postfix-compatible local delivery agent sought - Debian

This is a discussion on postfix-compatible local delivery agent sought - Debian ; Hi, I have a new system with about 180 grandma users and 20 power users. Since the system has to do virtual mail hosting anyway, I gave virtual mailboxes to the 180 users and used virtual aliases to redirect mail ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: postfix-compatible local delivery agent sought

  1. postfix-compatible local delivery agent sought

    Hi,

    I have a new system with about 180 grandma users and 20 power users.
    Since the system has to do virtual mail hosting anyway, I gave
    virtual mailboxes to the 180 users and used virtual aliases to
    redirect mail for the 20 power users to their shell accounts. This
    all works.

    What we're lacking now is a consistent way to hook in on a per-user
    basis, but also for system-wide mail processing *after* postfix has
    determined the local user to be used for delivery.

    Postfix comes with local(8) and virtual(8), and they are both okay,
    but virtual cannot run commands (security feature), and local cannot
    run global commands.

    Theres mailbox_command, which we can use to delegate local delivery
    to another LDA:

    - there's procmail. It's a pig, and despite its weight, stench,
    and stiff-bristled feel, it does not honour /etc/aliases, and it
    cannot be used for virtual delivery.

    I prefer to stay away.

    - there's maildrop, which could be used as local and virtual
    replacement, but it does not listen to anyone telling it about
    $HOME, instead wants to determine the location itself (see
    #375589). This presents a problem unless the virtual
    architecture is done exactly the way the Courier folks want it,
    which is not an alternative.

    What I am looking for is a local delivery agent which I can hook
    into postfix (ideally as a transport), which will just listen to
    what postfix has to say and do stuff?

    I guess I could write a wrapper for maildrop, which drops privileges
    before calling maildrop, but that'll add the overhead of
    shell/perl/python/whatever for the wrapper.

    Until #375589 gets fixed (if ever), do you know of a performant LDA
    I could use with postfix, which provides a mail filter scripting
    interface (maildrop-compatible, ideally), but otherwise doesn't try
    to reinvent the wheel?

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    "mirrors should reflect a little before throwing back images."
    -- jean cocteau

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEoQj3IgvIgzMMSnURAuvBAKDTKGxZ2mA7rksc/4loZFctx153tgCg64Sb
    6JdHYV1/8DkZBejKxlAtwss=
    =zfkt
    -----END PGP SIGNATURE-----


  2. Re: postfix-compatible local delivery agent sought

    martin f krafft wrote:
    [..]
    > What we're lacking now is a consistent way to hook in on a per-user
    > basis, but also for system-wide mail processing *after* postfix has
    > determined the local user to be used for delivery.

    [...]

    Hm, you don't mention the POP/IMAP server you are using, but ideally
    Postfix delivers to cyrus via lmtp (no flames please ). If you do it
    that way and don't want to take a detour via procmail you would have to
    get comfortable with the sieve filter language, which is RFC-ed
    meanwhile. Cyrus implements sieve very well. And there are several
    suppoting tools out. I do not know if there is a procmail->sieve
    converter available.

    HTH, I hope I didn't miss the point

    rgds,
    Andreas


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: postfix-compatible local delivery agent sought

    also sprach Andreas John [2006.06.27.1342 +0200]:
    > Hm, you don't mention the POP/IMAP server you are using, but ideally
    > Postfix delivers to cyrus via lmtp (no flames please ).


    I don't think the choice of IMAP server should matter at all.
    I should be able to use multiple IMAP servers and still have it
    work, more or less.

    I use dovecot, simply because Cyrus is too complex and gives me no
    benefits over dovecot in the environments I have to admin.

    Anyway, I took a look at sieve, and it does not look like it can do
    what I want: it's a script to process existing mailboxes, not one to
    deliver into mailboxes.

    Also, while I can tell it to us a specific script, but I cannot seem
    to be able to tell it the base/home directory. And finally, it seems
    it cannot do Maildir.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    "being shot is not as bad as i always thought it might be.
    as long as you can keep the fear from your mind."
    -- special agent dale cooper

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEoTFaIgvIgzMMSnURAqw/AKCN0nwsg6W5wjiGUz0pn+1uMDmYjACgwo4l
    CU+vHI+mKJcOkCIpxzZIubw=
    =L8a1
    -----END PGP SIGNATURE-----


  4. Re: postfix-compatible local delivery agent sought

    martin f krafft wrote:
    [...]
    > Also, while I can tell it to us a specific script, but I cannot seem
    > to be able to tell it the base/home directory. And finally, it seems
    > it cannot do Maildir.


    Clearly: YES!

    Cyrus doesnt accept anything that modifies the "cyrus mailstore/dir", as
    it always keeps track of the mail in the users mailstore via indexes by
    itself and updates them if new mail is delivered. This speeds up the
    mail stuff a lot (even searching in mails via 'squatter')

    While I cannot imagine what you like to do with the the users Maildir
    that cannot be achieved with sieve, you surely have somethings very
    special

    BTW: Sieve can do all kinds of sorting, autoresponders etc. ... I give
    my users access to the sieve stuff via this great squirrelmail plugin:
    http://email.uoa.gr/projects/squirrelmail/avelsieve.php

    rgds,
    Andreas




    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: postfix-compatible local delivery agent sought

    also sprach Andreas John [2006.06.27.1744 +0200]:
    > > Also, while I can tell it to us a specific script, but I cannot seem
    > > to be able to tell it the base/home directory. And finally, it seems
    > > it cannot do Maildir.

    >
    > Clearly: YES!


    Ah, then I misunderstood.

    > While I cannot imagine what you like to do with the the users Maildir
    > that cannot be achieved with sieve, you surely have somethings very
    > special


    I don't know about that. I just want Maildir instead of mbox, and
    I want a reasonable mail filter for *all* users.

    > BTW: Sieve can do all kinds of sorting, autoresponders etc. ...
    > I give my users access to the sieve stuff via this great
    > squirrelmail plugin:
    > http://email.uoa.gr/projects/squirrelmail/avelsieve.php


    I don't use squirrelmail (it's PHP), but I'll check it out. Dovecot
    LDA, suggested by Alex (reply pending), also uses sieve.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    "america may be unique in being a country which has leapt
    from barbarism to decadence without touching civilization."
    -- john o'hara

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEoX/pIgvIgzMMSnURAjCwAKDUcBLMrCVixMbDgifU8odrGKNPKQCg4 gEr
    KZXlAsILJymCAe3iNhEoT0U=
    =z+te
    -----END PGP SIGNATURE-----


  6. Re: postfix-compatible local delivery agent sought



    --On June 27, 2006 3:23:38 PM +0200 martin f krafft
    wrote:

    > also sprach Andreas John [2006.06.27.1342 +0200]:
    >> Hm, you don't mention the POP/IMAP server you are using, but ideally
    >> Postfix delivers to cyrus via lmtp (no flames please ).

    >
    > I don't think the choice of IMAP server should matter at all.
    > I should be able to use multiple IMAP servers and still have it
    > work, more or less.
    >
    > I use dovecot, simply because Cyrus is too complex and gives me no
    > benefits over dovecot in the environments I have to admin.
    >
    > Anyway, I took a look at sieve, and it does not look like it can do
    > what I want: it's a script to process existing mailboxes, not one to
    > deliver into mailboxes.
    >
    > Also, while I can tell it to us a specific script, but I cannot seem
    > to be able to tell it the base/home directory. And finally, it seems
    > it cannot do Maildir.


    Not sure which 'it' you're talking about when you say it. Postfix is
    completely capable of doing Maildir delivery. Cyrus maintains it's own
    mail stores and system. You don't access the stores directly, ever. You
    go via IMAP, POP3, LMTP or other supported protocols (I think IMAP and POP3
    are it for right now, but nothings stopping anyone from writing in others).

    I've found cyrust to be a LOT more flexible in larger environments
    precisely because it doesn't do Maildir. Users screw up their home
    directories. They also don't understand much of anything. There are the
    exceptions obviously. Also it means that each and every user doesn't
    necessarily *need* a unix login and password.




    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  7. Re: postfix-compatible local delivery agent sought

    also sprach Michael Loftis [2006.06.27.2057 +0200]:
    > >Also, while I can tell it to us a specific script, but I cannot seem
    > >to be able to tell it the base/home directory. And finally, it seems
    > >it cannot do Maildir.

    >
    > Not sure which 'it' you're talking about when you say it.


    Sieve, but I erred.

    > I've found cyrust to be a LOT more flexible in larger environments
    > precisely because it doesn't do Maildir. Users screw up their
    > home directories. They also don't understand much of anything.
    > There are the exceptions obviously. Also it means that each and
    > every user doesn't necessarily *need* a unix login and password.


    They don't need that with a normal vmail setup either.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    scientists will study your brain to learn
    more about your distant cousin, man.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEoYJ+IgvIgzMMSnURAvPbAKCaJkmDismpS51AUxV3bj RaIo+x4gCeKHkZ
    ewgLW9+kBm1oEmjlNNRF7E4=
    =fFvj
    -----END PGP SIGNATURE-----


  8. Re: postfix-compatible local delivery agent sought

    Hello,
    Can anyone tell me where can I get open source video
    conference tools? Are there any tools which support
    SIP based video conference?
    Best regards.


    ,''`. Ozgur Karatas
    : :' : ozgur@ozgurkaratas.com
    `. `' http://www.ozgurkaratas.com
    `- Powered By Debian GNU\Linux



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  9. Re: postfix-compatible local delivery agent sought

    On Tue, Jun 27, 2006 at 12:31:20PM +0200, martin f krafft wrote:
    > Theres mailbox_command, which we can use to delegate local delivery
    > to another LDA:
    >
    > - there's procmail. It's a pig, and despite its weight, stench,
    > and stiff-bristled feel, it does not honour /etc/aliases, and it
    > cannot be used for virtual delivery.


    huh? it's not a local delivery agent's job to honour /etc/aliases -
    aliases should be resolved (by the MTA) long before any mail gets handed
    to an LDA.

    also, procmail CAN be used for virtual delivery. create a single
    virtual user (with its own ~/.procmailrc). e.g. with login name "virt".
    configure postfix to deliver user@virtual.domain to virt+user@localhost,
    and use rules in ~virt/.procmailrc to decide which mailbox to deliver
    mail to. works for maildir and mbox.

    it may not be what you WANT to use, but it CAN do what you need.



    > Until #375589 gets fixed (if ever), do you know of a performant LDA
    > I could use with postfix, which provides a mail filter scripting
    > interface (maildrop-compatible, ideally), but otherwise doesn't try
    > to reinvent the wheel?


    with under 200 users and assuming reasonably modern hardware,
    performance is not going to be a serious issue no matter what LDA you
    end up using. the bulk of the processing time for email is going to be
    spamassassin if you use it, and that's going to be the same regardless
    of the LDA.


    craig

    --
    craig sanders (part time cyborg)


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  10. Re: postfix-compatible local delivery agent sought

    On Tue, Jun 27, 2006 at 12:31:20PM +0200, martin f krafft wrote:
    > I have a new system with about 180 grandma users and 20 power users.
    > Since the system has to do virtual mail hosting anyway, I gave
    > virtual mailboxes to the 180 users and used virtual aliases to
    > redirect mail for the 20 power users to their shell accounts. This
    > all works.


    another option is to just give unix accounts (shell=/bin/false) to the
    virtual users.

    with <200 users, is it worth the hassle of a virtual mail setup?


    craig

    --
    craig sanders (part time cyborg)


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  11. Re: postfix-compatible local delivery agent sought

    also sprach Craig Sanders [2006.06.28.0853 +0200]:
    > with under 200 users and assuming reasonably modern hardware,
    > performance is not going to be a serious issue no matter what LDA you
    > end up using. the bulk of the processing time for email is going to be
    > spamassassin if you use it, and that's going to be the same regardless
    > of the LDA.


    Well, mail volume is above 70000/day, so it's quite busy.

    But the real point is that I don't want to use procmail ever again.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    oxymoron: micro$oft works

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEojebIgvIgzMMSnURAqMkAKDKuYLIuQPbJ5ZfbiZhlO/I/rAVNQCeI2pd
    +/YJY4jPeVhAP934a0f/1gQ=
    =Afdt
    -----END PGP SIGNATURE-----


  12. Re: postfix-compatible local delivery agent sought

    also sprach Craig Sanders [2006.06.28.0855 +0200]:
    > another option is to just give unix accounts (shell=/bin/false) to the
    > virtual users.
    >
    > with <200 users, is it worth the hassle of a virtual mail setup?


    I failed to mention that there are several come-and-go domains that
    need to be added and removed in the future as projects come and go.
    They want virtual hosting.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    i feel like i'm diagonally parked in a parallel universe.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEojfsIgvIgzMMSnURAoBxAKCgicDmvYbDG1KGDD9SLB caa/9LBgCfaYoI
    6XLw35DF8VkHp8IWDJELTYc=
    =OeRA
    -----END PGP SIGNATURE-----


  13. Re: postfix-compatible local delivery agent sought

    also sprach Ozgur Karatas [2006.06.28.0858 +0200]:
    > Can anyone tell me where can I get open source video
    > conference tools? Are there any tools which support
    > SIP based video conference?


    Not if you reply to unrelated messages. And this may not be the
    right list.

    --
    Please do not send copies of list mail to me; I read the list!

    .''`. martin f. krafft
    : :' : proud Debian developer and author: http://debiansystem.info
    `. `'`
    `- Debian - when you have better things to do than fixing a system

    echo Prpv a\'rfg cnf har cvcr | tr Pacfghnrvp Cnpstuaeic

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)

    iD8DBQFEojggIgvIgzMMSnURArM3AKDXQuor13ukcgXq8YT9wY GIHrIZWACcCkyU
    o5h9sYbtH5luKT2vQjgdO8Y=
    =hCRE
    -----END PGP SIGNATURE-----


+ Reply to Thread