[Slackbuilds-users] UID/GID for another Dovecot case

Rob McGee rob0 at slackbuilds.org
Sun Feb 15 02:36:39 UTC 2015 

On Sat, Feb 14, 2015 at 02:21:26PM -0700, Slacker wrote:
> I am writing a Slackdocs article for setting up a virtual mail 
> server using Postfix, Dovecot and MySQL.
> 
> In this use case we require a separate non-priv user/group
> for which the Dovecot documents suggest "vmail" ( 
> http://wiki.dovecot.org/VirtualUsers ), and which I have used
> in my own implementation.
> 
> This is purely a configuration option and is not required to build 
> the Dovecot package. But it seems to me it is a common enough use 
> case and that having an SBo assigned uid/gid for "vmail" would 
> dovetail nicely with the dovecot docs and simplify virtual mail 
> setup for those building with SBo scripts. It would also simplify 
> my Slackdocs article.
> 
> So, please consider this a request for either discussion or simply 
> for an assigned uid/gid for a vmail user.

I never have understood why so many small-time users want to have 
"virtual mail accounts."  What is the appeal?  "Gee whiz, all I do 
when I add a domain is enter it in mysql."  Well, uh, how often do 
you add domains?  I can see it if you're a large scale hosting 
provider.  Why is that so good if you're not?

In the small-timer case, delivery to system accounts is far more 
powerful and flexible.  You can keep all your mail in your $HOME; 
you're able to run commands on certain incoming mail; you have many 
more options for storing and sorting mail.

Furthermore, it's considerably less secure to have all mail under a 
single UID/GID, as most of these virtual/mysql howtos seem to 
advocate.  A compromise of that user means all mail is at risk.  
With system users, each recipient has her own UID, and compromises 
are limited.

(Actually that can be done with virtual also; both Postfix and 
Dovecot support map lookups for the UID & GID.  But few howtos -- if 
any?  I don't think I have seen one -- show how this is done.)

So my concern here is twofold: one, it promotes "virtual mail" to 
users who should not be using it; and two, it promotes the less 
secure means of doing it, under a single UID/GID.
-- 
    Rob McGee - /dev/rob0 - rob0 at slackbuilds.org

More information about the SlackBuilds-users mailing list