Re: virtual-mailbox-users confusion

[Viktor Dukhovni]

On Thu, Feb 04, 2021 at 02:39:06PM +0100, Jeff Abrahamson wrote:

> I have a small site (virtual users and dovecot for delivery) that
> handles mail for several domains: example.com, example.de, example.fr.
> The "real" addresses are at example.fr, so I've done the following:

In that case the other domains are more accurately modelled as
virtual_alias_domains, rather than virtual_mailbox_domains:

>     virtual_alias_maps = hash:/etc/postfix/virtual
>     virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
>     virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
>     virtual_transport = dovecot

      default_map_type = hash
      indexed = ${default_map_type}:${config_directory}/
      virtual_alias_domains = ${indexed}virtual-alias-domains

> and
> 
>     /etc/postfix/virtual-mailbox-domains:
> 
>     example.fr     OK

    /etc/postfix/virtual-alias-domains:

      example.com    OK
      example.de     OK


> and
> 
>     /etc/postfix/virtual:
> 
>     al...@example.com    al...@example.fr
>     al...@example.de     al...@example.fr
>     b...@example.com      b...@example.fr
>     b...@example.de       b...@example.fr

This is sufficient to define the mappings from the virtual alias domains
to potential users in the virtual mailbox domains, but you're still
missing the virtual mailbox domain user table.  See below:

> Now /etc/dovecot/passwd.db notes that al...@example.fr and
> b...@example.fr are valid users with passwords, but that's not enough
> for postfix to agree to deliver mail, even though SMTP authentication
> uses those passwords when alice and bob connect to send mail.  I
> think what needs to happen (which is to say, it works for me, but I'm
> confused by the docs) is that I need to add the following, which I did:
> 
>     /etc/postfix/virtual-mailbox-users:
> 
>     al...@example.fr    al...@example.fr
>     b...@example.fr      b...@example.fr

Yes, Postfix needs a table of virtual mailbox domain users, which
if you were using the built-in virtual(8) delivery agent would on
the RHS have the mailbox pathname, and you'd also then need (often
static) mappings in virtual_uid_maps and virtual_gid_maps.

Bug since you're using an external LDA (dovecot), the table is only used
to determine whether a given user is valid or not.  The RHS value is
ignored, but must be non-empty.  You can put "EXISTS", "VALID", "OK",
..., or just repeat the address as above.  Whatever makes sense to you.

> I've two questions:
> 
>   1.  Did I understand correctly?
>   2.  Why two identical columns in virtual-mailbox-users?

They don't need to be identical.

-- 
    Viktor.