Postfix authentication default configuration
Patrick Goetz
pgoetz at mail.utexas.edu
Mon Dec 21 19:25:35 UTC 2009
> Subject: Postfix authentication default configuration
> From: Ben Bucksch <linux.news at bucksch.org>
> Date: Fri, 18 Dec 2009 17:06:44 +0100
> To: ubuntu-devel-discuss at lists.ubuntu.com
>
> I'm trying to set up a mail server with Ubuntu, Cyrus and Postix, and
> need authentication (via sasldb2)
>
> Cyrus works fine, and postfix works and delivers, but I find it
> extremely hard to configure SMTP AUTH, due to the Postfix-SASL
> connection, incl. chroot.
>
> It's normal for a mail server to not only offer IMAP, but also SMTP to
> clients.
Since I recently went through this (upgrading a debian Exim4/Cyrus
system to Karmic), I feel your pain. Given the shaky and poorly
documented maintenance of Cyrus, switching to dovecot was a fairly easy
choice (despite my utter revulsion for the maildir/maildir+ nonstandard)
and the Debian package maintainers "fixed" Exim 4 configuration to make
it more like sendmail configuration (only the initiated will appreciate
the genius of taking a simple, logical configuration file and converting
it to incomprehensible macro hell), so I decided to abandon Exim 4 and
go with Postfix instead.
This then allowed me to use the dovecot-postfix package, which has quite
a bit of the hard configuration work done for you.
With that said, dovecot-postfix leaves an AWFUL lo to be desired,
including poor decisions regarding default mail certs, mis-configured
(rsyslog) files, and a few bizarre choices for default configurations.
Some discussion of these issues can be found here:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/434986
I think the biggest problem is that there are quite a number of
different email server configurations, so no single default
configuration will ever satisfy more than a minority of users. For example:
> (Unix accounts are a bad idea for mail users.
This depends on what kind of system you're running. In my case, only
unix users should have email accounts and every unix user must have an
email account, so it makes perfect sense to use a single authentication
system for login/email.
Suggestion: dovecot-postfix is a good start, but what is really needed
are several meta-packages catering to different mail configurations:
1. single domain with auth = unix login
2. mail server which provides mail service for multiple virtual domains
3. sites requiring mbox + maildir compatability
4. sites with larger numbers of IMAP users requiring optimized
performance
and of course in all cases the logging should work properly. <:)
The bug cited above was tagged as invalid by some knucklehead before I
had a chance to download all the source packages and debug the problem.
My subsequent comments in the invalidated bug report should be
adequate to fix this problem in the rsyslog configuration files.
More information about the Ubuntu-devel-discuss
mailing list