Mike Cardwell:
> How would I go about setting up a Postfix configuration whereby
> there is a separate alias file for each domain that I host mail
> for? One where I can set permissions such that different users
> have rights to edit different alias files?
With Postfix you should use an LDAP or *SQL database and control
user access with database authentication mechanisms. Such databases
are best hidden behind a user-friendly web-based front-end.
As part of the Postfix security architeture, no daemon except the
local(8) delivery agent is allowed to read instructions from
user-writable files. Not even the programs that implement mail
routing.
Files that users are allowed to write:
- $HOME/.forward (any file whose name matches $forward_path),
- alias_maps (not: virtual_alias_maps) that are owned by the user,
No other files read by Postfix can be user-writable (and all
configuration including virtual_alias_maps and transport_maps must
be writable only by root). If you allow users to write such files
then you break the Postfix warranty.
> In Exim, I do this by having a router which looks something like
Postfix is different: it has security as one of the primary goals.
Postfix has a strict separation between programs that are allowed
reach outside the Postfix sandbox and those that are not. Exim
has no such separation because it is all one large program.
I have no problem if you prefer to use Exim. Each system has its
domain of applicability. Postfix does not have to solve every problem.
Wietse
