Hello,
I am trying to build a flexible mail system using different combinations
of mailing softwares (eg. Postfix & maildrop & Dovecot, Exim & Dovecot,
qmail & maildrop & Courier IMAP ...), at any time system administrator
may decide to interchange between combinations without making a design
change. For that purpose I have chosen a hierarchy like this for storing
mails (I am using qmail style Maildirs by the way):
/var/mailsystem
|-- user1
| |-- user1dom1.net
| | |-- mailus...@user1dom1.net
| | | `-- Maildir
| | `-- mailus...@user1dom1.net
| | `-- Maildir
| `-- user1dom2.net
| `-- m...@user1dom2.net
| `-- Maildir
`-- user2
`-- user2dom.net
`-- testu...@user2dom.net
`-- Maildir
user1and user2 are Unix system users that may have zero or more mail
accounts associated with their zero or more domains.
/var/mailsystem/[user] directory and all its subdirectories owned by
Unix system user [user] and have 0700 file permissions.
When I use Postfix as MTA and maildrop as MDA, I have encountered a mail
delivery problem related with user permissions. Here is my virtual
trasnport line for maildrop in Postfix's master.cf file.
maildrop unix - n n - - pipe
flags=DRhu user=user1 argv=/usr/local/bin/maildrop -V 6 -w 90
/var/mailsystem/user1/${nexthop}/${us...@${nexthop}/maildrop.rc
As you can see this only works for user user1 because of hardcoded user1
in service parameters. What I want to is to dynamically set
corresponding user so that Postfix can invoke maildrop with that user's
permissions and mail delivery be made with the correct user rights.
A solution for this problem may be setting maildrop's user id to root
but since they may cause security compromise I don't like suid binaries.
