[Slackbuilds-users] UID/GID for another Dovecot case

Sun Feb 15 23:11:48 UTC 2015

On 02/14/2015 07:36 PM, Rob McGee wrote:
> On Sat, Feb 14, 2015 at 02:21:26PM -0700, Slacker wrote:
>> I am writing a Slackdocs article for setting up a virtual mail
>> server using Postfix, Dovecot and MySQL.
>>
>> In this use case we require a separate non-priv user/group
>> for which the Dovecot documents suggest "vmail" (
>> http://wiki.dovecot.org/VirtualUsers ), and which I have used
>> in my own implementation.
>>
>> This is purely a configuration option and is not required to build
>> the Dovecot package. But it seems to me it is a common enough use
>> case and that having an SBo assigned uid/gid for "vmail" would
>> dovetail nicely with the dovecot docs and simplify virtual mail
>> setup for those building with SBo scripts. It would also simplify
>> my Slackdocs article.
>>
>> So, please consider this a request for either discussion or simply
>> for an assigned uid/gid for a vmail user.
>

So discussion it shall be!

> I never have understood why so many small-time users want to have
> "virtual mail accounts."  What is the appeal?  "Gee whiz, all I do
> when I add a domain is enter it in mysql."  Well, uh, how often do
> you add domains?  I can see it if you're a large scale hosting
> provider.  Why is that so good if you're not?

My own use case is that I am consolidating some services for a customer, 
from multiple scattered hosting platforms into a VPS environment that 
they can manage.

One big part of that is that they have dozens of email addresses across 
multiple domains that need to continue working when those existing hosts 
are changed or dropped.

These "users" are email only and have no other presence on the host.

This is really my first time out with setting up a a mail server, but 
virtual mail seemed the way to go, and has worked out well so far.

>
> In the small-timer case, delivery to system accounts is far more
> powerful and flexible.  You can keep all your mail in your $HOME;
> you're able to run commands on certain incoming mail; you have many
> more options for storing and sorting mail.
>
> Furthermore, it's considerably less secure to have all mail under a
> single UID/GID, as most of these virtual/mysql howtos seem to
> advocate.  A compromise of that user means all mail is at risk.
> With system users, each recipient has her own UID, and compromises
> are limited.
>
> (Actually that can be done with virtual also; both Postfix and
> Dovecot support map lookups for the UID & GID.  But few howtos -- if
> any?  I don't think I have seen one -- show how this is done.)
>
> So my concern here is twofold: one, it promotes "virtual mail" to
> users who should not be using it; and two, it promotes the less
> secure means of doing it, under a single UID/GID.

These concerns had not really crossed my own radar, thanks for the thoughts!

Robert