Hash: SHA512

I do have a solution for this - one which you probably don't want to
hear ... I keep all email separate from system accounts, for any system
accounts that are going to generate, or receive email I alias them.

On Sat, 2022-03-26 at 17:32 +0000, Mark Olbert wrote:
> The support for mixing virtual users, with fully-qualified email
> addresses, and system users could be simpler. Assuming it doesn’t mess
> up other stuff in the code base, of course 😊.

Question you are mixing virtual, and system users for domain "A" - is
this the only domain hosted on the server? If so then there is probably
an easy way to do this. Assuming you MTA is Postfix are you mixing
Virtual Mailbox Domains, Virtual Alias Domains? Virtual Alias Domains
can mix virtual accounts with UNIX system accounts:

> The problem appears to be that the PAM passwd module requires just
> user names without a domain (which makes sense given that they’re
> system users) but does not, so far as I can see, support the
> username_format argument. In my setup, the default structure of 10-
> auth.conf demonstrates this:

I see that someone else has answered this in another post - I would
refer you to them.

My approach of making all the domains I host completely virtual does
have benefits:
   1) Adding a user system account doesn't mean they get an email  
   2) Migrating email service from one machine to another is trivial 
      since all information regarding email account is kept in an external
      source (in my case LDAP, but could be another database or flat files)
   3) If you want the option to create mail accounts with system accounts
      then all you need to do is augment the solution you use for adding
      system accounts so that the appropriate entries get added where need
      be - LDAP is good for this since it can also be used to auth your
      system accounts, and with the correct additions to the schema you
      can easily flag accounts as being able to receive email or not.
      (When I met Wietse at a conference in 2006 I asked him about Postfix
       LDAP schema - he advised me to write my own, which is what I have
       done. The resulting LDAP search that Postfix carries out before
       handing messages off to Dovecot for delivery includes a check to see
       if the account is allowed to receive email at all, or if it is
       aliased to a different address). The search Dovecot runs is
       similarly enabled.

In this day and age it is odd that a system would be hosting email for a
domain for delivery to system users - normally your system users have
different email addresses for email delivery.

- -- 
Nikolai Lusan <niko...@lusan.id.au>


Reply via email to