Zurück

Postfix - Hosting Multiple Domains with Virtual Accounts


Overview

It is very common these days for a single system to host many domains. For instance, arkum.ch and akadia.com might run on a single host, but act as if they were two totally different hosts. A system usually has a canonical domain, which is considered its usual or common domain name. Additional domains are configured as virtual domains. Each virtual domain can host services such as web sites and email as if it were the only domain on a server.

To determine which technique or techniques you need, you must decide how Postfix should deliver messages for virtual domains. There are two important considerations that influence how you should configure Postfix for hosting multiple domains:

  • Should your domains have separate namespaces? For example, should mail for the two addresses info@arkum.ch and info@akadia.com go to the same mailbox or separate ones?
     

  • Does every user require a local account? We'll make the distinction between local accounts that are real Unix accounts on your system and virtual accounts. With virtual accounts, users can have mailboxes on your server, but don't otherwise log in to the system and don't require an entry in /etc/passwd.

Consider the four different ways Postfix can handle mail for virtual domains:

  • Shared mailboxes with system accounts

  • Separate mailboxes with system accounts

  • Separate mailboxes with virtual accounts (shown in this Article)

Your POP/IMAP server will be a major factor in deciding which technique you need. If your POP/IMAP server does not understand virtual domains, then it will most likely require that you have system accounts for all addresses. Some POP/IMAP servers inherently support multiple domains, and deliver messages into a particular directory structure on the local filesystem. Other POP/IMAP servers use their own proprietary message store. Postfix can hand off messages to them using LMTP.

Separate mailboxes with virtual accounts

The drawback for the two first techniques is that you must maintain system accounts for all email addresses on your server. As the number of domains you host increases, so does the effort to maintain all the accounts. In particular, if users only receive email at your server, and don't otherwise log in, you probably don't want to have to create system accounts for each one. Instead, configure Postfix to deliver to a local message store where each virtual email address can have its own mailbox file. Your users then retrieve their messages through a POP/IMAP server.

The local message store works much like normal local delivery, but it doesn't require a one-to-one correspondence between each mail file and a local user account. For this configuration, list each virtual domain in the virtual_mailbox_domains parameter:

virtual_mailbox_domains = arkum.ch

If you have many domains, you can list them in a file and point virtual_mailbox_domains to the file:

virtual_mailbox_domains = /usr/local/postfix/etc/virtual_domains

The file virtual_domains then contains a line for each domain:

#
#
  virtual_domains
#
arkum.ch
arkum.com
opal.ch
opal.com

Virtual domains listed in virtual_mailbox_domains are delivered by the virtual delivery agent, which is actually a streamlined version of the local delivery agent. It makes deliveries in a highly secure and efficient manner, but local aliases, .forward files, and mailing list programs are not available.

When setting up the virtual mailboxes, you should structure the directories to accommodate the expectations of your POP/IMAP server. Let's assume for this explanation that the virtual mailboxes are all located below the base directory /var/spool/mail. Each virtual domain has its own subdirectory below that, so that you have directories like the following:

/var/spool/mail/arkum.ch
/var/spool/mail/arkum.com
/var/spool/mail/opal.ch
/var/spool/mail/opal.com

This is a common configuration for POP/IMAP servers that support virtual hosting. Below each domain subdirectory are the mail files for each user. Indicate to Postfix the base directory of the mail store with the virtual_mailbox_base parameter:

virtual_mailbox_base = /var/spool/mail

You must create a lookup file that maps email addresses to their mailbox files. Specify the lookup table with the virtual_mailbox_maps parameter:

virtual_mailbox_maps = hash:/usr/local/postfix/etc/virtual_mailbox

Every user receiving mail to a virtual mailbox file must have an entry in a Postfix lookup table. The mailbox file is specified relative to virtual_mailbox_base. Mail files can use either mbox or maildir format. To use maildir format, include a slash at the end of the filename. A virtual mailbox map file looks like the following:

#
#
  virtual_mailbox
#
mueller@arkum.ch
        arkum.ch/mueller
hans.mueller@arkum.ch
   arkum.ch/mueller
meier@arkum.ch           arkum.ch/meier
roland.meier@arkum.ch    arkum.ch/meier

The email address mueller@arkum.ch goes to a different mailbox from the address meier@arkum.ch.

Mailbox File Ownership

The virtual mailbox files must be owned by a user account and associated with a group on your system. How your users retrieve their messages determines what the ownership of mailbox files should be. Often, your POP/IMAP server executes under its own account and expects all of the mailbox files to be owned by this user, but if necessary, Postfix lets you configure ownership for mailbox files in any way you need. Each can be owned by a separate user, or one user can own all of the mailboxes for one domain, while a different user owns the mailboxes of another.

The virtual_uid_maps and virtual_gid_maps parameters determine the owner and group Postfix uses when making deliveries to virtual mailbox files. You can specify that all of the virtual mailboxes should be owned by the same user account with the static map type. Assume, for this example, that you have created an account called vmail that has a UID of 404, and a group called vmail that has a GID of 400. You want all of the virtual mailbox files to be owned by this user and group.

Set the virtual_uid_maps and virtual_gid_maps parameters in main.cf:

virtual_uid_maps = static:404
virtual_gid_maps = static:
400

If you want to use different UIDs for different mailbox files, you must create a lookup file that maps the addresses to the UIDs. Then point the mapping parameter to your lookup file:

virtual_uid_maps = hash:/usr/local/postfix/etc/virtual_uids
virtual_
gid_maps = hash:/usr/local/postfix/etc/virtual_gids

The file /usr/local/postfix/etc/virtual_uids contains entries like the following, with each address mapped to the correct UID. In this case, the mailboxes for mueller@arkum.ch use one ID and those for meier@arkum.ch use another:

#
# virtual_uids
#
mueller@arkum.ch
   404
meier@arkum.ch     405