Article Title: Talk about the relationship between the local mail user and the virtual Mail User. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
After using a virtual user in the mail system, you need to consider how to deal with the relationship between the local user of the mail server's host and the virtual user of the mail server itself.
1. Analyze the mail requirements of local and virtual users Local users can be divided into two types. First, system users, such as bin, daemon, mail, news, and postmaster. The other is common users.
These two types of users have different requirements for emails. System users generally receive emails from program errors, logs, and other information. Because the System user does not have his/her own mailbox, the email is usually forwarded to an administrator account through the system alias table. Generally, this Administrator account is a local user account, such as root and serial0. Normal users may have two kinds of email requirements: they can send or read emails locally, you can also use the smtp, imap, and pop services on the mail host to send and receive emails on other computers.
The virtual user needs to send and receive emails through smtp, imap, and pop. This does not involve sending and reading messages locally.
2. There are two main problems with the relationship between local users and virtual users. 1. User authentication issues. The storage location of user information for local users and virtual users is different. The local user information of the email host is stored in/etc/passwd, while the virtual user information is stored in the database file, database server, or Directory Server. How to obtain the user name and password from two different locations during password verification (SMTP/IMAP/POP verification) is a problem. Second, the mail routing problem between local users and virtual users is caused, that is, the Mail Delivery Problem of local users and virtual users.
The two questions are discussed below. The experiment environment is postfix + courier-imap + cyrus-sasl + pam-mysql + mysl. The virtual user information is stored in mysql.
3. User Authentication problems: 3.1 smtp password verification:
Use saslauthd Of cyrus-sasl for SMTP password verification. Saslauthd supports multiple verification mechanisms during one verification. For local users, use the shadow authentication mechanism to verify/etc/shadow. For virtual users, the pam Authentication mechanism is used to verify the virtual user information in mysql by pam-mysql.
In the/etc/init. d/saslauthd STARTUP script, the shadow mechanism is used by default:
[Root @ hpe45 sysconfig] # more/etc/init. d/saslauthd
...
MECH = shadow
FLAGS =
If [-f/etc/sysconfig/saslauthd]; then
./Etc/sysconfig/saslauthd
Fi
...
In addition to verifying the user and password, IMAP/pop verification usually involves obtaining the user directory and email path, especially the virtual user. The authdaemon of courier-imap allows multiple users to be used in one verification. Authmysqlrc is used for virtual users to verify user information in mysql. For local users, use pam to verify/etc/passwd.
Use the following in/usr/lib/courier-imap/etc/authdaemonrc:
[Root @ hpe45 etc] # more/usr/lib/courier-imap/etc/authdaemonrc
Authmodulelist = "authmysql authpam"
Set virtual user-related items in/usr/lib/courier-imap/etc/authmysqlrc:
Verify the System user in/etc/pam. d/imap and/etc/pam. d/pop3:
[Root @ hpe45 pam. d] # more imap
# % PAM-1.0
Auth required pam_stack.so service = system-auth
Account required pam_stack.so service = system-auth
Note: Because courier-imap supports Maildir-style email directories, the $ home_mailbox = Maildir/parameter must be enabled in postfix, And the email will be delivered to/home/username/Maildir, courier-imap can fetch messages from the user directory.
After the preceding settings, both local users and virtual users can receive messages from imap/pop.
4. Mail Routing Problems The postfix method is different for locally sent mails from the network smtp. Emails sent from local users are put into the maildrop queue by sendmail, and then sent to the cleanup process by the pickup program. Emails from the network are sent to the cleanup process after being received by smtpd. For details, see http://www.postfix.org/receiving.html.
After the cleanup process, the email is placed in incoming and active queues. Then, the qmgr process processes the mail and sends the mail to different mail delivery agents according to the default transport rules or the user-defined transport table, such as local shipping agent, virtual shipping agent, smtp client (sent to other domains), and some external MDA, such as procmail.
After receiving the mail, the mail delivery agent delivers the mail to the user's mailbox.
4.1 Use the local delivery proxy and virtual delivery proxy for mail routing
Local users use the local shipping agent, and virtual users use the virtual shipping agent. In this case, the mail routing method is as follows:
In the experiment, the/etc/postfix/main. cf settings are as follows:
4.1.2. allow local users and virtual users to belong to different email domains.
A local user uses the mail address form of the host name, such as a serial0@hpe45.fz.fj.zz. A virtual user uses the mail address form of a domain name, such as a tom@fz.fj.zz.
Change the above myorigin value
Myorigin = hpe45.fz. fj. zz or myorigin = $ myhostname
When a local user sends an email to a system user such as bin locally, the recipient and sender are automatically added with @ hpe45.fz. fj.. Local shipping agent query alias table, and then turn to root, again into maildrop-pickup-cleanup, root was changed to root@hpe45.fz.fj.zz, again to the local shipping agent, finally shipping.
You can also use the shipping between a common local user and a virtual user.
4.1.2. Make the local user and the virtual user belong to the same email domain.
The same domain, that is, the local user email address is the serial0@fz.fj.zz, and the virtual user's email address is the tom@fz.fj.zz. You can use the transport table to control mail routing for two types of users. Use the transport table to send emails to the local user to the local shipping agent for processing, and send emails to the virtual user to the virtual shipping agent for processing.
Generate/etc/postfix/hpe45fzfjzz. As a transport table, the local user is specially listed and specified to be processed by local. Other users are considered as virtual users pointing to virtual
[Root @ hpe45 postfix] # more/etc/postfix/hpe45fzfjzz
Serial0@fz.fj.zz local:
Fz. fj. zz virtual:
Use postmap to form the corresponding hpe45fzfjzz. db.
The preceding settings only take into account common local users. For system users, the alias table is used by the local shipping agent by default, and the action of the local shipping agent occurs only after the mail is routed. Therefore, when a program sends an email to a system user, the postfix cannot be found in the virtual domain during qmgr phase processing and thus cannot be delivered.
In this case, you can add the System user name to the transport table.
Postmaster@fz.fj.zz local:
Root@fz.fj.zz local:
Serial0@fz.fj.zz local:
Fz. fj. zz virtual:
In this way, the local mail sent to postmaster will be sent to the local shipping agent through maildrop-pickup-cleanup-incoming-active-qmgr-local. The local shipping agent queries the alias table and redirects this message to the root account, that is, the mail is sent to the postfix locally, and the mail is sent through maildrop-pickup-cleanup-incoming-active-qmgr-local, and then put it into the root mailbox.
It can be seen that if the root@fz.fj.zz is missing in the above transport, the mail still cannot arrive. If you do not write full postmaster@fz.fj.zz, root@fz.fj.zz, write only postmaster, root, mail is not delivered.
Another way is to use virtual_alias_maps to indicate that the alias is converted to a postfix at cleanup, which saves the local shipping domain for reprocessing.
Add the following to/etc/postfix/main. cf:
Virtual_alias_maps = hash:/etc/postfix/aliases
In this way, the local user test sends an email to the bin user and enters maildrop-pickup-cleanup. cleanup will check aliases. db redirects the bin@fz.fj.zz to the root@fz.fj.zz, cleanup-incoming-active-qmgr-local, and cast it in the root mailbox.
Therefore, in the transport table, there must be a "root@fz.fj.zz local:" record. Of course, we can also add "root: serial0" in aliase ". In this way, you do not need to use root records in the transport table.
5. Processing local and virtual users depends on the actual situation How to handle local and virtual users depends on the actual situation, such as the purpose of the mail server, the number of local users, and the mail requirements of local users.
Assume that the host where the mail server is located has other purposes besides the mail service, as well as some local users. In this case, local users and virtual users may have the same name. Use/etc/passwd for smtp/imap/pop Authentication.
Assume that the email server is dedicated for email service and has no local users. Then the domain name can be used by virtual users. Local Use
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
