What I misunderstood about postfix
Some have emailed me asking what is it exactly what went wrong in my postfix setup. It's not actually anything I did wrong, it's that I misunderstood (or rather over-estimated) the way postfix works. I assumed it would differentiate between real (as in /etc/passwd) users and virtual (only lives in mysql) users for a local-delivery domain. It doesn't. A domain is either virtual or local can't have it both way.. so while it will deliver mail to virtual users configured for a local domain it will not write the files with the virtual uid/gid combination but use nobody/nobody instead as a lookup of the user in local passwd file fails.
I actually see this as a bug, since it *does* deliver the mail.. shouldn't take much more to enhance it to be smarter about who the user really is.. after all..
- exists in mysql = check
- doesn't exist in passwd = check
- user is valid = check
hmm.. gee.. maybe it's a virtual one.
This is only an issue with a domain configured as local, purely virtual domains do not have this problem.
Of course, I could be missing some big point here.. like an inherent security risk in this (I can't imagine what.. but smarter people than I wrote this).
Comments
>> but smarter people than I wrote this
You hope. =)
Posted by: codepoet | March 18, 2003 09:26 AM
I still stand by qmail+vpopmail :P
just to fan some old fires
so, other than e-mail, how has the new server setup progressed -- overall?
Posted by: Apokalyptik | March 19, 2003 01:18 AM
Overall.. not very :(
Between my week-long disconnection from the net and my two jobs I haven't really had that much time to work on it.. was going to work on an MDA config last night but instead got caught in kernel patching for a different server. Oh well.
Posted by: kasia | March 19, 2003 09:58 AM
If you try to define virtual domains as local you'll encounter another problem - the namespace. There's only one namespace for local domains. That means if you define unix-girl.com and example.com as local domains kasia@unix-girl.com and kasia@example.com will end up in the same mailbox. So, basically if you want to handle more than one domain you almost always wants to limit local mailboxes to system accounts and keep any other account as virtual.
Posted by: Jan Chrillesen | March 19, 2003 07:11 PM
sounds... inflexible
Posted by: Apokalyptik | March 19, 2003 09:34 PM
Having more than one local domain is a little weird.. so that makes perfect sense :)
That's what aliases are for!
Posted by: kasia | March 19, 2003 09:55 PM
I prefer to completely dissassociate system users from mail users. but thats just my preference... Its more clean that way -- to me
Posted by: apokalyptik | March 20, 2003 10:51 AM