My first time on list I appologise in advance for not just submitting a
patch to problem, but I haven't coded C in about 12 years. I realize this
would require someone to have access to a freebsd machine, patch code, and
wait for a recompile to test, and I do appreciate time to do this. However
I have coded a few MTA's in perl linking in C libevent libraries in last
few years, so I can help where I can.
Noticed from email te...@test.com should have been te...@test2.com.
I decided to retire qmail I have been running for last 10 years, its just
to problematic to maintain anymore especially with ipv6 patches breaking
rbls, not counting 10 patches needed on top of default source code.
I was researching postfix against exim, and postfix seems to have biggest
following, happy to be apart of the group and get a basic webhosting
solution figured out here with postfix+mysql+courier imap. Have most of it
implemented now, just a couple quirks to workout :) Love to hear from
anyone else's experiences with the setup with many users, as I am comming
from the qmail+vpopmail days...
Dan.
On Tue, 30 Nov 2010, Dan wrote:
As you request:
postfix -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
config_directory = /usr/local/etc/postfix
debug_peer_level = 2
header_checks = regexp:$config_directory/header_checks
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = sunsaturn.com sunsaturn.sunsaturn.com localhost test.com
mydomain = test.com
myhostname = test.com
mynetworks = $config_directory/mynetworks
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = inet:localhost:10026
readme_directory = /usr/local/share/doc/postfix
relay_domains = permit_sasl_authenticated, permit_mynetworks
sample_directory = /usr/local/etc/postfix
sender_dependent_default_transport_maps =
mysql:$config_directory/mysql_outgoing.cf
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP
smtpd_milters = inet:localhost:10026
smtpd_recipient_restrictions = check_sender_access
hash:$config_directory/badmailfrom,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client
bl.spamcop.net,reject_rbl_client zen.spamhaus.org,reject_rbl_client
cbl.abuseat.org,reject_rbl_client psbl.surriel.com
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:$config_directory/mysql_aliases.cf
virtual_gid_maps = mysql:$config_directory/mysql_gids.cf
virtual_mailbox_base = /website/vuser
virtual_mailbox_domains = mysql:$config_directory/mysql_domains.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:$config_directory/mysql_mailbox.cf
virtual_minimum_uid = 2002
virtual_uid_maps = mysql:$config_directory/mysql_uids.cf
Mysql relevant table entries:
email domain maildir
te...@test.com test2.com test2.com/test2/Maildir/
uid gid
2003 2001
Great lets start with completely empty /website/vuser:
sunsaturn:~# rm -rf /website/vuser/*
sunsaturn:~# ls -al /website/vuser/
total 4K
drwxrwxrwx 2 postfix postfix 512 Nov 30 19:21 .
drwxr-xr-x 44 517 wheel 1024 Nov 30 04:10 ..
sunsaturn:~# chmod 755 /website/vuser; chown postfix /website/vuser
sunsaturn:~# ls -ald /website/vuser/
drwxr-xr-x 2 postfix postfix 512 Nov 30 19:21 /website/vuser/
sunsaturn:~#
Now lets see the permissions problem:
sunsaturn:~# echo test| mail te...@test2.com
sunsaturn:~# tail -10 /var/log/maillog
Nov 30 19:22:52 sunsaturn postfix/pickup[21923]: 3EA8C119C56: uid=0
from=<root>
Nov 30 19:22:52 sunsaturn postfix/cleanup[23168]: 3EA8C119C56:
message-id=<20101201012252.3ea8c119...@test.com>
Nov 30 19:22:52 sunsaturn dkim-filter[77781]: 3EA8C119C56 ADSP query: missing
parameter(s) in policy data
Nov 30 19:22:52 sunsaturn dkim-filter[77781]: 3EA8C119C56: no signature data
Nov 30 19:22:52 sunsaturn postfix/qmgr[10416]: 3EA8C119C56:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: warning: maildir access
problem for UID/GID=2003/2001: create maildir file
/website/vuser/test2.com/test2/Maildir/tmp/1291166572.P23170.sunsaturn.com:
Permission denied
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: warning: perhaps you need
to create the maildirs in advance
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: 3EA8C119C56:
to=<te...@test2.com>, relay=virtual, delay=0.07, delays=0.03/0.02/0/0.02,
dsn=4.2.0, status=deferred (maildir delivery failed: create maildir file
/website/vuser/test2.com/test2/Maildir/tmp/1291166572.P23170.sunsaturn.com:
Permission denied)
sunsaturn:~#
Here we see problem for creating first directory under /website/vuser
Now lets chmod 777 /website/vuser so that it can create directories under
UID/GID=2003/2001 as it wants but in fact see that gid never is 2001.
Gid 2001 under my system is vuser:
sunsaturn:~# grep 2001 /etc/group
vuser:*:2001:
sunsaturn:~# chmod 777 /website/vuser; cd /website/vuser
sunsaturn:/website/vuser# echo test| mail te...@test2.com
How from logs we can see it actually gets delivered:
Nov 30 19:28:03 sunsaturn postfix/qmgr[10416]: DC276119C60:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:28:03 sunsaturn postfix/virtual[23237]: DC276119C60:
to=<te...@test2.com>, relay=virtual, delay=0.01, delays=0.01/0/0/0,
dsn=2.0.0, status=sent (delivered to maildir)
Nov 30 19:28:03 sunsaturn postfix/qmgr[10416]: DC276119C60: removed
Nov 30 19:29:03 sunsaturn postfix/qmgr[10416]: 3EA8C119C56:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:29:03 sunsaturn postfix/virtual[23237]: 3EA8C119C56:
to=<te...@test2.com>, relay=virtual, delay=372, delays=372/0/0/0, dsn=2.0.0,
status=sent (delivered to maildir)
Nov 30 19:29:03 sunsaturn postfix/qmgr[10416]: 3EA8C119C56: removed
So lets check file structure:
sunsaturn:/website/vuser# ls -al
total 6K
drwxrwxrwx 3 postfix postfix 512 Nov 30 19:28 .
drwxr-xr-x 44 517 wheel 1024 Nov 30 04:10 ..
drwx------ 3 2003 postfix 512 Nov 30 19:28 test2.com
sunsaturn:/website/vuser# ls
test2.com
sunsaturn:/website/vuser# find test2.com|xargs ls -al
-rw------- 1 2003 postfix 347 Nov 30 19:28
test2.com/test2/Maildir/new/1291166883.V59Ib97008M906598.sunsaturn.com
-rw------- 1 2003 postfix 347 Nov 30 19:29
test2.com/test2/Maildir/new/1291166943.V59Ib97001M911353.sunsaturn.com
test2.com:
total 6
drwx------ 3 2003 postfix 512 Nov 30 19:28 .
drwxrwxrwx 3 postfix postfix 512 Nov 30 19:28 ..
drwx------ 3 2003 postfix 512 Nov 30 19:28 test2
test2.com/test2:
total 6
drwx------ 3 2003 postfix 512 Nov 30 19:28 .
drwx------ 3 2003 postfix 512 Nov 30 19:28 ..
drwx------ 5 2003 postfix 512 Nov 30 19:28 Maildir
test2.com/test2/Maildir:
total 10
drwx------ 5 2003 postfix 512 Nov 30 19:28 .
drwx------ 3 2003 postfix 512 Nov 30 19:28 ..
drwx------ 2 2003 postfix 512 Nov 30 19:28 cur
drwx------ 2 2003 postfix 512 Nov 30 19:29 new
drwx------ 2 2003 postfix 512 Nov 30 19:29 tmp
test2.com/test2/Maildir/cur:
total 4
drwx------ 2 2003 postfix 512 Nov 30 19:28 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
test2.com/test2/Maildir/new:
total 8
drwx------ 2 2003 postfix 512 Nov 30 19:29 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
-rw------- 1 2003 postfix 347 Nov 30 19:28
1291166883.V59Ib97008M906598.sunsaturn.com
-rw------- 1 2003 postfix 347 Nov 30 19:29
1291166943.V59Ib97001M911353.sunsaturn.com
test2.com/test2/Maildir/tmp:
total 4
drwx------ 2 2003 postfix 512 Nov 30 19:29 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
sunsaturn:/website/vuser#
We can clearly see here that postfix changed uid correctly as defined by
virtual_uid_maps entry but ignored virtual_gid_maps completely.
Hope this is detailed enough, let me know if you need anything more.
Seems to me gid problem is because effective userid is being changed
but effective gid is not, I am not sure if this is just freebsd related or
not.
As for first problem unable to create initial directory, my suggestion is if
mkdir fails under effective UID first time, then add if statement to change
effective uid to root, make first directory, chown it to effective user id,
then repeat.
Dan.
On Tue, 30 Nov 2010, Brian Evans - Postfix List wrote:
On 11/30/2010 11:49 AM, Dan wrote:
On freebsd 8.0: standard install from ports collection:
1) virtual_gid_maps problems #GID does not appear to be working
virtual_gid_maps = mysql:$config_directory/mysql_gids.cf
#virtual_gid_maps = static:2001
Instead of quoting sections of main.cf, please check 'postconf -n' and post
that instead.
This avoids problems of what Postfix is actually using versus what you
claim is right.
Postfix creates new directories/mail with gid of postfix user only,
completely ignoring virtual_gid_maps. I have tested both static and mysql
configurations, same result.
2) Postfix is not changing to root then chown'ing directories to
appropriate virtual_uid_maps. Please see proftpd code as how they
accomplish this. Problem is when you add a new "maildir" to mysql table
that has not existed before, postfix will change euid to the uid of
virtual_uid_maps, then attempt to create directories, which forces sys
admin to make the virtual_base directory mode 777 as it constantly needs
to create directories with new UIDs within there, so just doing a euid
change to uid of virtual_uid_maps is not enough to do the initial create
of first directory.
Obviously a solution to this is for enduser to create the first directory
ahead of time, but this should really be done server side.
Dan.
