Christopher McCrory
2022-May-17 20:51 UTC
dovecot virtual users with sendmail, my solution
Hello...
I wanted to use dovecot virtual users with sendmail. As you probably know,
this doesn't work by default. The more scalable solution is probably to
use LDAP, but I really don't like it. This is how I did it
https://github.com/chrismcc-gmail/dovecot-virtual-sendmail
Basically I abused glibc's db feature in /etc/nsswitch
in /var/db/Makefile something like this:
$(VAR_DB)/passwd.db: /etc/dovecot/usersfile
@printf %s "$(patsubst %.db,%,$(@F))... "
@$(AWK) 'BEGIN { FS=":"; OFS=":" } \
/^[ \t]*$$/ { next } \
/^[ \t]*#/ { next } \
/^root/ { next } \
/^[^#]/ { printf ".%s ", $$1; \
printf "%s:x:65534:65534:%s:/home/vmail/%s:/sbin/nologin\n", $$1, $$1,
$$1;
\
}' $^ | \
$(MAKEDB) -o $@ -
@echo "done."
make -C /var/db
getent passwd ; shows
...
virtualuser:x:65534:65534:virtualuser:/home/vmail/virtualuser:/sbin/nologin
othervuser:x:65534:65534:othervuser:/home/vmail/othervuser:/sbin/nologin
A longer explanation and more info is in the github repository
It takes about 10 minutes to go from new clean server to working email
server with this
I've been running this in production for about a week now without any
problems.
Question:
Has anyone else done this? I don't see any downsides, but I might be
missing something.
--
Christopher McCrory
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20220517/65880ead/attachment.htm>
> > I wanted to use dovecot virtual users with sendmail.I do not see you use/create/modify sendmail specific files. So can it be your virtual users are not that virtual any more, but real users?> As you probably know, this > doesn't work by default. The more scalable solution is probably to use LDAP, > but I really don't like it.Why not? Just because it is more complex/more work?> This is how I did it > https://github.com/chrismcc-gmail/dovecot-virtual-sendmail > > Basically I abused glibc's db feature in /etc/nsswitchSo a real user ...?> in /var/db/Makefile something like this: > > $(VAR_DB)/passwd.db: /etc/dovecot/usersfile > @printf %s "$(patsubst %.db,%,$(@F))... " > @$(AWK) 'BEGIN { FS=":"; OFS=":" } \ > /^[ \t]*$$/ { next } \ > /^[ \t]*#/ { next } \ > /^root/ { next } \ > /^[^#]/ { printf ".%s ", $$1; \ > printf "%s:x:65534:65534:%s:/home/vmail/%s:/sbin/nologin\n", $$1, $$1, $$1; \ > }' $^ | \ > $(MAKEDB) -o $@ - > @echo "done." > > make -C /var/db > getent passwd ; shows > ... > virtualuser:x:65534:65534:virtualuser:/home/vmail/virtualuser:/sbin/nologin > othervuser:x:65534:65534:othervuser:/home/vmail/othervuser:/sbin/nologin > > A longer explanation and more info is in the github repository > > It takes about 10 minutes to go from new clean server to working email server > with thisThat does not really matter now does it?> I've been running this in production for about a week now without any problems. > > Question: > Has anyone else done this? I don't see any downsides, but I might be missing > something. >I do not really get the point of storing system users somewhere else. The distribution does not expect this, so maybe selinux rules are not applied, and security is less on this location. Why not just store them /etc/passwd. Other than that linux is probably the most robust handling users and auth, so having this done by the linux os, is always better than something like mysql.