virtual_mailbox_base Question
John Dubchak
I have a functioning postfix-2.6.5 upgraded installation running. The
current setup has
virtual_mailbox_base=/var/spool/virutal_mailboxes
and uses postgres to return the remaining portion of the delivery path
(eg. /domain/username/) to append to virtual_mailbox_base to create the
correct delivery path - or so I assume.
I read the documentation that said the default value for
virtual_mailbox_base is blank if it is not present. I wanted to create
a more flexible system and decided to change the query in
virtual_mailbox_maps to return the fully derived mail delivery path and
remove virtual_mailbox_base altogether, however, given that
configuration change, mail does not get delivered. So I believe I am
wrong in thinking that those are the only 2 things that need to change
in order to fully derive that delivery path.
What else am I missing?
Thanks for any clarity you can provide,
John
#> postconf -n
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = pgsql:/etc/postfix/sql/pgsql-canonical-maps.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
message_size_limit = 10240000
mydestination = $myhostname
mydomain = eliteswa.com
myhostname = mail.eliteswa.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unauth_destination,
reject_unknown_sender_domain, reject_rbl_client
zen.spamhaus.org
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access_map
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/eliteswa-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/eliteswa-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/etc/postfix/sql/pgsql-virtual-alias-maps.cf
virtual_gid_maps = pgsql:/etc/postfix/sql/pgsql-virtual-gid-maps.cf
virtual_mailbox_base = /var/spool/virtual_mailboxes
virtual_mailbox_domains =
pgsql:/etc/postfix/sql/pgsql-virtual-mailbox-domains.cf
virtual_mailbox_maps =
pgsql:/etc/postfix/sql/pgsql-virtual-mailbox-recipients.cf
virtual_uid_maps = pgsql:/etc/postfix/sql/pgsql-virtual-uid-maps.cf
Victor Duchovni
> Hi,
>
> I have a functioning postfix-2.6.5 upgraded installation running. The
> current setup has
>
> virtual_mailbox_base=/var/spool/virutal_mailboxes
>
> and uses postgres to return the remaining portion of the delivery path
> (eg. /domain/username/) to append to virtual_mailbox_base to create the
> correct delivery path - or so I assume.
>
> I read the documentation that said the default value for
> virtual_mailbox_base is blank if it is not present. I wanted to create
> a more flexible system and decided to change the query in
> virtual_mailbox_maps to return the fully derived mail delivery path and
> remove virtual_mailbox_base altogether, however, given that
> configuration change, mail does not get delivered. So I believe I am
> wrong in thinking that those are the only 2 things that need to change
> in order to fully derive that delivery path.
http://www.postfix.org/postconf.5.html#virtual_mailbox_base
While the default is empty, you MUST set a non-empty value to use the
virtual(8) delivery agent.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
John Dubchak
> On Thu, Sep 17, 2009 at 05:52:23AM -0500, John Dubchak wrote:
>
> > Hi,
> >
> > I have a functioning postfix-2.6.5 upgraded installation running. The
> > current setup has
> >
> > virtual_mailbox_base=/var/spool/virutal_mailboxes
> >
> > and uses postgres to return the remaining portion of the delivery path
> > (eg. /domain/username/) to append to virtual_mailbox_base to create the
> > correct delivery path - or so I assume.
> >
> > I read the documentation that said the default value for
> > virtual_mailbox_base is blank if it is not present. I wanted to create
> > a more flexible system and decided to change the query in
> > virtual_mailbox_maps to return the fully derived mail delivery path and
> > remove virtual_mailbox_base altogether, however, given that
> > configuration change, mail does not get delivered. So I believe I am
> > wrong in thinking that those are the only 2 things that need to change
> > in order to fully derive that delivery path.
>
> http://www.postfix.org/postconf.5.html#virtual_mailbox_base
>
> While the default is empty, you MUST set a non-empty value to use the
> virtual(8) delivery agent.
>
Hi Victor,
Thanks for your response.
In my virtual_mailbox_maps, I am using the results of the query from a
postgresql database. I was hoping I'd be able to have the query return
the full path of the mailbox directory and remove the
virtual_mailbox_base from my main.cf file.
However, making that change, mail was not being delivered at all.
So, I believe I am using correctly, or is that not the case?
Thanks,
John
Victor Duchovni
> > > I read the documentation that said the default value for
> > > virtual_mailbox_base is blank if it is not present. I wanted to create
> > > a more flexible system and decided to change the query in
> > > virtual_mailbox_maps to return the fully derived mail delivery path and
> > > remove virtual_mailbox_base altogether, however, given that
> > > configuration change, mail does not get delivered. So I believe I am
> > > wrong in thinking that those are the only 2 things that need to change
> > > in order to fully derive that delivery path.
> >
> > http://www.postfix.org/postconf.5.html#virtual_mailbox_base
> >
> > While the default is empty, you MUST set a non-empty value to use the
> > virtual(8) delivery agent.
> >
>
> Hi Victor,
>
> Thanks for your response.
>
> In my virtual_mailbox_maps, I am using the results of the query from a
> postgresql database. I was hoping I'd be able to have the query return
> the full path of the mailbox directory and remove the
> virtual_mailbox_base from my main.cf file.
>
> However, making that change, mail was not being delivered at all.
>
> So, I believe I am using correctly, or is that not the case?
If you want to reduce security, set the parameter to "/" as documented.
John Dubchak
>
> If you want to reduce security, set the parameter to "/" as documented.
>
That's not my goal, so it's not a change I'm willing to introduce.
Also, I wasn't aware that I'd be reducing security by doing that, so
thanks for pointing that out to me.
John
Victor Duchovni
Allowing the database to specify arbitrary mailbox paths reduces security.
Setting an explicit sub-tree of the filesystem for mailbox locations is
safer. If you want absolute paths in the database table, you want the
reduced security. Otherwise, trim-off a common prefix, and specify only
the relative path in the table.