      group = postfix
      mode = 0660
      user = postfix
    }
}

Then for your virtual users, you'll need to maintain a virtual users
table backend (be it flat file, SQL, etc.):

<https://doc.dovecot.org/configuration_manual/authentication/>

-- 
matt [at] lv223.org
GPG key ID: 7D91A8CA

Attachment: pgpIp2syB7yiH.pgp
Description: Signature digitale OpenPGP

Reply via email to