RobinsStuff.PostfixAndMySQL History
Hide minor edits - Show changes to markup
Qo4g1O? http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-atlantis.html big fish games atlantis http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-aveyond.html big fish games aveyond http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-bubblez.html big fish games bubblez http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-build-a-lot.html big fish games build a lot http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-burger.html big fish games burger http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-cracked.html big fish games cracked http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-download.html big fish games download http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-escape-from-paradise.html big fish games escape from paradise http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-escape-the-museum.html big fish games escape the museum http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-fish-tycoon.html big fish games fish tycoon http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-for-mac.html big fish games for mac http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-forum.html big fish games forum http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-free-download.html big fish games free download http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-free-online.html big fish games free online http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-games.html big fish games games http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-mac.html big fish games mac http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-online.html big fish games online http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-seattle.html big fish games seattle http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-toolbar.html big fish games toolbar http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games.html big fish games
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
GGC9vL? http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-avon.html beaver creek avon http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-charter.html beaver creek charter http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-cinemas.html beaver creek cinemas http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-club.html beaver creek club http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-co.html beaver creek co http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-colorado-ski.html beaver creek colorado ski http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-colorado.html beaver creek colorado http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-hyatt.html beaver creek hyatt http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-in-colorado.html beaver creek in colorado http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-mountain.html beaver creek mountain http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-movies.html beaver creek movies http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-park-hyatt.html beaver creek park hyatt http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-resort.html beaver creek resort http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ritz-carlton.html beaver creek ritz carlton http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ritz.html beaver creek ritz http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ski-resort.html beaver creek ski resort http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ski.html beaver creek ski http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-snow.html beaver creek snow http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-valley.html beaver creek valley http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek.html beaver creek
Qo4g1O? http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-atlantis.html big fish games atlantis http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-aveyond.html big fish games aveyond http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-bubblez.html big fish games bubblez http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-build-a-lot.html big fish games build a lot http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-burger.html big fish games burger http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-cracked.html big fish games cracked http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-download.html big fish games download http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-escape-from-paradise.html big fish games escape from paradise http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-escape-the-museum.html big fish games escape the museum http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-fish-tycoon.html big fish games fish tycoon http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-for-mac.html big fish games for mac http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-forum.html big fish games forum http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-free-download.html big fish games free download http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-free-online.html big fish games free online http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-games.html big fish games games http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-mac.html big fish games mac http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-online.html big fish games online http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-seattle.html big fish games seattle http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games-toolbar.html big fish games toolbar http://groups.google.com/group/TheodoreDanielSteele-mge/web/big-fish-games.html big fish games
qROnZD http://groups.google.com/group/RaymonFranklin-rtu/web/barking-abbey-school.html barking abbey school http://groups.google.com/group/RaymonFranklin-rtu/web/barking-abbey.html barking abbey http://groups.google.com/group/RaymonFranklin-rtu/web/barking-and-dagenham-council.html barking and dagenham council http://groups.google.com/group/RaymonFranklin-rtu/web/barking-and-dagenham.html barking and dagenham http://groups.google.com/group/RaymonFranklin-rtu/web/barking-college.html barking college http://groups.google.com/group/RaymonFranklin-rtu/web/barking-cough.html barking cough http://groups.google.com/group/RaymonFranklin-rtu/web/barking-crab-boston.html barking crab boston http://groups.google.com/group/RaymonFranklin-rtu/web/barking-crab.html barking crab http://groups.google.com/group/RaymonFranklin-rtu/web/barking-dagenham.html barking dagenham http://groups.google.com/group/RaymonFranklin-rtu/web/barking-dogs-stop.html barking dogs stop http://groups.google.com/group/RaymonFranklin-rtu/web/barking-frog.html barking frog http://groups.google.com/group/RaymonFranklin-rtu/web/barking-hound-village.html barking hound village http://groups.google.com/group/RaymonFranklin-rtu/web/barking-hound.html barking hound http://groups.google.com/group/RaymonFranklin-rtu/web/barking-lot.html barking lot http://groups.google.com/group/RaymonFranklin-rtu/web/barking-mad.html barking mad http://groups.google.com/group/RaymonFranklin-rtu/web/barking-village.html barking village http://groups.google.com/group/RaymonFranklin-rtu/web/barkingbill.html barkingbill http://groups.google.com/group/RaymonFranklin-rtu/web/barkingcarnival.html barkingcarnival http://groups.google.com/group/RaymonFranklin-rtu/web/barkingcollege.html barkingcollege http://groups.google.com/group/RaymonFranklin-rtu/web/barkingduck.html barkingduck
GGC9vL? http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-avon.html beaver creek avon http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-charter.html beaver creek charter http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-cinemas.html beaver creek cinemas http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-club.html beaver creek club http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-co.html beaver creek co http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-colorado-ski.html beaver creek colorado ski http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-colorado.html beaver creek colorado http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-hyatt.html beaver creek hyatt http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-in-colorado.html beaver creek in colorado http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-mountain.html beaver creek mountain http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-movies.html beaver creek movies http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-park-hyatt.html beaver creek park hyatt http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-resort.html beaver creek resort http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ritz-carlton.html beaver creek ritz carlton http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ritz.html beaver creek ritz http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ski-resort.html beaver creek ski resort http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-ski.html beaver creek ski http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-snow.html beaver creek snow http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek-valley.html beaver creek valley http://groups.google.com/group/SamuelJimenez-mhs/web/beaver-creek.html beaver creek
3eKjwo http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-bank.html barclay bank http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-intercontinental-new-york.html barclay intercontinental new york http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-intercontinental.html barclay intercontinental http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-new-york.html barclay new york http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-ny.html barclay ny http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-prime.html barclay prime http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-william.html barclay william http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay.html barclay http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-capital.html barclays capital http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-card.html barclays card http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-credit-card.html barclays credit card http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-golf.html barclays golf http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-india.html barclays india http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-international.html barclays international http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-league.html barclays league http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-plc.html barclays plc http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premier-league.html barclays premier league http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premier.html barclays premier http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premiership.html barclays premiership http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-york.html barclays york
qROnZD http://groups.google.com/group/RaymonFranklin-rtu/web/barking-abbey-school.html barking abbey school http://groups.google.com/group/RaymonFranklin-rtu/web/barking-abbey.html barking abbey http://groups.google.com/group/RaymonFranklin-rtu/web/barking-and-dagenham-council.html barking and dagenham council http://groups.google.com/group/RaymonFranklin-rtu/web/barking-and-dagenham.html barking and dagenham http://groups.google.com/group/RaymonFranklin-rtu/web/barking-college.html barking college http://groups.google.com/group/RaymonFranklin-rtu/web/barking-cough.html barking cough http://groups.google.com/group/RaymonFranklin-rtu/web/barking-crab-boston.html barking crab boston http://groups.google.com/group/RaymonFranklin-rtu/web/barking-crab.html barking crab http://groups.google.com/group/RaymonFranklin-rtu/web/barking-dagenham.html barking dagenham http://groups.google.com/group/RaymonFranklin-rtu/web/barking-dogs-stop.html barking dogs stop http://groups.google.com/group/RaymonFranklin-rtu/web/barking-frog.html barking frog http://groups.google.com/group/RaymonFranklin-rtu/web/barking-hound-village.html barking hound village http://groups.google.com/group/RaymonFranklin-rtu/web/barking-hound.html barking hound http://groups.google.com/group/RaymonFranklin-rtu/web/barking-lot.html barking lot http://groups.google.com/group/RaymonFranklin-rtu/web/barking-mad.html barking mad http://groups.google.com/group/RaymonFranklin-rtu/web/barking-village.html barking village http://groups.google.com/group/RaymonFranklin-rtu/web/barkingbill.html barkingbill http://groups.google.com/group/RaymonFranklin-rtu/web/barkingcarnival.html barkingcarnival http://groups.google.com/group/RaymonFranklin-rtu/web/barkingcollege.html barkingcollege http://groups.google.com/group/RaymonFranklin-rtu/web/barkingduck.html barkingduck
j3u9AQ http://groups.google.com/group/PedroBeck-toh/web/addict-games.html addict games http://groups.google.com/group/PedroBeck-toh/web/addicted-games.html addicted games http://groups.google.com/group/PedroBeck-toh/web/addicted-lyrics.html addicted lyrics http://groups.google.com/group/PedroBeck-toh/web/addicting-game.html addicting game http://groups.google.com/group/PedroBeck-toh/web/addicting-games-.com.html addicting games .com http://groups.google.com/group/PedroBeck-toh/web/addicting-games.html addicting games http://groups.google.com/group/PedroBeck-toh/web/addictinggame.html addictinggame http://groups.google.com/group/PedroBeck-toh/web/addictinggames-.com.html addictinggames .com http://groups.google.com/group/PedroBeck-toh/web/addictinggames-com.html addictinggames com http://groups.google.com/group/PedroBeck-toh/web/addictinggames.co.html addictinggames.co http://groups.google.com/group/PedroBeck-toh/web/addictinggames.html addictinggames http://groups.google.com/group/PedroBeck-toh/web/addiction-definition.html addiction definition http://groups.google.com/group/PedroBeck-toh/web/addiction-game.html addiction game http://groups.google.com/group/PedroBeck-toh/web/addiction-games.html addiction games http://groups.google.com/group/PedroBeck-toh/web/addiction-lyrics.html addiction lyrics http://groups.google.com/group/PedroBeck-toh/web/addiction-recovery.html addiction recovery http://groups.google.com/group/PedroBeck-toh/web/addiction-solitaire.html addiction solitaire http://groups.google.com/group/PedroBeck-toh/web/addictive-game.html addictive game http://groups.google.com/group/PedroBeck-toh/web/addictive-games.com.html addictive games.com http://groups.google.com/group/PedroBeck-toh/web/addictive-games.html addictive games
3eKjwo http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-bank.html barclay bank http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-intercontinental-new-york.html barclay intercontinental new york http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-intercontinental.html barclay intercontinental http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-new-york.html barclay new york http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-ny.html barclay ny http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-prime.html barclay prime http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay-william.html barclay william http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclay.html barclay http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-capital.html barclays capital http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-card.html barclays card http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-credit-card.html barclays credit card http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-golf.html barclays golf http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-india.html barclays india http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-international.html barclays international http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-league.html barclays league http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-plc.html barclays plc http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premier-league.html barclays premier league http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premier.html barclays premier http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-premiership.html barclays premiership http://groups.google.com/group/QuentinClevelandManning-nwh/web/barclays-york.html barclays york
Z8lhIs? http://groups.google.com/group/NestorWard-jux/web/naproxen-250-mg.html naproxen 250 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-375-mg.html naproxen 375 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-375mg.html naproxen 375mg http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg-side-effects.html naproxen 500 mg side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg-tablet.html naproxen 500 mg tablet http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg.html naproxen 500 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-500.html naproxen 500 http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg-side-effects.html naproxen 500mg side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg-teva.html naproxen 500mg teva http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg.html naproxen 500mg http://groups.google.com/group/NestorWard-jux/web/naproxen-aleve.html naproxen aleve http://groups.google.com/group/NestorWard-jux/web/naproxen-and-naproxen.html naproxen and naproxen http://groups.google.com/group/NestorWard-jux/web/naproxen-and-vicodin.html naproxen and vicodin http://groups.google.com/group/NestorWard-jux/web/naproxen-dosage.html naproxen dosage http://groups.google.com/group/NestorWard-jux/web/naproxen-dose.html naproxen dose http://groups.google.com/group/NestorWard-jux/web/naproxen-drug.html naproxen drug http://groups.google.com/group/NestorWard-jux/web/naproxen-side-effects.html naproxen side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-sodium-side-effects.html naproxen sodium side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-sodium.html naproxen sodium http://groups.google.com/group/NestorWard-jux/web/naproxen.html naproxen
j3u9AQ http://groups.google.com/group/PedroBeck-toh/web/addict-games.html addict games http://groups.google.com/group/PedroBeck-toh/web/addicted-games.html addicted games http://groups.google.com/group/PedroBeck-toh/web/addicted-lyrics.html addicted lyrics http://groups.google.com/group/PedroBeck-toh/web/addicting-game.html addicting game http://groups.google.com/group/PedroBeck-toh/web/addicting-games-.com.html addicting games .com http://groups.google.com/group/PedroBeck-toh/web/addicting-games.html addicting games http://groups.google.com/group/PedroBeck-toh/web/addictinggame.html addictinggame http://groups.google.com/group/PedroBeck-toh/web/addictinggames-.com.html addictinggames .com http://groups.google.com/group/PedroBeck-toh/web/addictinggames-com.html addictinggames com http://groups.google.com/group/PedroBeck-toh/web/addictinggames.co.html addictinggames.co http://groups.google.com/group/PedroBeck-toh/web/addictinggames.html addictinggames http://groups.google.com/group/PedroBeck-toh/web/addiction-definition.html addiction definition http://groups.google.com/group/PedroBeck-toh/web/addiction-game.html addiction game http://groups.google.com/group/PedroBeck-toh/web/addiction-games.html addiction games http://groups.google.com/group/PedroBeck-toh/web/addiction-lyrics.html addiction lyrics http://groups.google.com/group/PedroBeck-toh/web/addiction-recovery.html addiction recovery http://groups.google.com/group/PedroBeck-toh/web/addiction-solitaire.html addiction solitaire http://groups.google.com/group/PedroBeck-toh/web/addictive-game.html addictive game http://groups.google.com/group/PedroBeck-toh/web/addictive-games.com.html addictive games.com http://groups.google.com/group/PedroBeck-toh/web/addictive-games.html addictive games
PilUSI? http://www.hi5.com/friend/group/3041766--11187254--bathroom%2bremodeling--bathroom%2b--topic-html bathroom ada http://www.hi5.com/friend/group/3041766--11187276--bathroom%2bremodeling--bathroom%2b--topic-html bathroom barn http://www.hi5.com/friend/group/3041766--11187302--bathroom%2bremodeling--bathroom%2b--topic-html bathroom city http://www.hi5.com/friend/group/3041766--11187344--bathroom%2bremodeling--bathroom%2b--topic-html bathroom cleaner http://www.hi5.com/friend/group/3041766--11187352--bathroom%2bremodeling--bathroom%2b--topic-html bathroom colors paint http://www.hi5.com/friend/group/3041766--11187369--bathroom%2bremodeling--bathroom%2b--topic-html bathroom fan exhaust http://www.hi5.com/friend/group/3041766--11187415--bathroom%2bremodeling--bathroom%2b--topic-html bathroom fans http://www.hi5.com/friend/group/3041766--11187425--bathroom%2bremodeling--bathroom%2b--topic-html bathroom furniture vanities http://www.hi5.com/friend/group/3041766--11187431--bathroom%2bremodeling--bathroom%2b--topic-html bathroom furniture vanity http://www.hi5.com/friend/group/3041766--11187436--bathroom%2bremodeling--bathroom%2b--topic-html bathroom girl http://www.hi5.com/friend/group/3041766--11187440--bathroom%2bremodeling--bathroom%2b--topic-html bathroom kohler http://www.hi5.com/friend/group/3041766--11187447--bathroom%2bremodeling--bathroom%2b--topic-html bathroom restroom http://www.hi5.com/friend/group/3041766--11187457--bathroom%2bremodeling--bathroom%2b--topic-html bathroom scales http://www.hi5.com/friend/group/3041766--11187463--bathroom%2bremodeling--bathroom%2b--topic-html bathroom shower accessories http://www.hi5.com/friend/group/3041766--11187477--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sink double http://www.hi5.com/friend/group/3041766--11187492--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sinks http://www.hi5.com/friend/group/3041766--11187507--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sinks vanities http://www.hi5.com/friend/group/3041766--11187516--bathroom%2bremodeling--bathroom%2b--topic-html bathroom standard http://www.hi5.com/friend/group/3041766--11187531--bathroom%2bremodeling--bathrooms--topic-html bathrooms modern http://www.hi5.com/friend/group/3041766--11187540--bathroom%2bremodeling--bathrooms--topic-html bathrooms remodeling
Z8lhIs? http://groups.google.com/group/NestorWard-jux/web/naproxen-250-mg.html naproxen 250 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-375-mg.html naproxen 375 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-375mg.html naproxen 375mg http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg-side-effects.html naproxen 500 mg side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg-tablet.html naproxen 500 mg tablet http://groups.google.com/group/NestorWard-jux/web/naproxen-500-mg.html naproxen 500 mg http://groups.google.com/group/NestorWard-jux/web/naproxen-500.html naproxen 500 http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg-side-effects.html naproxen 500mg side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg-teva.html naproxen 500mg teva http://groups.google.com/group/NestorWard-jux/web/naproxen-500mg.html naproxen 500mg http://groups.google.com/group/NestorWard-jux/web/naproxen-aleve.html naproxen aleve http://groups.google.com/group/NestorWard-jux/web/naproxen-and-naproxen.html naproxen and naproxen http://groups.google.com/group/NestorWard-jux/web/naproxen-and-vicodin.html naproxen and vicodin http://groups.google.com/group/NestorWard-jux/web/naproxen-dosage.html naproxen dosage http://groups.google.com/group/NestorWard-jux/web/naproxen-dose.html naproxen dose http://groups.google.com/group/NestorWard-jux/web/naproxen-drug.html naproxen drug http://groups.google.com/group/NestorWard-jux/web/naproxen-side-effects.html naproxen side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-sodium-side-effects.html naproxen sodium side effects http://groups.google.com/group/NestorWard-jux/web/naproxen-sodium.html naproxen sodium http://groups.google.com/group/NestorWard-jux/web/naproxen.html naproxen
LLXzqG? http://www.geocities.com/filibertomjeg818/bathroom-ada.html bathroom ada http://www.geocities.com/filibertomjeg818/bathroom-barn.html bathroom barn http://www.geocities.com/filibertomjeg818/bathroom-city.html bathroom city http://www.geocities.com/filibertomjeg818/bathroom-cleaner.html bathroom cleaner http://www.geocities.com/filibertomjeg818/bathroom-colors-paint.html bathroom colors paint http://www.geocities.com/filibertomjeg818/bathroom-fan-exhaust.html bathroom fan exhaust http://www.geocities.com/filibertomjeg818/bathroom-fans.html bathroom fans http://www.geocities.com/filibertomjeg818/bathroom-furniture-vaniti.html bathroom furniture vanities http://www.geocities.com/filibertomjeg818/bathroom-furniture-vanity.html bathroom furniture vanity http://www.geocities.com/filibertomjeg818/bathroom-girl.html bathroom girl http://www.geocities.com/filibertomjeg818/bathroom-kohler.html bathroom kohler http://www.geocities.com/filibertomjeg818/bathroom-remodeling.html bathroom remodeling http://www.geocities.com/filibertomjeg818/bathroom-restroom.html bathroom restroom http://www.geocities.com/filibertomjeg818/bathroom-scales.html bathroom scales http://www.geocities.com/filibertomjeg818/bathroom-sink-double.html bathroom sink double http://www.geocities.com/filibertomjeg818/bathroom-sinks-vanities.html bathroom sinks vanities http://www.geocities.com/filibertomjeg818/bathroom-sinks.html bathroom sinks http://www.geocities.com/filibertomjeg818/bathroom-standard.html bathroom standard http://www.geocities.com/filibertomjeg818/bathrooms-modern.html bathrooms modern http://www.geocities.com/filibertomjeg818/bathroomshoweraccessories.html bathroomshoweraccessories
PilUSI? http://www.hi5.com/friend/group/3041766--11187254--bathroom%2bremodeling--bathroom%2b--topic-html bathroom ada http://www.hi5.com/friend/group/3041766--11187276--bathroom%2bremodeling--bathroom%2b--topic-html bathroom barn http://www.hi5.com/friend/group/3041766--11187302--bathroom%2bremodeling--bathroom%2b--topic-html bathroom city http://www.hi5.com/friend/group/3041766--11187344--bathroom%2bremodeling--bathroom%2b--topic-html bathroom cleaner http://www.hi5.com/friend/group/3041766--11187352--bathroom%2bremodeling--bathroom%2b--topic-html bathroom colors paint http://www.hi5.com/friend/group/3041766--11187369--bathroom%2bremodeling--bathroom%2b--topic-html bathroom fan exhaust http://www.hi5.com/friend/group/3041766--11187415--bathroom%2bremodeling--bathroom%2b--topic-html bathroom fans http://www.hi5.com/friend/group/3041766--11187425--bathroom%2bremodeling--bathroom%2b--topic-html bathroom furniture vanities http://www.hi5.com/friend/group/3041766--11187431--bathroom%2bremodeling--bathroom%2b--topic-html bathroom furniture vanity http://www.hi5.com/friend/group/3041766--11187436--bathroom%2bremodeling--bathroom%2b--topic-html bathroom girl http://www.hi5.com/friend/group/3041766--11187440--bathroom%2bremodeling--bathroom%2b--topic-html bathroom kohler http://www.hi5.com/friend/group/3041766--11187447--bathroom%2bremodeling--bathroom%2b--topic-html bathroom restroom http://www.hi5.com/friend/group/3041766--11187457--bathroom%2bremodeling--bathroom%2b--topic-html bathroom scales http://www.hi5.com/friend/group/3041766--11187463--bathroom%2bremodeling--bathroom%2b--topic-html bathroom shower accessories http://www.hi5.com/friend/group/3041766--11187477--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sink double http://www.hi5.com/friend/group/3041766--11187492--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sinks http://www.hi5.com/friend/group/3041766--11187507--bathroom%2bremodeling--bathroom%2b--topic-html bathroom sinks vanities http://www.hi5.com/friend/group/3041766--11187516--bathroom%2bremodeling--bathroom%2b--topic-html bathroom standard http://www.hi5.com/friend/group/3041766--11187531--bathroom%2bremodeling--bathrooms--topic-html bathrooms modern http://www.hi5.com/friend/group/3041766--11187540--bathroom%2bremodeling--bathrooms--topic-html bathrooms remodeling
U3WE73? http://chanelhandbag.blog.hr/ chanel handbag http://chanelhandbagblack.blog.hr/ chanel handbag black http://chanelhandbagprice.blog.hr/ chanel handbag price http://chanelhandbagprices.blog.hr/ chanel handbag prices http://chanelhandbagpurse.blog.hr/ chanel handbag purse http://chanelhandbagreplica.blog.hr/ chanel handbag replica http://chanelhandbags.blog.hr/ chanel handbags http://chanelhandbagsauthentic.blog.hr/ chanel handbags authentic http://chanelhandbagscheap.blog.hr/ chanel handbags cheap http://chanelhandbagsfake.blog.hr/ chanel handbags fake http://chanelhandbagsforsale.blog.hr/ chanel handbags for sale http://chanelhandbagsonline.blog.hr/ chanel handbags online http://chanelhandbagssaks.blog.hr/ chanel handbags saks http://braingrant.ifrance.com/ adult cam action http://careyphillips.ifrance.com/ amateur xxx home videos http://carmenguzman.ifrance.com/ anna benson nude http://colebarryreed.ifrance.com/ brittany murphy nude http://lunaedrusso.ifrance.com/ chunky nude ladies http://efrainnathan.ifrance.com/ free ftv girls karlie http://chanel-handbags.any.pl/ chanel handbags
LLXzqG? http://www.geocities.com/filibertomjeg818/bathroom-ada.html bathroom ada http://www.geocities.com/filibertomjeg818/bathroom-barn.html bathroom barn http://www.geocities.com/filibertomjeg818/bathroom-city.html bathroom city http://www.geocities.com/filibertomjeg818/bathroom-cleaner.html bathroom cleaner http://www.geocities.com/filibertomjeg818/bathroom-colors-paint.html bathroom colors paint http://www.geocities.com/filibertomjeg818/bathroom-fan-exhaust.html bathroom fan exhaust http://www.geocities.com/filibertomjeg818/bathroom-fans.html bathroom fans http://www.geocities.com/filibertomjeg818/bathroom-furniture-vaniti.html bathroom furniture vanities http://www.geocities.com/filibertomjeg818/bathroom-furniture-vanity.html bathroom furniture vanity http://www.geocities.com/filibertomjeg818/bathroom-girl.html bathroom girl http://www.geocities.com/filibertomjeg818/bathroom-kohler.html bathroom kohler http://www.geocities.com/filibertomjeg818/bathroom-remodeling.html bathroom remodeling http://www.geocities.com/filibertomjeg818/bathroom-restroom.html bathroom restroom http://www.geocities.com/filibertomjeg818/bathroom-scales.html bathroom scales http://www.geocities.com/filibertomjeg818/bathroom-sink-double.html bathroom sink double http://www.geocities.com/filibertomjeg818/bathroom-sinks-vanities.html bathroom sinks vanities http://www.geocities.com/filibertomjeg818/bathroom-sinks.html bathroom sinks http://www.geocities.com/filibertomjeg818/bathroom-standard.html bathroom standard http://www.geocities.com/filibertomjeg818/bathrooms-modern.html bathrooms modern http://www.geocities.com/filibertomjeg818/bathroomshoweraccessories.html bathroomshoweraccessories
2jjEXG http://bathroomremodeling.buzznet.com/user/journal/2154201/bathroom-and-plumbing/ bathroom and plumbing http://bathroomremodeling.buzznet.com/user/journal/2154211/bathroom-escape-walkthrough/ bathroom escape walkthrough http://bathroomremodeling.buzznet.com/user/journal/2154231/bathroom-fans-panasonic/ bathroom fans panasonic http://bathroomremodeling.buzznet.com/user/journal/2154251/bathroom-floor-ceramic-tile/ bathroom floor ceramic tile http://bathroomremodeling.buzznet.com/user/journal/2154291/bathroom-remodeling-design/ bathroom remodeling design http://bathroomremodeling.buzznet.com/user/journal/2154321/bathroom-shower-plumbing/ bathroom shower plumbing http://bathroomremodeling.buzznet.com/user/journal/2154341/bathroom-sink-fixtures/ bathroom sink fixtures http://bathroomremodeling.buzznet.com/user/journal/2154351/bathroom-sink-home-depot/ bathroom sink home depot http://bathroomremodeling.buzznet.com/user/journal/2154361/bathroom-sinks-american-standard/ bathroom sinks american standard http://bathroomremodeling.buzznet.com/user/journal/2154381/bathroom-sinks-vanities/ bathroom sinks and vanities http://bathroomremodeling.buzznet.com/user/journal/2154391/bathroom-sinks-faucets/ bathroom sinks faucets http://bathroomremodeling.buzznet.com/user/journal/2154401/bathroom-tile-showers/ bathroom tile showers http://bathroomremodeling.buzznet.com/user/journal/2154421/bathroom-towel-accessories/ bathroom towel accessories http://bathroomremodeling.buzznet.com/user/journal/2154441/bathroom-vanity-24/ bathroom vanity 24 http://bathroomremodeling.buzznet.com/user/journal/2154461/bathroom-vanity-wood/ bathroom vanity wood http://bathroomremodeling.buzznet.com/user/journal/2154481/bathroom-walkthrough/ bathroom walkthrough http://bathroomremodeling.buzznet.com/user/journal/2154491/bathroom-warehouse/ bathroom warehouse http://bathroomremodeling.buzznet.com/user/journal/2154501/bathroom-woman/ bathroom woman http://bathroomremodeling.buzznet.com/user/journal/2154521/bathroom-works/ bathroom works http://bathroomremodeling.buzznet.com/user/journal/2154531/bathrooms-and-kitchens/ bathrooms and kitchens
U3WE73? http://chanelhandbag.blog.hr/ chanel handbag http://chanelhandbagblack.blog.hr/ chanel handbag black http://chanelhandbagprice.blog.hr/ chanel handbag price http://chanelhandbagprices.blog.hr/ chanel handbag prices http://chanelhandbagpurse.blog.hr/ chanel handbag purse http://chanelhandbagreplica.blog.hr/ chanel handbag replica http://chanelhandbags.blog.hr/ chanel handbags http://chanelhandbagsauthentic.blog.hr/ chanel handbags authentic http://chanelhandbagscheap.blog.hr/ chanel handbags cheap http://chanelhandbagsfake.blog.hr/ chanel handbags fake http://chanelhandbagsforsale.blog.hr/ chanel handbags for sale http://chanelhandbagsonline.blog.hr/ chanel handbags online http://chanelhandbagssaks.blog.hr/ chanel handbags saks http://braingrant.ifrance.com/ adult cam action http://careyphillips.ifrance.com/ amateur xxx home videos http://carmenguzman.ifrance.com/ anna benson nude http://colebarryreed.ifrance.com/ brittany murphy nude http://lunaedrusso.ifrance.com/ chunky nude ladies http://efrainnathan.ifrance.com/ free ftv girls karlie http://chanel-handbags.any.pl/ chanel handbags
good work
2jjEXG http://bathroomremodeling.buzznet.com/user/journal/2154201/bathroom-and-plumbing/ bathroom and plumbing http://bathroomremodeling.buzznet.com/user/journal/2154211/bathroom-escape-walkthrough/ bathroom escape walkthrough http://bathroomremodeling.buzznet.com/user/journal/2154231/bathroom-fans-panasonic/ bathroom fans panasonic http://bathroomremodeling.buzznet.com/user/journal/2154251/bathroom-floor-ceramic-tile/ bathroom floor ceramic tile http://bathroomremodeling.buzznet.com/user/journal/2154291/bathroom-remodeling-design/ bathroom remodeling design http://bathroomremodeling.buzznet.com/user/journal/2154321/bathroom-shower-plumbing/ bathroom shower plumbing http://bathroomremodeling.buzznet.com/user/journal/2154341/bathroom-sink-fixtures/ bathroom sink fixtures http://bathroomremodeling.buzznet.com/user/journal/2154351/bathroom-sink-home-depot/ bathroom sink home depot http://bathroomremodeling.buzznet.com/user/journal/2154361/bathroom-sinks-american-standard/ bathroom sinks american standard http://bathroomremodeling.buzznet.com/user/journal/2154381/bathroom-sinks-vanities/ bathroom sinks and vanities http://bathroomremodeling.buzznet.com/user/journal/2154391/bathroom-sinks-faucets/ bathroom sinks faucets http://bathroomremodeling.buzznet.com/user/journal/2154401/bathroom-tile-showers/ bathroom tile showers http://bathroomremodeling.buzznet.com/user/journal/2154421/bathroom-towel-accessories/ bathroom towel accessories http://bathroomremodeling.buzznet.com/user/journal/2154441/bathroom-vanity-24/ bathroom vanity 24 http://bathroomremodeling.buzznet.com/user/journal/2154461/bathroom-vanity-wood/ bathroom vanity wood http://bathroomremodeling.buzznet.com/user/journal/2154481/bathroom-walkthrough/ bathroom walkthrough http://bathroomremodeling.buzznet.com/user/journal/2154491/bathroom-warehouse/ bathroom warehouse http://bathroomremodeling.buzznet.com/user/journal/2154501/bathroom-woman/ bathroom woman http://bathroomremodeling.buzznet.com/user/journal/2154521/bathroom-works/ bathroom works http://bathroomremodeling.buzznet.com/user/journal/2154531/bathrooms-and-kitchens/ bathrooms and kitchens
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
good work
hney0s http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-arts.html beneficial arts http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-bank.html beneficial bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-card.html beneficial card http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-company.html beneficial company http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-finance.html beneficial finance http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-financial.html beneficial financial http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-hsbc.html beneficial hsbc http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-life.html beneficial life http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-loan.html beneficial loan http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-loans.html beneficial loans http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-mortgage.html beneficial mortgage http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-national-bank.html beneficial national bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-national.html beneficial national http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-savings-bank.html beneficial savings bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-savings.html beneficial savings http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial.html beneficial http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialcard.co.uk.html beneficialcard.co.uk http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialcard.html beneficialcard http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialsavings.html beneficialsavings http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialsavingsbank.html beneficialsavingsbank
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
hney0s http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-arts.html beneficial arts http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-bank.html beneficial bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-card.html beneficial card http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-company.html beneficial company http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-finance.html beneficial finance http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-financial.html beneficial financial http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-hsbc.html beneficial hsbc http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-life.html beneficial life http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-loan.html beneficial loan http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-loans.html beneficial loans http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-mortgage.html beneficial mortgage http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-national-bank.html beneficial national bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-national.html beneficial national http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-savings-bank.html beneficial savings bank http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial-savings.html beneficial savings http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficial.html beneficial http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialcard.co.uk.html beneficialcard.co.uk http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialcard.html beneficialcard http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialsavings.html beneficialsavings http://groups.google.com/group/SidPierreBuchanan-vvp/web/beneficialsavingsbank.html beneficialsavingsbank
zNezmk http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-2007.html netflix 2007 http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-2008.html netflix 2008 http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-amazon.html netflix amazon http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-blockbuster.html netflix blockbuster http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-buy.html netflix buy http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-download.html netflix download http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-dvd.html netflix dvd http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-free.html netflix free http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-games.html netflix games http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-imdb.html netflix imdb http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-mail.html netflix mail http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-movie.html netflix movie http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-movies.html netflix movies http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-news.html netflix news http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-now.html netflix now http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-online.html netflix online http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-rental.html netflix rental http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-tv.html netflix tv http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-video.html netflix video http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-yahoo.html netflix yahoo
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
zNezmk http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-2007.html netflix 2007 http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-2008.html netflix 2008 http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-amazon.html netflix amazon http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-blockbuster.html netflix blockbuster http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-buy.html netflix buy http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-download.html netflix download http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-dvd.html netflix dvd http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-free.html netflix free http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-games.html netflix games http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-imdb.html netflix imdb http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-mail.html netflix mail http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-movie.html netflix movie http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-movies.html netflix movies http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-news.html netflix news http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-now.html netflix now http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-online.html netflix online http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-rental.html netflix rental http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-tv.html netflix tv http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-video.html netflix video http://groups.google.com/group/DarrellHerbertDaniel-ull/web/netflix-yahoo.html netflix yahoo
vYzf17 <a href="http://vsmopluiyiea.com/">vsmopluiyiea</a>, [url=http://mjyymvkktbir.com/]mjyymvkktbir[/url], [link=http://jsgtxgzrcgya.com/]jsgtxgzrcgya[/link], http://tovykwdqsqva.com/
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
Contents:
Postfix
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all ipc_timeout = 13600 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz myhostname = agrajag.kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104
Courier
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
vYzf17 <a href="http://vsmopluiyiea.com/">vsmopluiyiea</a>, [url=http://mjyymvkktbir.com/]mjyymvkktbir[/url], [link=http://jsgtxgzrcgya.com/]jsgtxgzrcgya[/link], http://tovykwdqsqva.com/
This is currently in progress. It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
This is currently in progress. (Not anymore, everything here has been running fine for me for a long time now) It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
this also sets up a Spam folder, which will be used below...
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
this also sets up a Spam folder, which will be used below.
Problem: The above may not work sometimes. If you get this error from postfix:
relay=maildrop, delay=1,status=deferred (temporary failure. Command
output: /usr/bin/maildrop: Unable to create a dot-lock. )=]
it can indicate that the destination maildir doesn't exist.
Solution: A possible cause is that the SHELL
environment isn't being set, so the backtick evaluation above doesn't happen. To fix, add this line to the top of maildroprc
:
SHELL=/bin/bash
(Thanks to Daniele Palumbo for this pointer)
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
[=
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
Solution2: add this in the init.d/postfix script
start) echo -n "Starting mail transport agent: Postfix"
- added bij Louis
if [ -e /var/spool/postfix/var/run/mysqld/mysqld.sock ]; then rm /var/spool/postfix/var/run/mysqld/mysqld.sock fi mkdir -p /var/spool/postfix/var/run/mysqld chown mysql /var/spool/postfix/var/run/mysqld ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
- added bij Louis
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in |a pretty online format. Details on its usage are located in the readme file.
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in a pretty online format. Details on its usage are located in the readme file.
Courier
Administration
Having all this set up and working is nice, but you also need some way of controlling it. To this end, I wrote up a few PHP scripts that can be used to administer the system. They are fairly primitive, but should be totally functional. They are also likely to undergo a lot of tweaking in the next while, so I'd recommend accessing them via Subversion. The Subversion URL is https://www.kallisti.net.nz/svn/mailadmin (you'll likely want the trunk subdirectory of this). It can also be browsed in |a pretty online format. Details on its usage are located in the readme file.
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
maildrop unix - n n - - pipe
flags=DRhu? user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
maildrop unix - n n - - pipe flags=DRhu user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
this also sets up a Spam folder, which will be used below...
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later.
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later. Another thing is that we need to ensure that the destination maildir exists, otherwise maildrop gets quite unhappy. A nice way of doing this is to have maildrop create non-existing maildirs itself, that way we don't need any external intervention. That can be done with the following addition near the top of the filter rule:
# If the destination maildir doesn't exist, create it. `[ -d $DEFAULT ] || (maildirmake $DEFAULT && maildirmake -f Spam $DEFAULT)`
alias_maps = hash:/etc/aliases
debug_peer_level = 2 html_directory = no
debug_peer_list = 127.0.0.1 fallback_transport = maildrop inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mail_spool_directory = /var/spool/mail/ mailbox_command = /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
mydomain = kallisti.net.nz myhostname = kallisti.net.nz
myhostname = agrajag.kallisti.net.nz
readme_directory = no
relayhost = smtp.orcon.net.nz
virtual_alias_maps = hash:/etc/postfix/virtual=]
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/spool/virtualmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = procmail virtual_uid_maps = static:104=]
With this, the incoming mail side of things appears to be working fine.
With this, the incoming mail side of things appears to be working fine. For the interested, my postconf -n
output is:
$ postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/sbin command_time_limit = 10000 config_directory = /etc/postfix debug_peer_level = 2 html_directory = no ipc_timeout = 13600 mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/man mydestination = kallisti.2y.net, localhost.$mydomain, kallisti.net.nz, kallisti.hopto.org, www.kallisti.net.nz mydomain = kallisti.net.nz myhostname = kallisti.net.nz mynetworks = 192.168.0.0/16,127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relay_domains = $mydestination relayhost = smtp.orcon.net.nz sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Commodore Vic-20) soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual
Coming soon: the other side. Making courier-imap read the database and get the mailbox information, and so allow imap access to shell and virtual users.
Making Courier work with this setup was very smooth. The information in the howto is all that was needed. There are a few minor things that I had to change:
- the UID/GID in
/etc/courier/authmysqlrc
are set to 8, that of themail
user. - the
authmodulelist
containsauthpam authmysql
- the users mail directories has to be
~/Maildir/
, not/var/spool/mail/$USER/
like I initially intended. You can probably change this, but I couldn't work out how in a short time.
Note that this was written in a sequence-of-discovery type way, so the solutions I find at one point may be superseded by something later on.
With this, the incoming mail side of things appears to be working fine.
Coming soon: the other side. Making courier-imap read the database and get the mailbox information, and so allow imap access to shell and virtual users.
Solution: None yet.
Solution: This is easily done with maildrop's filtering. Add the following to the maildroprc
(or maildroprc-virtual
):
if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamc" } } if (/^X-Spam-Flag: *YES/) { exception { to "$DEFAULT/.Spam/" } } else { exception { to "/$DEFAULT" } }
also ensure that the destination Spam folder does exist, using the maildirmake
command. If this isn't the case, the message is delivered to the default maildir.
Solution: None yet.
Solution: Unfortunately this appears to be impossible, or at least, I couldn't figure it out, so I made a compromise: postfix tells maildrop the recipient, and maildrop just uses that value to work out where to put the message, based on it's own rules. This means that the information in the database or userdb as to the destination maildir is ignored, and mail will always go to a location defined by the appropriate maildroprc rule.
In Postfix, maildrop is called by the following in master.cf
:
maildrop unix - n n - - pipe
flags=DRhu? user=mail argv=/usr/bin/maildrop /etc/maildroprc-virtual ${recipient}
where /etc/maildroprc-virtual
is the configuration file that controls where the message ends up, based on the value of ${recipient}
. In maildroprc-virtual
this is:
DEFAULT="/var/spool/virtualmail/$1/"
additional filtering rules can be placed after this as needed. It may be possible to allow lookups to be done in the filter rules in order to control the destination of the message. This is something to look into later.
Problem: We want SpamAssassin to be run over all the messages that pass through this.
Solution: None yet.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here. Other options I'm going to explore at some stage: having postfix talk to MySQL via the network, and having MySQL put a socket inside the postfix chroot.
This is currently in progress. It is based on this howto. Here I detail the problems I had and how I fixed them.
This is currently in progress. It is based on this howto. Here I detail the problems I had and how I fixed them. The implementation I'm aiming for is it bit more complex than the howto allows for. As well as having MySQL driven virtual users, I want mail to be delivered for shell users like normal, and for the virtual mail to be filtered so that something like spamassassin can be used.
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable.
Problem: Mail passing through maildrop seems to vanish, rather than being delivered.\\
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable. To tell postfix to use maildrop, simply set fallback_transport = maildrop
.
Problem: Mail passing through maildrop gets delivered to /home/mail/Maildir rather than the directory specified in the mail=
line in userdb.\\
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable.
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable.
Problem: Mail passing through maildrop seems to vanish, rather than being delivered.
Solution: None yet.
Solution: None yet.
Solution: Procmail won't cut it for this. It will need building a custom ruleset to shunt the mail where it needs to go. Instead, I'm using maildrop. Maildrop is like procmail, but better. Most usefully, it reads (in Debian) /etc/courier/userdb.dat (generated from /etc/courier/userdb) to allow mappings of non-existant users to the place where their mail goes. In Debian, the maildrop package won't work, it doesn't know about the userdb system. Instead, you need to use courier-maildrop. Also, it is necessary to change the home directory of the user that will be running maildrop, in my case mail, to be somewhere that isn't world writable.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to postfix so that it knows where to put it. (Note: running local mail through procmail is easy, by using
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to procmail so that it knows where to put it. (Note: running local mail through procmail is easy, by using
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users using the virtual delivery code.
Solution: In main.cf, put:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
to ensure that postfix knows the users exist. Then put:
fallback_transport = virtual
so that non-local users end up with mail being sent to the maildir given in the database.
Problem: Mail for the non-local users needs to be run through procmail, however we somehow need to pass the destination maildir information that is in the database to postfix so that it knows where to put it. (Note: running local mail through procmail is easy, by using
mailbox_command= /usr/bin/procmail -p /etc/procmailrc -a "$EXTENSION"
where /etc/procmailrc
is a default procmail setup for local users. Also, it seems that setting virtual_transport = procmail
doesn't work when fallback_transport = virtual
. The mail doesn't seem to hit procmail. Besides, we'd still need to get the destination maildir information to it somehow.)\\
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way. Also note that setting mydestination to a domain that is the same as in the virtual maps, then it takes precidence over the virtual map, and you only get delivery to local users.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions.\\
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this. This has the side effect that you can't deliver to local users in the 'default' postfix way.
Problem: Can't deliver to local users if they're not listed in the virtual map. Also, if they are added to the virtual maps it means that mail won't be delivered with their permissions. Solution: None yet.
Solution: None yet.
Solution: Turns out you can't have mydomain and myhostname the same as anything in the virtual maps. So the hostname should be set to the actual machine name to prevent this.
This is currently in progress. It is based on this howto. Here I detail the problems I had and how I fixed them.
Problem: Postfix can't talk to the MySQL socket.
Solution: By default, parts of Postfix run chrooted. This needs to be changed. Solution found here.
Problem: The users in the mailbox table aren't detected by Postfix.
Solution: None yet.