[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: virtuser and passwd

On Thu, Feb 24, 2005 at 11:36:04PM +0100, Bartosz Krajnik wrote:
> Hello,
> After reading guides/virtusers I don't know how to
> exclude local passwd users.
> I need to check only fqdnaliases and aliases - not
> local users from passwd.
> I.e.
> /etc/passwd:
> aaa:x:65534:65534::/a/a/a:/bin/false
> fqdnaliases:
> a@domain:	aaa
> After rcpt to:<aaa@domain>
> MTA should write - novirtuser.
> How to do this?

The problem as I see is your wish to use also local aliases
to pick valid recipients.

The   doc/guides/virtusers   is rather old document, and
there are many new ways to do it.

Presently I am doing it with:

a)  fqdnaliases    mapping  user1@domain1 to some other
                   local or remote addresses
b)  routes         telling that for domain1 is invalid:
                       domain1   error!novirtuser!-
c)  localnames     NOT listing   domain1  in it
d)  smtp-policy.mx DOES list     domain1  in it!
     (but letting "I handle all where I am MX" - in smtp-policy.src
      boilerplate, will also do it, although is subject to DNS working
      and having suitable data.)

e)  Smtpserver running with interactive router subsystem
f)    zmailer.conf   SMTPOPTIONS="-s strict -s ftve ..."
g)  in  smtpserver.conf  the HELO-patterns must also have 'ft'
    letters in them.


An alternate to  b)  routes  and c) localnames db is to use a
fqdnroutes   definition like this:
    @domain1    error!nosuchuser
which in combination of  a)  listing all valid addresses in fully
qualified form will result in rejection of everything else.
( And c) listing locally accepted domains. )

Now if you want to have a number of local 'aliases' verified
for valid expansions ...  please do consider rewriting them
as  fqdnaliases  entries.  If you can't be persuaded to not
to use 'aliases', then you will probably need to modify your
router's   aliases.cf   file.  You will also need listing
locally accepted domains in 'localnames' database.

It is possible to have   domain1  strictly virtual, while
domain2 is classical UNIX user thingie with aliases, etc.
I don't see any easy way to have a  domain3  where local
aliases are valid, but getpwnam() won't find anything.

> Thanks.
> Best regards,
> 	Bartek.

/Matti Aarnio	<mea@nic.funet.fi>
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi