Postfix – How to Auto Create Maildir on Debian Email Server

debianemailemail-serverpostfix

I've been beating my head against a wall for a while now on this one. Basically, here is the rundown:

Our MX record points to a frontend SMTP server, which contains aliases for actually routing the mail. No alias, no access to the backend storage server, which is what our clients connect to.

I'm upgrading the backend email server. Currently, a user is created for every email user on the server, which creates the mailbox. On the new server, everything autheticates through PAM to an LDAP server (all of which is working properly). My goal is to get Postfix to create the Maildir directory for the user automatically. This works fine when I have the /home directory with 777 permissions, but for obvious reasons, this should be avoided. I would like to do this with 775 permissions on /home with a group owner of whatever user Postfix is running as, but I can't seem to figure out what user to use. With the 777 permissions, the /home/$user/Maildir directory is created on message delivery. Does anybody know how I can do this without 777 permissions?

The system I am working on is a 64-bit Debian Lenny 5.07 install.

Any advice would be appreciated.

Best Answer

The answer to this varies depending on how your Postfix system is configured. You mention pam and LDAP, so I assume you have all your domains in $mydestination, or you use only one domain (example.com, for instance)

It may be easier for you to configure virtual_mailbox_domains with LDAP maps instead of mysql/pgsql maps (the logic is exactly the same though).

You create a single system user, without login privileges. I shall assume a username and group of vmail:vmail here, but the specific name is not important.

In LDAP, create your mailbox path relative to $HOME for vmail (so the maildir becomes /home/vmail/user/Maildir/).

Add your domains to virtual_mailbox_domains. Create a virtual_mailbox_maps map which takes in the username as input and returns username/Maildir as output.

Set 


virtual_mailbox_domains = example.com
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap_virtual.cf
virtual_uid_maps = static:$uid_of_vmail
virtual_gid_maps = static:$gid_of_vmail
#$uid_of_vmail and $gid_of_vmail are obtained from the output of 
#id vmail
in main.cf.

See http://www.postfix.org/ldap_table.5.html and http://www.postfix.org/VIRTUAL_README.html for more information (and what you need to put in ldap_virtual.cf).

FWIW, Postfix runs the local delivery process as the uid/gid of the system user you are delivering to.

The general permissions for /home are 755 with owner and group both root, but the user can write within ~user. Hence Postfix will happily deliver to ~user/Maildir/, but will not be able to create ~user. Using virtual users will sidestep this issue by granting access to all mailboxes to a single uid/gid, which is then accessed only by your pop3/imap software. Direct access to the mailbox by users will not be possible.

Related Topic