postfix 2.0.16的虚拟投递代理文档
出处:施文建 作者:施文建 时间:2004-10-26 16:44:00
译文:postfix-2.0.16虚拟投递代理文档
原文:postfix-2.0.16 VIRTUAL_README
译者:施文建
时间:2004.5.26
This code was created by Andrew McNamara <andrew@connect.com.au>
and adapted to snapshot 20001121 by Xavier Beaudouin. It was merged
with mainstream Postfix for snapshot 20010128 by Wietse.
虚拟投递代理的代码由Andrew McNamara编写,由Xavier Beaudouin修改后加入到snapshot 200011221。在snapshot 20010128时,由Wietse并入postfix主要组成部分。
Purpose of this software
========================
本软件的目的
You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine.
你可以使用虚拟投递代理进行同一台服务器上某些或所有域的邮件投递。
(注:我注意到大家普通用虚拟别名来做多域。但是,虚拟投递代理也可以实现的。当然,用虚拟投递代理来实现多域,还是有不足之处。比如,它不能进行垃圾邮件的丢弃处理。)
This mechanism is different from virtual alias domains. Those
are implemented by translating every recipient address into a
different address. For that, see the virtual(5) manual page.
虚拟投递代理的机制不同于虚拟别名域。后者实现多域的方法是通过将每个接收者的地址转化为另一个不同地址。关于虚拟别名域的细节,请参考virtual(5)手册。
With the virtual delivery agent, every recipient adress can have
its own mailbox. There is no translation from recipient addresses
into different addresses.
使用虚拟投递代理,每个邮件接收地址都能有自己的邮箱。而且,不需要将接收者地址转化为不同的地址。
This is what Andrew McNamara wrote when he made the virtual delivery
agent available.
下面是Andrew McNamara在编写虚拟投递代理时所写的一段话:
"This code is designed for ISP's who offer virtual mail hosting.
It looks up the user mailbox location, uid and gid via separate
maps, and the mailbox location map can specify either mailbox or
maildir delivery (controlled by trailing slash on mailbox name).
这些代码为提供虚拟邮件服务的ISP而设计的。它通过多个单独的映射表,查找用户邮箱的位置,用户号和组号。邮箱位置表中,通过邮件名后的“/”来区别是mailbox格式或maildir格式的投递。
(注:假如查询得到的虚拟邮箱路径名是/var/spool/smail3k/tom,那么虚拟投递代理认为tom的邮箱是邮箱文件格式,是名为tom的文件。假如查到的是/var/spool/smail3k/tom/,那么虚拟投递代理认为tom的邮箱是邮件目录格式,是名为tom的目录。)
The agent allows but ignores user+foo address extensions, does not
support aliases or .forward files (use the virtual table instead),
and therefore doesn't support file or program aliases. This choice
was made to simplify and streamline the code (it allowed me to
dispense with 70% of local's code - mostly the bits that are a
security headache) - if you need this functionality, this agent
isn't for you.
虚拟投递代理允许user+foo地址的扩展,但忽略这种扩展。它不支持别名或转发文件(取而代之的是虚拟表),因而它不支持文件或程序的别名。这样做是为了使代码简化和更有效率(它使我免除70%的本地代码,而这些最有可能成为一个安全漏洞)。如果你需要这个功能,那么这个代理不适合你。
It also doesn't support writing to a common spool as root and then
chowning the mailbox to the user - I felt this functionality didn't
fit with my overall aims."
虚拟投递代理不支持以root的身份往一个公共池中写数据,然后将邮箱所有权改为用户的做法。我感觉这个功能不适合我的整体目标。
[End of Andrew McNamara's words]
Andrew McNamara的原话结束。
The result is the most secure local delivery agent that you will
find with Postfix.
以上设计目标的结果是虚拟投递代理成为postfix中最安全的本地投递代理。
This delivery agent requires three different lookup tables in order
to define its recipients as (mailbox path, user ID, group ID). This
is because Postfix table lookups can't return multiple results.
这个投递代理要求三张不同的查找表,以便于确定邮件的接收者(包括邮箱的路径、用户标识号、组标识号)。这是因为Postfix的表查询功能不能返回多个结果。
If your virtual mailboxes are all owned by the same user/group ID,
just specify "static" maps that always return the same result. See
below for examples.
如果全部的虚拟邮箱都是相同的用户/组标识号,那么只要指定“静态”映射就总能返回相同的结果。范例如后。
If your virtual mailboxes must be owned by different user/group
IDs, and if it is too inconvenient for you to maintain three parallel
tables, use an LDAP or MYSQL database (or generate the three parallel
tables from one common template).
如果你的虚拟邮箱必需使用不同的用户/组标识号,并且如果你觉得维护三张并行的表太困难,那么使用一个LDAP或MYSQL数据库来保存这些数据(或者从一个公共的模板中派生中三张并行的表)。
Configuration parameters
========================
配置参数
virtual_mailbox_base
虚拟邮箱主路径
Specifies a path that is prepended to all mailbox paths. This
is a safety measure to ensure an that out of control map doesn't
litter the filesystem with mailboxes (or worse). While it could
be set to "/", this isn't recommended.
此参数指定所有邮箱路径的前缀。这是一个安全措施,以确保失控的映射表不会在文件系统中乱丢邮箱(或者更糟)。然而,它是可以被设置成"/",但这样的做法不被推荐。
virtual_mailbox_domains
虚拟邮箱域
Specifies the list of domains that should be delivered to the
$virtual_transport delivery agent (default: virtual). As of
version 2.0, Postfix is smart enough that you don't have to
list every virtual domain in a Postfix transport map.
此参数指定一个域列表。表中的域的邮件都由$virtual_transport参数指定的投递代理
来负责投递(默认值为:virtual虚拟投递代理)。在2.0版中,Postfix有足够的智能处理这件事,所以用户没有必要非得在一个传递映射表中列出每一个虚拟域。
(注:本参数是在2.0.0 released 20021222中添加的。为了和旧版本兼容,新的$virtual_mailbox_domains参数默认使用$virtual_mailbox_maps值。这意味着仍可以象旧版本中一样,将关于一个域的所有信息保存在一个文件中。)
virtual_mailbox_maps
虚拟邮箱映射表
Recipients are looked up in this map to determine the path to
their mailbox. If the returned path ends in a slash ("/"),
maildir-style delivery is carried out, otherwise the path is
assumed to specify a mailbox file. The virtual_mailbox_base
directory is unconditionally prepended to this path. If the
recipient is not found the mail is bounced.
通过查找这张映射表,可以确定接收者的邮箱路径。如果返回的路径是以“/”结尾,那么邮件目录风格的投递被使用,否则就认为返回的路径是指定一个邮箱文件。virtual_mailbox_base参数指出的目录并不是一定要加到这个路径前面。(注:如果返回的路径是以“/”开始的,那么virtual_mailbox_base参数就不要用了)。如果没查到接收者,那么邮件被退回。
In a lookup table, specify a left-hand side of @domain.tld to
match any user in the specified domain that does not have her
own user@domain.tld entry. While searching a lookup table, an
address extension (user+foo@domain.tld) is ignored.
在一个查询表中,@domain.tld项用于匹配该域中的任意用户。(注:这一句我还没有完全理解透,请大伙纠正)。在搜索一个查询表时,地址扩展(user+foo@domain.tld)被忽略。
If a recipient is not found the mail is returned to the sender.
如果没有找到接收者,那么邮件被返回发件人。
Regular expression maps are allowed. For security reasons,
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
规则扩展映射表被允许。出于安全考虑,规则扩展的子项如$1等不被允许,因为它可能打开一个安全漏洞。
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
在使用虚拟投递代理之前,邮件服务器管理员需要先创建邮箱文件或邮件目录,并设置相应权限。
virtual_minimum_uid
虚拟用户最小标识号
Specifies a minimum uid that will be accepted as a return from
a virtual_uid_maps lookup. Returned values less than this will
be rejected, and the message will be deferred.
指定从虚拟用户标识号映射表返回值中可以被接受的最小值。小于这个值的返回值被拒绝,邮件消息被退回。
virtual_uid_maps
虚拟用户标识号映射表
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
在这个表中,查出接收人相应的用户标识号(表示属主权利)。当邮件被入目标邮箱时,此用户标识号被使用。
In a lookup table, specify a left-hand side of @domain.tld to
match any user in the specified domain that does not have a
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
Regular expression maps are allowed. For security reasons,
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
UID. For example, to specify that all mailboxes are owned by the
UID 5000, specify:
如果所有的邮箱都有相同的UID,那么指定一个静态映射。比如,指定所有的邮箱的UID都是5000,那么使用下面值
virtual_uid_maps = static:5000
virtual_gid_maps
虚拟用户组标识号映射表
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
这个表用于查找接收人相应的组标识号。当邮件写入目标邮箱时,此组标识号被使用。
In a lookup table, specify a left-hand side of @domain.tld to
match any user in the specified domain that does not have a
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
Regular expression maps are allowed. For security reasons,
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
GID. For example, to specify that all mailboxes are owned by the
GID 5000, specify:
virtual_gid_maps = static:5000
virtual_mailbox_lock
虚拟邮箱锁定
This setting is ignored in case of maildir delivery.
在邮件目录投递中,此设置值被忽略。
Locking method to use when updating a mailbox. Defaults to
fcntl or flock depending on the system. Depending on the POP
or IMAP server you may have to specify dotlock locking, which
requires that the recipient UID or GID has write access to the
parent directory of the mailbox file.
此参数指定更新一个邮箱时所使用的锁定方法。根据系统的情况,默认方式为fcntl或flock。根据POP或IMAP服务器,还可以使用dotlock锁定方式,这种方式要求收件人的UID或GID对邮箱的上级目录有写权限。
Use the "postconf -l" command to find out what locking methods
Postfix supports on your system.
使用“postconf -l”命令来查看你系统上的postfix使用哪种锁定方式。
virtual_mailbox_limit
虚拟邮箱限制
An upper limit on the size of a mailbox file or maildir file.
此参数设定邮箱文件或邮件目录的大小的限制值。
Example 1: using the virtual delivery agent for all local mail
==============================================================
例1:使用虚拟投递代理处理所有的本地邮件
This example does not use the Postfix local delivery agent at all.
With this configuration Postfix does no alias expansion, no .forward
file expansion, no lookups of recipients in /etc/passwd, and allows
but ignores user+foo address extensions.
本例根本没有使用postfix的本地投递代理。在这个配置中,postfix不能使用别名扩展功能,.forward文件扩展功能,不能查找在/etc/passwd中的收件人,允许但忽略user+foo地址扩展。
Instead of "hash" specify "dbm" or "btree", depending on your system
type. The command "postconf -m" displays possible lookup table
types.
本例使用了哈希表来保存数据。根据系统的类型,可以指定“dbm”或“btree”格式保存表数据。命令“postconf -m”显示可能的查询表类型。
/etc/postfix/main.cf:
# Don't send mail to the local delivery agent.
不使用本地投递代理
mydestination =
# All domains that are listed in $virtual_mailbox_domains
# are delivered via $virtual_transport, which is the virtual
# delivery agent by default.
列在$virtual_mailbox_domains参数中的所有域的邮件,都通过参数$virtual_transport指定的投递代理来投递,虚拟投递代理是默认值。
virtual_mailbox_domains =
$myhostname localhost.$mydomain virtual1.domain virtual2.domain
virtual_transport = virtual
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = hash:/etc/postfix/vuid
virtual_gid_maps = hash:/etc/postfix/vgid
Define a virtual delivery agent if the entry doesn't already exist:
在master.cf中定义一个虚拟投递代理项,如果没有的话。
/etc/postfix/master.cf:
virtual unix - n n - - virtual
Example recipients, one UNIX-style mailbox, one qmail-style maildir:
用户test1使用UNIX风格的邮箱文件,test2使用qmail风格的邮件目录。vmailbox表指定虚拟用户相应的邮箱,vuid表指定虚拟用户相应的UID,vgid指定虚拟用户相应的GID:
/etc/postfix/vmailbox:
test1@virtual1.domain test1
test2@virtual2.domain test2/
/etc/postfix/vuid:
test1@virtual1.domain 5001
test2@virtual2.domain 5002
/etc/postfix/vgid:
test1@virtual1.domain 5001
test2@virtual2.domain 5002
Execute something like the following commands for each mailbox recipient:
对于每个邮箱文件类型的接收人,执行以下的命令创建邮箱:
# touch /var/mail/vhosts/test1
# chown 5001:5001 /var/mail/vhosts/test1
Execute something like the following commands for each maildir recipient:
对于每个邮件目录风格的接收人,执行以下命令创建邮件目录:
# mkdir /var/mail/vhosts/test2
# chown 5002:5002 /var/mail/vhosts/test2
Be sure to make the necessary entries for root@$myhostname,
postmaster@$myhostname and for any other necessary addresses.
确保添加root@$myhostname,postmaster@$myhostname以及其他必要的邮件地址。
Example 2: co-existing with the default local delivery agent
============================================================
例2:与默认的本地投递代理共存
In this example, the default Postfix local delivery agent handles
the mail for non-virtual recipients; the virtual delivery agent
handles virtual recipients, and all virtual mailboxes are owned
by user ID 5000, group ID 5000.
在这个例子中,默认的postfix本地投递代理处理非虚拟接收人(用户),虚拟投递代理处理虚拟接收人(用户),所有的虚拟邮箱都使用用户标识号5000和组标识号5000。
Instead of "hash" specify "dbm" or "btree", depending on your system
type. The command "postconf -m" displays possible lookup table
types.
/etc/postfix/main.cf:
# All domains and users delivered by the virtual local delivery agent.
#所有域和用户由虚拟本地投递代理投递
virtual_transport = virtual
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# All domains and users delivered by the local delivery agent.
# local_recipient_maps is used by the SMTP server to reject mail
# for unknown users.
#所有域和用户由虚拟本地投递代理投递。
# local_recipient_maps参数值由SMTP服务使用,用于拒绝未知用户。
local_transport = local
mydestination = $myhostname $localhost.$mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf:
virtual unix - n n - - virtual
Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox:
test1@virtual1.domain test1
test2@virtual2.domain test2/
/etc/postfix/vmaildomains:
virtual1.domain required to prevent relay access denied errors
virtual2.domain required to prevent relay access denied errors
Execute something like the following commands for each mailbox recipient:
# touch /var/mail/vhosts/test1
# chown 5000:5000 /var/mail/vhosts/test1
Execute something like the following commands for each maildir recipient:
# mkdir /var/mail/vhosts/test2
# chown 5000:5000 /var/mail/vhosts/test2
Remember that each domain is required to have a postmaster contact
address.
注意,每个域都要求有一个postmaster的联系地址。
Example 3: hosting many virtual users
=====================================
例3:容纳大量虚拟用户
Example 2 is fine if you host only a few virtual users. With many
users you will want to separate the information that changes often
(the user addresses) from the information that changes rarely (the
names of hosted domains).
如果只处理少量的虚拟用户,那么例2是个好办法。随着用户数的增加,你将来希望把经常变化的信息(用户地址),同不常变化的信息(主机上的邮件域)分离开来。
This example is the same as above, with co-existing local and
virtual domains, but it uses a separate table for specifying the
virtual domain names.
本例与例2相同,本地域和虚拟域共存。但本例使用一个单独的表来指定虚拟域域名。
/etc/postfix/main.cf: # All domains and users delivered by the virtual local delivery agent.
virtual_transport = virtual virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_mailbox_domains = hash:/etc/postfix/vmaildomains virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000
# All domains and users delivered by the local delivery agent. # local_recipient_maps is used by the SMTP server to reject mail # for unknown users.
local_transport = local mydestination = $myhostname $localhost.$mydomain local_recipient_maps = unix:passwd.byname $alias_maps
Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf: virtual unix - n n - - virtual
Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox: test1@virtual1.domain test1 test2@virtual2.domain test2/
/etc/postfix/vmaildomains: virtual1.domain required to prevent relay access denied errors virtual2.domain required to prevent relay access denied errors
Execute something like the following commands for each mailbox recipient:
# touch /var/mail/vhosts/test1 # chown 5000:5000 /var/mail/vhosts/test1
Execute something like the following commands for each maildir recipient:
# mkdir /var/mail/vhosts/test2 # chown 5000:5000 /var/mail/vhosts/test2
Remember that each domain is required to have a postmaster contact address.
Example 4: forwarding mail for an old account to a new address ============================================================== 例4:将一个旧账号的邮件转发到新地址
In order to forward mail for a user who no longer exists, one would set up a rule in a virtual table (please ignore the text in the virtual configuration file about virtual domains): 为了转发一个已经不存在的用户的邮件,应该在虚拟表中建立一条规则(请忽略在虚拟配置文件中关于虚拟域的描述): (注:我认为这应该是虚拟别名干的活,怎么会写到虚拟投递代理中呢?它这样写难道是为了说明使用虚拟投递代理的情况下,如何做别名?)
/etc/postfix/main.cf: virtual_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual: old_user@old.domain new_user@new.domain
Example 5: setting up a virtual vacation autoresponder ====================================================== 例5:建立一个虚拟假期自动应答器(邮件自动回复)
In order to set up an autoreply for virtual recipients while still delivering mail as normal, set up a rule in a virtual table (please ignore the text in the virtual configuration file about virtual domains): 为了建立一个虚拟用户的自动应答器,同时虚拟用户还可以正常投递邮件,需要在虚拟表中创建一条规则(请忽略在虚拟配置文件中关于虚拟域的描述):
/etc/postfix/main.cf: virtual_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual: user@domain.tld user@domain.tld, user@autoreply.domain.tld
This delivers mail to the recipient, and sends a copy of the mail to the address that produces automatic replies. The address can be serviced on a different machine, or it can be serviced locally by setting up a transport map entry that pipes all mail for the autoreply.domain.tld into some script that sends an automatic reply back to the sender. 以上设置将信投递给接收人user@domain.tld的同时,也复制了一份原件发送给向产生自动回复的邮件地址user@autoreply.domain.tld。这个地址可以是在不同的服务器上,也可以是在本地。在本地的做法是创建一个传递映射表项,该表项将所有发向自动回复地址的邮件转到某个脚本上,该脚本将会发送自动回复给发件人 |
|
|
|
,