|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Virtual mailboxes WITH aliases, and command delivery
From: Aaron D. Gifford (agifford
infowest.com)
Date: Tue Mar 18 2003 - 11:09:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Simon White <simonmtds.com> responded:
> There are reasons for not allowing virtual to do command expansion.
Actually I'm doing exactly that already with Postfix 1.x using a hacked
combination delivery agent that combines features from local and
virtual. I was just hoping that with Postfix 2.0.x I wouldn't have to
repeat the hack to achieve the same result.
There are reasons that this is a GOOD thing on a tightly controlled mail
server. It allows me to host hundreds of virtual domains, but allow end
my users to add their own forwardings and aliases using a web interface
(of course I must be insanely careful that I audit all of my web
interfaces so that users canNOT add arbitrary aliases or forwardings).
Yes, this is a BIG security risk, so most sites had probably better NOT
do this (and that's why I run Postfix entirely within a FreeBSD jail
environment and all programs or systems with access to my SQL database
hosted alias/mailbox tables are meticulous about double-checking user
supplied data). Alias loops are not a problem either, as we enforce
non-looping using our own administrative control API (in perl) for
creating/destroying aliases.
> I would say set up a separate subdomain with local recipients, in order
> to allow command expansion. Command expansion doesn't make sense in a
> "Virtual" setup, once you add command expansion then really you may as
> well use local or a separate LDA like maildrop, procmail...
Command expansion allows us to support (for our users) a few of our own
custom commands for handing things like autoreplies, list managers, etc.
as well as permitting us to hand off mail on a user-by-user basis to a
customized maildir program. But yes, for the most part, it goes unused
and is a huge security risk (one compromise of your table, and someone
can execute arbitrary commands).
This was what we used to use before, and it was very cumbersome and
awkward. It also meant that one would have to create mangled local
mailbox names (i.e. if joeexample1.com and joeexample2.com were
virtual aliases to different local mailboxes).
I did forget to mention that I need to do what I showed in my previous
example for hundreds of virtual hosts that all have mailboxes on the
same mail server.
So let me repeat my question: CAN THIS BE DONE? Virtual domains that
support both mailboxes AND aliases under Postfix 2.0.x? I had hoped
that I could use virtual_alias_domains and virtual_mailbox_domains
together on the same domains to accomplish this, but that obviously
won't work.
Thanks for takinging time to reply.
Aaron out.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]