[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: virtuser and passwd
On Thu, Feb 24, 2005 at 11:36:04PM +0100, Bartosz Krajnik wrote:
> Hello,
> After reading guides/virtusers I don't know how to
> exclude local passwd users.
> I need to check only fqdnaliases and aliases - not
> local users from passwd.
>
> I.e.
> /etc/passwd:
> aaa:x:65534:65534::/a/a/a:/bin/false
>
> fqdnaliases:
> a@domain: aaa
>
> After rcpt to:<aaa@domain>
> MTA should write - novirtuser.
>
> How to do this?
The problem as I see is your wish to use also local aliases
to pick valid recipients.
The doc/guides/virtusers is rather old document, and
there are many new ways to do it.
Presently I am doing it with:
a) fqdnaliases mapping user1@domain1 to some other
local or remote addresses
b) routes telling that for domain1 is invalid:
domain1 error!novirtuser!-
c) localnames NOT listing domain1 in it
d) smtp-policy.mx DOES list domain1 in it!
(but letting "I handle all where I am MX" - in smtp-policy.src
boilerplate, will also do it, although is subject to DNS working
and having suitable data.)
e) Smtpserver running with interactive router subsystem
f) zmailer.conf SMTPOPTIONS="-s strict -s ftve ..."
g) in smtpserver.conf the HELO-patterns must also have 'ft'
letters in them.
However...
An alternate to b) routes and c) localnames db is to use a
fqdnroutes definition like this:
@domain1 error!nosuchuser
which in combination of a) listing all valid addresses in fully
qualified form will result in rejection of everything else.
( And c) listing locally accepted domains. )
Now if you want to have a number of local 'aliases' verified
for valid expansions ... please do consider rewriting them
as fqdnaliases entries. If you can't be persuaded to not
to use 'aliases', then you will probably need to modify your
router's aliases.cf file. You will also need listing
locally accepted domains in 'localnames' database.
It is possible to have domain1 strictly virtual, while
domain2 is classical UNIX user thingie with aliases, etc.
I don't see any easy way to have a domain3 where local
aliases are valid, but getpwnam() won't find anything.
> Thanks.
>
> Best regards,
> Bartek.
--
/Matti Aarnio <mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi