Overview
It is very common these days for a
single system to host many domains. For instance,
arkum.ch and
akadia.com might run on a single host, but act as if they were two
totally different hosts. A system usually has a canonical domain, which is
considered its usual or common domain name. Additional domains are
configured as virtual domains. Each virtual domain can host
services such as web sites and email as if it were the only domain on a
server.
To determine which technique or
techniques you need, you must decide how Postfix should deliver messages
for virtual domains. There are two important considerations that influence
how you should configure Postfix for hosting multiple domains:
-
Should your domains have separate
namespaces? For example, should mail for the two addresses info@arkum.ch
and info@akadia.com go to the same mailbox or separate ones?
-
Does every user require a local
account? We'll make the distinction between local accounts that
are real Unix accounts on your system and virtual accounts. With
virtual accounts, users can have mailboxes on your server, but don't
otherwise log in to the system and don't require an entry in /etc/passwd.
Consider the four different ways
Postfix can handle mail for virtual domains:
-
Shared mailboxes with system accounts
-
Separate mailboxes with system
accounts
-
Separate mailboxes with virtual
accounts (shown in this Article)
Your POP/IMAP server will be a major
factor in deciding which technique you need. If your POP/IMAP server does
not understand virtual domains, then it will most likely require that you
have system accounts for all addresses. Some POP/IMAP servers inherently
support multiple domains, and deliver messages into a particular directory
structure on the local filesystem. Other POP/IMAP servers use their own
proprietary message store. Postfix can hand off messages to them using
LMTP.
Separate mailboxes with virtual
accounts
The drawback for the two first techniques is that you
must maintain system accounts for all email addresses on your server. As
the number of domains you host increases, so does the effort to maintain
all the accounts. In particular, if users only receive email at your
server, and don't otherwise log in, you probably don't want to have to
create system accounts for each one. Instead, configure Postfix to deliver
to a local message store where each virtual email address can have its own
mailbox file. Your users then retrieve their messages through a POP/IMAP
server.
The local message store works much like normal local
delivery, but it doesn't require a one-to-one correspondence between each
mail file and a local user account. For this configuration, list each
virtual domain in the virtual_mailbox_domains parameter:
virtual_mailbox_domains =
arkum.ch
If you have many domains, you can list them in a
file and point virtual_mailbox_domains to the file:
virtual_mailbox_domains = /usr/local/postfix/etc/virtual_domains
The file virtual_domains then contains
a line for each domain:
#
# virtual_domains
#
arkum.ch
arkum.com
opal.ch
opal.com
Virtual domains listed in virtual_mailbox_domains
are delivered by the virtual delivery agent, which is actually a
streamlined version of the local delivery agent. It makes deliveries in a
highly secure and efficient manner, but local aliases, .forward files, and
mailing list programs are not available.
When setting up the virtual mailboxes, you should
structure the directories to accommodate the expectations of your POP/IMAP
server. Let's assume for this explanation that the virtual mailboxes are
all located below the base directory /var/spool/mail. Each virtual domain
has its own subdirectory below that, so that you have directories like the
following:
/var/spool/mail/arkum.ch
/var/spool/mail/arkum.com
/var/spool/mail/opal.ch
/var/spool/mail/opal.com
This is a common configuration for POP/IMAP servers
that support virtual hosting. Below each domain subdirectory are the mail
files for each user. Indicate to Postfix the base directory of the mail
store with the virtual_mailbox_base parameter:
virtual_mailbox_base = /var/spool/mail
You must create a lookup file that maps email
addresses to their mailbox files. Specify the lookup table with the
virtual_mailbox_maps parameter:
virtual_mailbox_maps = hash:/usr/local/postfix/etc/virtual_mailbox
Every user receiving mail to a virtual mailbox file
must have an entry in a Postfix lookup table. The mailbox file is
specified relative to virtual_mailbox_base. Mail files can use either mbox
or maildir format. To use maildir format, include a slash at the end of the
filename. A virtual mailbox map file looks like the following:
#
# virtual_mailbox
#
mueller@arkum.ch
arkum.ch/mueller
hans.mueller@arkum.ch arkum.ch/mueller
meier@arkum.ch
arkum.ch/meier
roland.meier@arkum.ch
arkum.ch/meier
The email address mueller@arkum.ch goes to a different
mailbox from the address meier@arkum.ch.
Mailbox File Ownership
The virtual mailbox files must be owned by a user
account and associated with a group on your system. How your users
retrieve their messages determines what the ownership of mailbox files
should be. Often, your POP/IMAP server executes under its own account and
expects all of the mailbox files to be owned by this user, but if
necessary, Postfix lets you configure ownership for mailbox files in any
way you need. Each can be owned by a separate user, or one user can own
all of the mailboxes for one domain, while a different user owns the
mailboxes of another.
The virtual_uid_maps and virtual_gid_maps parameters
determine the owner and group Postfix uses when making deliveries to
virtual mailbox files. You can specify that all of the virtual mailboxes
should be owned by the same user account with the static map type. Assume,
for this example, that you have created an account called vmail that has a UID of
404, and a group called vmail that has a GID of
400. You want all of the virtual mailbox
files to be owned by this user and group.
Set the
|
|
Postfix - Hosting Multiple Domains with Virtual Accounts
|
Overview
It is very common these days for a
single system to host many domains. For instance,
arkum.ch and
akadia.com might run on a single host, but act as if they were two
totally different hosts. A system usually has a canonical domain, which is
considered its usual or common domain name. Additional domains are
configured as virtual domains. Each virtual domain can host
services such as web sites and email as if it were the only domain on a
server.
To determine which technique or
techniques you need, you must decide how Postfix should deliver messages
for virtual domains. There are two important considerations that influence
how you should configure Postfix for hosting multiple domains:
-
Should your domains have separate
namespaces? For example, should mail for the two addresses info@arkum.ch
and info@akadia.com go to the same mailbox or separate ones?
-
Does every user require a local
account? We'll make the distinction between local accounts that
are real Unix accounts on your system and virtual accounts. With
virtual accounts, users can have mailboxes on your server, but don't
otherwise log in to the system and don't require an entry in /etc/passwd.
Consider the four different ways
Postfix can handle mail for virtual domains:
-
Shared mailboxes with system accounts
-
Separate mailboxes with system
accounts
-
Separate mailboxes with virtual
accounts (shown in this Article)
Your POP/IMAP server will be a major
factor in deciding which technique you need. If your POP/IMAP server does
not understand virtual domains, then it will most likely require that you
have system accounts for all addresses. Some POP/IMAP servers inherently
support multiple domains, and deliver messages into a particular directory
structure on the local filesystem. Other POP/IMAP servers use their own
proprietary message store. Postfix can hand off messages to them using
LMTP.
Separate mailboxes with virtual
accounts
The drawback for the two first techniques is that you
must maintain system accounts for all email addresses on your server. As
the number of domains you host increases, so does the effort to maintain
all the accounts. In particular, if users only receive email at your
server, and don't otherwise log in, you probably don't want to have to
create system accounts for each one. Instead, configure Postfix to deliver
to a local message store where each virtual email address can have its own
mailbox file. Your users then retrieve their messages through a POP/IMAP
server.
The local message store works much like normal local
delivery, but it doesn't require a one-to-one correspondence between each
mail file and a local user account. For this configuration, list each
virtual domain in the virtual_mailbox_domains parameter:
virtual_mailbox_domains =
arkum.ch
If you have many domains, you can list them in a
file and point virtual_mailbox_domains to the file:
virtual_mailbox_domains = /usr/local/postfix/etc/virtual_domains
The file virtual_domains then contains
a line for each domain:
#
# virtual_domains
#
arkum.ch
arkum.com
opal.ch
opal.com
Virtual domains listed in virtual_mailbox_domains
are delivered by the virtual delivery agent, which is actually a
streamlined version of the local delivery agent. It makes deliveries in a
highly secure and efficient manner, but local aliases, .forward files, and
mailing list programs are not available.
When setting up the virtual mailboxes, you should
structure the directories to accommodate the expectations of your POP/IMAP
server. Let's assume for this explanation that the virtual mailboxes are
all located below the base directory /var/spool/mail. Each virtual domain
has its own subdirectory below that, so that you have directories like the
following:
/var/spool/mail/arkum.ch
/var/spool/mail/arkum.com
/var/spool/mail/opal.ch
/var/spool/mail/opal.com
This is a common configuration for POP/IMAP servers
that support virtual hosting. Below each domain subdirectory are the mail
files for each user. Indicate to Postfix the base directory of the mail
store with the virtual_mailbox_base parameter:
virtual_mailbox_base = /var/spool/mail
You must create a lookup file that maps email
addresses to their mailbox files. Specify the lookup table with the
virtual_mailbox_maps parameter:
virtual_mailbox_maps = hash:/usr/local/postfix/etc/virtual_mailbox
Every user receiving mail to a virtual mailbox file
must have an entry in a Postfix lookup table. The mailbox file is
specified relative to virtual_mailbox_base. Mail files can use either mbox
or maildir format. To use maildir format, include a slash at the end of the
filename. A virtual mailbox map file looks like the following:
#
# virtual_mailbox
#
mueller@arkum.ch
arkum.ch/mueller
hans.mueller@arkum.ch arkum.ch/mueller
meier@arkum.ch
arkum.ch/meier
roland.meier@arkum.ch
arkum.ch/meier
The email address mueller@arkum.ch goes to a different
mailbox from the address meier@arkum.ch.
Mailbox File Ownership
The virtual mailbox files must be owned by a user
account and associated with a group on your system. How your users
retrieve their messages determines what the ownership of mailbox files
should be. Often, your POP/IMAP server executes under its own account and
expects all of the mailbox files to be owned by this user, but if
necessary, Postfix lets you configure ownership for mailbox files in any
way you need. Each can be owned by a separate user, or one user can own
all of the mailboxes for one domain, while a different user owns the
mailboxes of another.
The virtual_uid_maps and virtual_gid_maps parameters
determine the owner and group Postfix uses when making deliveries to
virtual mailbox files. You can specify that all of the virtual mailboxes
should be owned by the same user account with the static map type. Assume,
for this example, that you have created an account called vmail that has a UID of
404, and a group called vmail that has a GID of
400. You want all of the virtual mailbox
files to be owned by this user and group.
Set the virtual_uid_maps and virtual_gid_maps
parameters in main.cf:
virtual_uid_maps = static:404
virtual_gid_maps = static:400
If you want to use different UIDs for different
mailbox files, you must create a lookup file that maps the addresses to
the UIDs. Then point the mapping parameter to your lookup file:
virtual_uid_maps = hash:/usr/local/postfix/etc/virtual_uids
virtual_gid_maps = hash:/usr/local/postfix/etc/virtual_gids
The file /usr/local/postfix/etc/virtual_uids contains entries
like the following, with each address mapped to the correct UID. In this
case, the mailboxes for mueller@arkum.ch use one ID and those for
meier@arkum.ch use another:
#
# virtual_uids
#
mueller@arkum.ch 404
meier@arkum.ch 405
|
virtual_uid_maps and virtual_gid_maps
parameters in main.cf:
virtual_uid_maps = static:404
virtual_gid_maps = static:400
If you want to use different UIDs for different
mailbox files, you must create a lookup file that maps the addresses to
the UIDs. Then point the mapping parameter to your lookup file:
virtual_uid_maps = hash:/usr/local/postfix/etc/virtual_uids
virtual_gid_maps = hash:/usr/local/postfix/etc/virtual_gids
The file /usr/local/postfix/etc/virtual_uids contains entries
like the following, with each address mapped to the correct UID. In this
case, the mailboxes for mueller@arkum.ch use one ID and those for
meier@arkum.ch use another:
#
# virtual_uids
#
mueller@arkum.ch 404
meier@arkum.ch 405
|