As a system hosts more and more domains and users, it becomes less
desirable to give every user their own UNIX system account.
With the Postfix
virtual(8) mailbox delivery agent, every
recipient address can have its own virtual mailbox. Unlike virtual
alias domains,
virtual mailbox domains do not need the clumsy
translation from each recipient addresses into a different address,
and owners of a virtual mailbox address do not need to have a UNIX
system account.
The Postfix
virtual(8) mailbox delivery agent looks up the user
mailbox pathname, uid and gid via separate tables that are searched
with the recipient's mail address. Maildir style delivery is turned
on by terminating the mailbox pathname with "/".
If you find the idea of multiple tables bothersome, remember
that you can migrate the information (once it works), to an SQL
database. If you take that route, be sure to review the "local files versus databases"
section at the top of this document.
Here is an example of a
virtual mailbox domain "example.com":
1 /etc/postfix/main.cf:
2
virtual_mailbox_domains = example.com ...more domains...
3
virtual_mailbox_base = /var/mail/vhosts
4
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
5
virtual_minimum_uid = 100
6
virtual_uid_maps = static:5000
7
virtual_gid_maps = static:5000
8
virtual_alias_maps = hash:/etc/postfix/virtual
9
10 /etc/postfix/vmailbox:
11 [email protected] example.com/info
12 [email protected] example.com/sales/
13 # Comment out the entry below to implement a catch-all.
14 # @example.com example.com/catchall
15 ...virtual mailboxes for more domains...
16
17 /etc/postfix/virtual:
18 [email protected] postmaster
Notes:
-
Line 2: The
virtual_mailbox_domains setting tells Postfix
that example.com is a so-called
virtual mailbox domain. If you omit
this setting then Postfix will reject mail (relay access denied)
or will not be able to deliver it (mail for example.com loops back
to myself).
NEVER list a
virtual MAILBOX domain name as a
mydestination
domain!
NEVER list a
virtual MAILBOX domain name as a virtual ALIAS
domain!
-
Line 3: The
virtual_mailbox_base parameter specifies a
prefix for all virtual mailbox pathnames. This is a safety mechanism
in case someone makes a mistake. It prevents mail from being
delivered all over the file system.
-
Lines 4, 10-15: The
virtual_mailbox_maps parameter specifies
the lookup table with mailbox (or maildir) pathnames, indexed by
the virtual mail address. In this example, mail for [email protected]
goes to the mailbox at /var/mail/vhosts/example.com/info while mail
for [email protected] goes to the maildir located at
/var/mail/vhosts/example.com/sales/.
-
Line 5: The
virtual_minimum_uid specifies a lower bound
on the mailbox or maildir owner's UID. This is a safety mechanism
in case someone makes a mistake. It prevents mail from being written
to sensitive files.
-
Lines 6, 7: The
virtual_uid_maps and
virtual_gid_maps
parameters specify that all the virtual mailboxes are owned by a
fixed uid and gid 5000. If this is not what you want, specify
lookup tables that are searched by the recipient's mail address.
-
Line 14: The commented out entry (text after #) shows how
one would implement a catch-all virtual mailbox address. Be prepared
to receive a lot of spam, as well as bounced spam that was sent in
the name of [email protected].
NEVER put a virtual MAILBOX wild-card in the virtual ALIAS
file!!
-
Lines 8, 17, 18: As you see, it is possible to mix virtual
aliases with virtual mailboxes. We use this feature to redirect
mail for example.com's postmaster address to the local postmaster.
You can use the same mechanism to redirect an address to a remote
address.
-
Line 18: This example assumes that in main.cf, $
myorigin
is listed under the
mydestination parameter setting. If that is
not the case, specify an explicit domain name on the right-hand
side of the virtual alias table entries or else mail will go to
the wrong domain.
Execute the command "postmap /etc/postfix/virtual" after
changing the virtual file, execute "postmap /etc/postfix/vmailbox"
after changing the vmailbox file, and execute the command "postfix
reload" after changing the main.cf file.
Note: mail delivery happens with the recipient's UID/GID
privileges specified with
virtual_uid_maps and
virtual_gid_maps.
Postfix 2.0 and earlier will not create mailDIRs in world-writable
parent directories; you must create them in advance before you can
use them. Postfix may be able to create mailBOX files by itself,
depending on parent directory write permissions, but it is safer
to create mailBOX files ahead of time.
More details about the virtual mailbox delivery agent are given
in the
virtual(8) manual page.
