Postfix delivers vm-pop3d style virtual domains through Procmail

System preparation

create a dedicated group and user account for handling virtual domains

groupadd -g 500 vmail

ls -alF /var/spool/virtual # no exist
useradd -u 500 -g 500 --system -m -k /dev/null -d /var/spool/virtual -s /sbin/nologin vmail

grep vmail /etc/group
grep vmail /etc/passwd

trying with two domains

mkdir /var/spool/virtual/nethence.com/
mkdir /var/spool/virtual/os3.su/
chown -R vmail:vmail /var/spool/virtual/

note the user’s Maildir folders will be created by procmail.

System-wide Procmail

prepare the log file

touch /var/log/procmail.log
chown vmail:vmail /var/log/procmail.log
chmod 640 /var/log/procmail.log

notice the trailing-slash for Maildir

    vi /etc/procmailrc

    DROPPRIVS=yes
    DEFAULT=/var/spool/virtual/$ER_DOMAIN/$ER_USER/

    VERBOSE=no
    LOGFILE=/var/log/procmail.log

here’s a more advanced example, incl. some filtering

DROPPRIVS=yes
MAILDIR=/var/spool/virtual/$ER_DOMAIN/$ER_USER/
DEFAULT=/var/spool/virtual/$ER_DOMAIN/$ER_USER/

VERBOSE=no
LOGFILE=/var/log/procmail.log

:0
* ^Sender:.*
.Mailing-lists/

:0
* ^List-ID:.*
.Mailing-lists/

:0
* ^List-Id:.*
.Mainling-lists/

:0
* ! $ ^(To|Cc):.*$ER_USER@$ER_DOMAIN
.Bcc/

and eventually setup logrotate or newsyslog accordingly.

Postfix setup

see postfix for a casual configuration example. here’s what’s specific for virtual domains.

beware about bounces. we have a choice. either you wanna keep the hostname as myorigin and mydestination

vi /etc/postfix/main.cf

myhostname = xc.nethence.com
myorigin = xc.nethence.com
mydomain = nethence.com
mydestination = xc.nethence.com

or you just go for a full-blown and monolitic MX that has no local mbox

myhostname = xc.nethence.com
myorigin = nethence.com
mydomain = nethence.com
mydestination =

virtual_mailbox_domains = nethence.com os3.su
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = vproc:dummy
vproc_destination_recipient_limit = 1

the variables are defined right after -m and before its meaningful argument. flags are for Maildir. change to DFRXhqu> for mbox (add F and >), see man pipe

which procmail
ls -lF /etc/procmailrc
vi /etc/postfix/master.cf

vproc     unix  -   n       n       -       -       pipe flags=DRXhqu user=vmail
    argv=/usr/bin/procmail -m E_SENDER=$sender E_RECIPIENT=$recipient ER_USER=$user ER_DOMAIN=$domain ER_DETAIL=$extension NEXTHOP=$nexthop /etc/procmailrc

the second column is just a placeholder, we won’t use it

vi /etc/postfix/vmailbox

pbraun@nethence.com     pbraun@nethence.com
check@os3.su            check@os3.su

the destination needs the full domain here, as we’re dealing with virtual domains

vi /etc/postfix/valiases

postmaster@nethence.com         pbraun@nethence.com
abuse@nethence.com              pbraun@nethence.com

postmaster@os3.su       pbraun@nethence.com
abuse@os3.su            pbraun@nethence.com

generate the berkeley hash files

postmap /etc/postfix/vmailbox
postmap /etc/postfix/valiases
ls -lF /etc/postfix/vmailbox.db
ls -lF /etc/postfix/valiases.db

apply

postfix reload

Dovecot setup

see dovecot-vmail

Acceptance

before, domain folders are empty

ls -alF /var/spool/virtual/nethence.com/ # empty
ls -alF /var/spool/virtual/os3.su/ # empty

send a message locally to avoid any kind of anti-spam blocking, while reading logs in another terminal

tail -F /var/log/maillog /var/log/secure
openssl s_client -starttls smtp -connect localhost:25

ehlo localhost
mail from:<noexist@nethence.com>
rcpt to:<check@os3.su>
rcpt to:<pbraun@nethence.com>
data
lala
.
quit

after, mbox files got created

cat /var/spool/virtual/nethence.com/pbraun
cat /var/spool/virtual/os3.su/check

and eventually that aliases work (including cross-domain)

    ehlo localhost
    mail from:<noexist@nethence.com>
    rcpt to:<abuse@nethence.com>
    data
    lala
    .
    quit

    ehlo localhost
    mail from:<noexist@nethence.com>
    rcpt to:<abuse@os3.su>
    data
    lala
    .
    quit

Troubleshooting

testing with MAIL FROM example.net,com,org won’t do here

550 5.7.27 <check@example.com>: Sender address rejected: Domain example.com does not accept mail (nullMX)

need to create postmaster user for bounces?

Jun  9 09:30:10 slackmx postfix/pipe[6060]: 49h0bk0zYcz1yLF: to=<postmaster@nethence.com>, orig_to=<postmaster>, relay=vproc, delay=0.1, delays=0.04/0.02/0/0.04, dsn=2.0.0, status=sent (delivered via vproc service (procmail: Couldn't chdir to "/var/spool/virtual/nethence.com/postmaster-mail"))

cannot use procmailrcs/default.rc

Apr 24 12:22:50 xc procmail[15956]: Denying special privileges for "/etc/procmailrcs/default.rc"
Apr 24 12:22:50 xc postfix/pipe[15955]: 4FS5Kd4wWFz1Jf: to=<check@os3.su>, relay=vproc, delay=7.2, delays=7.1/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via vproc service (procmail: Denying special privileges for "/etc/procmailrcs/default.rc"))

Resources

postfix <-> procmail

Non-Postfix mailbox store: separate domains, non-UNIX accounts http://www.postfix.org/VIRTUAL_README.html#in_virtual_other

Postfix Lookup Table Overview http://www.postfix.org/DATABASE_README.html

pipe - Postfix delivery to external command http://www.postfix.org/pipe.8.html

Procmail with Postfix and virtual mailboxes https://askubuntu.com/questions/303945/procmail-with-postfix-and-virtual-mailboxes

Use procmail to sort incoming emails https://web.archive.org/web/20121201015928/http://wiki.excito.org/wiki/index.php/Use_procmail_to_sort_incoming_emails