It is very common these days for a single system to
host many domains. For instance, arkum.ch and
akadia.com might run on a single host, but
act as if they were two totally different hosts. A system usually has a canonical
domain, which is considered its usual or common domain name. Additional domains are
configured as virtual domains. Each virtual domain can host services such as web
sites and email as if it were the only domain on a server.
To determine which technique or techniques you need,
you must decide how Postfix should deliver messages for virtual domains. There are two
important considerations that influence how you should configure Postfix for hosting
multiple domains:
-
Should your domains have separate namespaces?
For example, should mail for the two addresses info@arkum.ch and
info@akadia.com go to the same mailbox or separate ones?
-
Does every user require a local account? We'll
make the distinction between local accounts that are real Unix accounts on
your system and virtual accounts. With virtual accounts, users can have
mailboxes on your server, but don't otherwise log in to the system and don't require
an entry in /etc/passwd.
Consider the four different ways Postfix can handle mail for
virtual domains:
-
Shared mailboxes with system accounts
-
Separate mailboxes with system accounts
-
Separate mailboxes with virtual accounts (shown in this
Article)
Your POP/IMAP server will be a major factor in deciding which
technique you need. If your POP/IMAP server does not understand virtual domains, then it
will most likely require that you have system accounts for all addresses. Some POP/IMAP
servers inherently support multiple domains, and deliver messages into a particular
directory structure on the local filesystem. Other POP/IMAP servers use their own
proprietary message store. Postfix can hand off messages to them using LMTP.
The drawback for the two first techniques is that you must maintain system accounts
for all email addresses on your server. As the number of domains you host increases, so
does the effort to maintain all the accounts. In particular, if users only receive email
at your server, and don't otherwise log in, you probably don't want to have to create
system accounts for each one. Instead, configure Postfix to deliver to a local message
store where each virtual email address can have its own mailbox file. Your users then
retrieve their messages through a POP/IMAP server.
The local message store works much like normal local delivery, but
it doesn't require a one-to-one correspondence between each mail file and a local user
account. For this configuration, list each virtual domain in the
virtual_mailbox_domains parameter:
virtual_mailbox_domains =
arkum.ch
If you have many domains, you can list them in a file and point
virtual_mailbox_domains to the file:
virtual_mailbox_domains =
/usr/local/postfix/etc/virtual_domains
The file virtual_domains then contains a line for each
domain:
#
# virtual_domains
#
arkum.ch
arkum.com
opal.ch
opal.com
Virtual domains listed in virtual_mailbox_domains are
delivered by the virtual delivery agent, which is actually a streamlined version
of the local delivery agent. It makes deliveries in a highly secure and efficient manner,
but local aliases, .forward files, and mailing list programs are not
available.
When setting up the virtual mailboxes, you should structure the
directories to accommodate the expectations of your POP/IMAP server. Let's assume for
this explanation that the virtual mailboxes are all located below the base directory
/var/spool/mail. Each virtual domain has its own subdirectory below that, so that
you have directories like the following:
/var/spool/mail/arkum.ch
/var/spool/mail/arkum.com
/var/spool/mail/opal.ch
/var/spool/mail/opal.com
This is a common configuration for POP/IMAP servers that support
virtual hosting. Below each domain subdirectory are the mail files for each user.
Indicate to Postfix the base directory of the mail store with the virtual_mailbox_base
parameter:
virtual_mailbox_base = /var/spool/mail
You must create a lookup file that maps email addresses to their
mailbox files. Specify the lookup table with the virtual_mailbox_maps
parameter:
virtual_mailbox_maps =
hash:/usr/local/postfix/etc/virtual_mailbox
Every user receiving mail to a virtual mailbox file must have an
entry in a Postfix lookup table. The mailbox file is specified relative to
virtual_mailbox_base. Mail files can use either mbox or maildir format. To use maildir
format, include a slash at the end of the filename. A virtual mailbox map file looks like
the following:
#
# virtual_mailbox
#
mueller@arkum.ch arkum.ch/mueller
hans.mueller@arkum.ch arkum.ch/mueller
meier@arkum.ch
arkum.ch/meier
roland.meier@arkum.ch arkum.ch/meier
The email address mueller@arkum.ch goes to a different
mailbox from the address meier@arkum.ch.
The virtual mailbox files must be owned by a user account and
associated with a group on your system. How your users retrieve their messages determines
what the ownership of mailbox files should be. Often, your POP/IMAP server executes under
its own account and expects all of the mailbox files to be owned by this user, but if
necessary, Postfix lets you configure ownership for mailbox files in any way you need.
Each can be owned by a separate user, or one user can own all of the mailboxes for one
domain, while a different user owns the mailboxes of another.
The virtual_uid_maps and virtual_gid_maps parameters
determine the owner and group Postfix uses when making deliveries to virtual mailbox
files. You can specify that all of the virtual mailboxes should be owned by the same user
account with the static map type. Assume, for this example, that you have created an
account called vmail that has a UID of 404, and a group
called vmail that has a GID of 400. You want all of the
virtual mailbox files to be owned by this user and group.
Set the virtual_uid_maps and virtual_gid_maps
parameters in main.cf:
virtual_uid_maps = static:404
virtual_gid_maps = static:400
If you want to use different UIDs for different mailbox files, you
must create a lookup file that maps the addresses to the UIDs. Then point the mapping
parameter to your lookup file:
virtual_uid_maps =
hash:/usr/local/postfix/etc/virtual_uids
virtual_gid_maps =
hash:/usr/local/postfix/etc/virtual_gids
The file /usr/local/postfix/etc/virtual_uids contains entries like the following, with each address mapped
to the correct UID. In this case, the mailboxes for mueller@arkum.ch use one ID
and those for meier@arkum.ch use another:
#
# virtual_uids
#
mueller@arkum.ch 404
meier@arkum.ch 405
