kasia in a nutshell: What I misunderstood about postfix

March 17, 2003

What I misunderstood about postfix

Some have emailed me asking what is it exactly what went wrong in my postfix setup. It's not actually anything I did wrong, it's that I misunderstood (or rather over-estimated) the way postfix works. I assumed it would differentiate between real (as in /etc/passwd) users and virtual (only lives in mysql) users for a local-delivery domain. It doesn't. A domain is either virtual or local can't have it both way.. so while it will deliver mail to virtual users configured for a local domain it will not write the files with the virtual uid/gid combination but use nobody/nobody instead as a lookup of the user in local passwd file fails.

I actually see this as a bug, since it *does* deliver the mail.. shouldn't take much more to enhance it to be smarter about who the user really is.. after all..

- exists in mysql = check
- doesn't exist in passwd = check
- user is valid = check

hmm.. gee.. maybe it's a virtual one.

This is only an issue with a domain configured as local, purely virtual domains do not have this problem.

Of course, I could be missing some big point here.. like an inherent security risk in this (I can't imagine what.. but smarter people than I wrote this).

Posted March 17, 2003 09:56 PM in Geek Stuff
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/637

Comments

On March 18, 2003 09:26 AM codepoet added:

>> but smarter people than I wrote this

You hope. =)

On March 19, 2003 01:18 AM Apokalyptik added:

I still stand by qmail+vpopmail :P

just to fan some old fires

so, other than e-mail, how has the new server setup progressed -- overall?

On March 19, 2003 09:58 AM kasia added:

Overall.. not very :(

Between my week-long disconnection from the net and my two jobs I haven't really had that much time to work on it.. was going to work on an MDA config last night but instead got caught in kernel patching for a different server. Oh well.

On March 19, 2003 07:11 PM Jan Chrillesen added:

If you try to define virtual domains as local you'll encounter another problem - the namespace. There's only one namespace for local domains. That means if you define unix-girl.com and example.com as local domains kasia@unix-girl.com and kasia@example.com will end up in the same mailbox. So, basically if you want to handle more than one domain you almost always wants to limit local mailboxes to system accounts and keep any other account as virtual.

On March 19, 2003 09:34 PM Apokalyptik added:

sounds... inflexible

On March 19, 2003 09:55 PM kasia added:

Having more than one local domain is a little weird.. so that makes perfect sense :)

That's what aliases are for!

On March 20, 2003 10:51 AM apokalyptik added:

I prefer to completely dissassociate system users from mail users. but thats just my preference... Its more clean that way -- to me

Trackbacks