Previous Section  < Day Day Up >  Next Section

Recipe 20.15. Using Postfix's Virtual Mailbox Domains

20.15.1 Problem

You would like to host more than one domain on your Postfix server, or you want to get away from using Linux system accounts for your mail user accounts. That is, you'd like to be able to give users email accounts without having to create actual Linux accounts on your mail server. Giving out as few accounts as possible makes your systems more secure.

20.15.2 Solution

Use Postfix's virtual mailbox domains. This lets you create virtual mailboxes without having to create system user accounts. Then set up your users' logins in userdb in Courier, for either POP or IMAP.

First, add these lines to /etc/postfix/main.cf, substituting your own domain name or names, and directories:

virtual_mailbox_domains = tuxcomputing.com  test.net  foober.com

virtual_mailbox_base = /var/mail/vhosts

virtual_mailbox_maps = hash:/etc/postfix/vmailbox

virtual_minimum_uid = 1000

virtual_uid_maps = static:5000

virtual_gid_maps = static:5000

virtual_alias_maps = hash:/etc/postfix/virtual

Now edit or create /etc/postfix/vmailbox. In this file, you pair up your usernames with their local mail storage directories, which in this example are under /var/mail/vhosts:

akkana@tuxcomputing.com       tuxcomputing.com/akkana/

dancer@tuxcomputing.com       tuxcomputing.com/dancer/

telsa@test.net                test.net/telsa/

telsa.gwynne@test.net         test.net/telsa/

val.henson@foober.com         foober.com/valh/

   

# catch-all address for the domain- you'll be sorry,

# you'll get nothing but spam and virii

@foober.com                   foober.com/catchall

The trailing slashes indicate Maildirs. (Remove them to create mbox format, like in the catchall example.) Then convert the file to a Postfix lookup table:

# postmap /etc/postfix/vmailbox

Now you need to create your users' logins. This is done not in Postfix, but in Courier. Create or edit /etc/courier/userdb. Add your new users to /etc/courier/userdb, using the following format. Be sure to insert a tab stop after the login name, and give each one a unique UID/GID:

telsa    uid=1100gid=1100|home=/var/mail/vhosts/telsa|shell=/bin/bash|imappw=|pop3pw=

There must be no spaces anywhere on the line.

Now comes the tedious part. You need to generate a new password for each new user, using userdbpw. This example creates md5-hashed passwords:

$ userdbpw -md5

Password:

Reenter password:

$1$G41nVriv$GzWaLKidkoVIE2DxMxHBx1

Now copy this into /etc/courier/userdb:

telsa    uid=1100gid=1100|home=/var/mail/vhosts/telsa|shell=/bin/bash|imappw=$1$G41nVriv$G

zWaLKidkoVIE2DxMxHBx1|pop3pw=$1$G41nVriv$GzWaLKidkoVIE2DxMxHBx1

Don't forget to write down your username/password pairs! When you're finished, stop authdaemond, and convert /etc/courier/userdb file to a hashed database:

# /etc/init.d/courier-authdaemon stop

# makeuserdb

Now configure Courier to use /etc/courier/userdb for authentication, in addition to system passwords. Do this in /etc/courier/authdaemonrc:

##NAME: authmodulelist:0

#

# The authentication modules that are linked into

# authdaemond.  The

# default list is installed.  You may selectively 

# disable modules simply

# by removing them from the following list.  The 

# available modules you

# can use are: authcustom authcram authuserdb authldap

# authpgsql authmysql authpam

   

authmodulelist="authuserdb" "authpam"

Finally, restart authdaemonrc:

# /etc/init.d/courier-authdaemon start

Now your users can configure their mail clients, and you're done.

20.15.3 Discussion

Always double-check filepaths, as there are some differences on the different distributions.

There are four possible services that you can give users access to in /etc/courier/userdb: systempw, pop3pw, esmtppw, and imappw. Only users with system accounts can use systempw. If you like, you may limit system users to mail service only by replacing systempw with any of the other three options.

If you have many domains, you can list them in a text file, one domain per line, and point virtual_mailbox_domains to the file:

virtual_mailbox_domains = /etc/postfix/virtual_domains

Having Courier authenticate with both /etc/courier/userdb and /etc/passwd can really slow things down. You can migrate your existing users into /etc/courier/userdb to speed up authentications. First, migrate your existing users:

# /usr/sbin/pw2userdb > oldusers.text

This dumps the contents of /etc/shadow into a text file, in the correct format for Courier, like this:

carla   uid=1000|gid=1000|home=/home/carla|shell=/bin/bash|systempw=$1$.Mi$1huUDUGHKJjs784

75fhyXg2xtoFdm0|gecos=carla schroder,,,

1000=   carla

www-data        uid=33|gid=33|home=/var/www|shell=/bin/sh|systempw=*|

gecos=www-data

33=     www-data

postfix uid=102|gid=102|home=/var/spool/postfix|shell=/bin/false|systempw=!

102=    postfix

Take this and create or edit the file /etc/courier/userdb. Simply copy and paste the entries you want to use.

    Previous Section  < Day Day Up >  Next Section