It is very common these days for a single system to host many
domains. For instance, arkum.ch and akadia.com might run on a single host, but act
as if they were two totally different hosts. A system usually has a canonical
domain, which is considered its usual or common domain name. Additional domains
are configured as virtual domains. Each virtual domain can host services such
as web sites and email as if it were the only domain on a server.
To determine which technique or techniques you need, you must
decide how Postfix should deliver messages for virtual domains. There are two
important considerations that influence how you should configure Postfix for hosting
multiple domains:
-
Should your domains have separate namespaces? For example,
should mail for the two addresses info@arkum.ch and info@akadia.com
go to the same mailbox or separate ones?
-
Does every user require a local account? We'll make the
distinction between local accounts that are real Unix accounts on your
system and virtual accounts. With virtual accounts, users can have
mailboxes on your server, but don't otherwise log in to the system and don't
require an entry in /etc/passwd.
Consider the four different ways Postfix can handle mail for
virtual domains:
-
Shared mailboxes with system accounts
-
Separate mailboxes with system accounts
-
Separate mailboxes with virtual accounts (shown in this
Article)
Your POP/IMAP server will be a major factor in deciding which
technique you need. If your POP/IMAP server does not understand virtual domains, then
it will most likely require that you have system accounts for all addresses. Some
POP/IMAP servers inherently support multiple domains, and deliver messages into a
particular directory structure on the local filesystem. Other POP/IMAP servers use
their own proprietary message store. Postfix can hand off messages to them using
LMTP.
The drawback for the two first techniques is that you must maintain system
accounts for all email addresses on your server. As the number of domains you host
increases, so does the effort to maintain all the accounts. In particular, if users
only receive email at your server, and don't otherwise log in, you probably don't
want to have to create system accounts for each one. Instead, configure Postfix to
deliver to a local message store where each virtual email address can have its own
mailbox file. Your users then retrieve their messages through a POP/IMAP
server.
The local message store works much like normal local delivery, but
it doesn't require a one-to-one correspondence between each mail file and a local
user account. For this configuration, list each virtual domain in the
virtual_mailbox_domains parameter:
virtual_mailbox_domains = arkum.ch
If you have many domains, you can list them in a file and point
virtual_mailbox_domains to the file:
virtual_mailbox_domains = /usr/local/postfix/etc/virtual_domains
The file virtual_domains then contains a line for each
domain:
#
# virtual_domains
#
arkum.ch
arkum.com
opal.ch
opal.com
Virtual domains listed in virtual_mailbox_domains are
delivered by the virtual delivery agent, which is actually a streamlined
version of the local delivery agent. It makes deliveries in a highly secure and
efficient manner, but local aliases, .forward files, and mailing list programs are
not available.
When setting up the virtual mailboxes, you should structure the
directories to accommodate the expectations of your POP/IMAP server. Let's assume for
this explanation that the virtual mailboxes are all located below the base directory
/var/spool/mail. Each virtual domain has its own subdirectory below that, so
that you have directories like the following:
/var/spool/mail/arkum.ch
/var/spool/mail/arkum.com
/var/spool/mail/opal.ch
/var/spool/mail/opal.com
This is a common configuration for POP/IMAP servers that
support virtual hosting. Below each domain subdirectory are the mail files for
each user. Indicate to Postfix the base directory of the mail store with the
virtual_mailbox_base parameter:
virtual_mailbox_base = /var/spool/mail
You must create a lookup file that maps email addresses to their
mailbox files. Specify the lookup table with the virtual_mailbox_maps
parameter:
virtual_mailbox_maps = hash:/usr/local/postfix/etc/virtual_mailbox
Every user receiving mail to a virtual mailbox file must have an
entry in a Postfix lookup table. The mailbox file is specified relative to
virtual_mailbox_base. Mail files can use either mbox or maildir format. To use
maildir format, include a slash at the end of the filename. A virtual mailbox map
file looks like the following:
#
# virtual_mailbox
#
mueller@arkum.ch arkum.ch/mueller
hans.mueller@arkum.ch arkum.ch/mueller
meier@arkum.ch
arkum.ch/meier
roland.meier@arkum.ch
arkum.ch/meier
The email address mueller@arkum.ch goes to a different
mailbox from the address meier@arkum.ch.
The virtual mailbox files must be owned by a user account and
associated with a group on your system. How your users retrieve their messages
determines what the ownership of mailbox files should be. Often, your POP/IMAP server
executes under its own account and expects all of the mailbox files to be owned by
this user, but if necessary, Postfix lets you configure ownership for mailbox files
in any way you need. Each can be owned by a separate user, or one user can own all of
the mailboxes for one domain, while a different user owns the mailboxes of
another.
The virtual_uid_maps and virtual_gid_maps parameters
determine the owner and group Postfix uses when making deliveries to virtual mailbox
files. You can specify that all of the virtual mailboxes should be owned by the same
user account with the static map type. Assume, for this example, that you have
created an account called vmail that has a UID of 404, and a group called vmail that has a GID of 400. You want all of the virtual mailbox files to be owned by this user and
group.
Set the virtual_uid_maps and virtual_gid_maps
parameters in main.cf:
virtual_uid_maps = static:404
virtual_gid_maps = static:400
If you want to use different UIDs for different mailbox files, you
must create a lookup file that maps the addresses to the UIDs. Then point the mapping
parameter to your lookup file:
virtual_uid_maps = hash:/usr/local/postfix/etc/virtual_uids
virtual_gid_maps =
hash:/usr/local/postfix/etc/virtual_gids
The file /usr/local/postfix/etc/virtual_uids contains entries like the following, with each address
mapped to the correct UID. In this case, the mailboxes for mueller@arkum.ch
use one ID and those for meier@arkum.ch use another:
#
# virtual_uids
#
mueller@arkum.ch 404
meier@arkum.ch 405
