Virtual Hosting with Postfix, part one

Want to support HowtoForge? Become a subscriber!
 
Submitted by joe (Contact Author) (Forums) on Tue, 2005-04-12 09:48. :: Postfix
Version 1.0

Author: Joe Topjian <joe [at] adminspotting [dot] net>
Last edited 04/11/2005

The virtual domain support in Postfix is actually quite robust. There are three different ways you host virtual domains with Postfix and they're all described here. We'll be looking at the third one: separate domains and non-unix accounts.

Why this one? Because in the end, this options gives us the most flexibility. It's a little more complicated to set up and understand but well worth it when you're hosting several domains.

Our end goal is to have an email server that supports mail delivery to multiple domains. Each email address will be authentic to only that domain. For example, joe@domain1.com and joe@domain2.com are two different accounts that each receive different mail.

To start out, we're going to turn all domains into virtual hosts. Even if you have Postfix set up with a single domain, we're going to make that domain virtual. You don't need to do this, but I do because I think it's more organized. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain. To do that, we'll change our myhostname line in main.cf to read:

myhostname = localhost

Next we're going to add the following virtual domain information to main.cf (all of which will be explained after):

virtual_mailbox_domains = /etc/postfix/vhosts.txt

virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_alias_maps = hash:/etc/postfix/valias.txt

In the first line, we're using a text file called vhosts.txt. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example:

domain1.com
domain2.com
virtual.org


The next line specifies the base directory where we shall store all of our mail. Again, you can choose anything you want.

The third line points to a textfile I called vmaps.txt. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a / at the end of the location, it becomes Maildir format. If not, it is mbox. I have hash specified because I'm also turning vmaps.txt into a hash file by running:

postmap vmaps.txt

This results in a file called vmaps.txt.db. Postfix is able to lookup information in hashes faster than a normal text file.

The contents of vmaps.txt looks like this:

joe@domain1.com domain1.com/joe/
joe@domain2.com domain2.com/joe/
john@virtual.org virtual.org/john/


Take a look at the second column. The value is appended to our virtual_mailbox_base line. So the absolute path of the virtual mailbox becomes, for example, /var/spool/vmail/domain1.com/joe/. Don't forget to actually make the directories domain1.com and joe. Since this mailbox is in maildir format, we'll need 3 subdirectories under this mailbox: new, cur, tmp. There are several scripts around to do this, but basically this works just fine:

mkdir new cur tmp
chmod 700 new cur tmp


The next two lines define an account we'll set up that will have permission to access the mailboxes. Yes, one account will have the ability to read all the virtual email. Yes, this can be considered a security problem. Please do your best to ensure no one can become this user. We'll call the account "virtual". Add it any way you want to the system (eg, useradd) and make note of it's uid and gid.

The final line specifies a text file where we can place aliases for virtual accounts. The contents looks like this:

joe@domain1.com joe@yahoo.com


Finally, you'll need to give ownership to the mailboxes to the virtual user. Running this will take care of it:

chown -R virtual:virtual /var/spool/vmail

And that's it. Just run a "postfix reload" and you are all set. Of course now we need a way to actually retrieve the email. I'll do that in Part Two.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Fri, 2010-12-31 11:16.

Nice to read an article on the Internet that promises so much, yet left out so much detail.

e.g Further clarification is required here:

"The next two lines define an account we'll set up that will have permission to access the mailboxes. Yes, one account will have the ability to read all the virtual email. Yes, this can be considered a security problem. Please do your best to ensure no one can become this user. We'll call the account "virtual". Add it any way you want to the system (eg, useradd) and make note of it's uid and gid.

The final line specifies a text file where we can place aliases for virtual accounts. The contents looks like this:

joe@domain1.com joe@yahoo.com:
 
Where does one add the line:  joe@domain1.com joe@yahoo.com: ?  It s very unclear.
Does one create the user in the format:
useradd joe@fred.com
or
useradd joe
If the latter, then how does the system differenciate between joe@fred.com and joe@bob.info.
 
I would suggest using mysql or openldap for this.  Its far better organised and probably clearer.
Submitted by jktrigg (registered user) on Fri, 2006-10-27 21:24.
This has one serious problem -- as configured, outgoing mail from it will get blocked by many sites because it will send a HELO greeting of "localhost".  The myhostname parameter needs to be a fully qualified domain name.
Submitted by Anonymous (not registered) on Tue, 2006-04-18 23:56.
Thanks! Great article- it was exactly what I needed to get up and running with very little knowlege of postfix/dovecot for an urgent project! ek
Submitted by Anonymous (not registered) on Wed, 2006-02-22 03:42.

As in the previous post, excellent tutorial Joe. I have to say, I went through this tutorial 5 times, step by step, and could not get it working. It appeared the SMTP service was up and running, and everything, but when I connected via telnet I got nowhere, it just seemed to hang the connection. Finally after going through the whole tutorial, I noticed something I missed (not once, but 5 times), and that was the creation of the valias.txt file. Of course, I had to actually go and read my mail log to find that little mistake (and I am kicking myself over and over and over for not doing that in the FIRST place). Anyhow, I am a complete idiot on that one.

The only thing I would suggest is a little expansion on the whole valias.txt file. I know you gave a quick example, and yes I can go through and read the docs to get more info on the 'virtual_alias_maps', but to make this tutorial more complete, it might help us newbies for a little more basic information on that file.

Also I wanted to ask, in regards to MySQL (or presumably PostgreSQL), you suggested small systems avoid using database functionality. I am working on small project that will allow the addition of mail and web hosts, DNS entries, and so on, via web interface (yes I know, I'm reinventing the wheel), but everything I have come across (such as Webmin, etc), seems to be overkill for my purposes. Anyhow, would it be worth while to move to a database rather than a flatfile for building a virtual domain / virtual user system? (again I am just starting to learn how all these server components fit together, and have a strong web programming background, very little in the way of administration)

Thanks

Aaron

Submitted by Anonymous (not registered) on Mon, 2005-11-28 20:19.

Joe you have done a tremendous job distilling this setup down to it's basic needs. I really appreciate your having done this text files as a DB really is overkill for most small applications.

Two comments:


1 - I would include a link to an MD5 crypter for the convenience of the true newbie

2 - I had to add the slug [34] after the password in the password field to tell dovecot it was MD5 encrypted.

Thanks,

bex

Submitted by mattjbarlow (registered user) on Fri, 2007-12-07 20:38.

I had a problem getting these errors in maillog:

fatal: setrlimit: Permission denied 

warning: process /usr/libexec/postfix/virtual pid 27055 exit status 1
/usr/libexec/postfix/virtual: bad command startup -- throttling

After disabling SELinux it works fine. Just posting this info in case anyone else runs across it.

Submitted by madflojo (not registered) on Sun, 2010-04-04 01:07.
Sounds like some of your SELinux context isn't set right. I'd suggest checking that vs just disabling SELinux (unless you don't want to mess with SELinux anymore anyways).