Postfix

This is a really, really, really simple task, but to save me the time of looking it up on those rare occasions when I need to do it I’m capturing the information here.  This is how to create, delete, or modify users for a Postfix-based mail relay using SASL.

All of these examples assume that SASL is configured to use “sasldb” as the authentication mechanism.

To create a new user, use the following syntax:

saslpasswd2 -c -u <domain> <username>

For simplicity’s sake, it’s easiest to make both the domain and the username in the command above the same as the domain and the username in the user’s e-mail address.  This will make their full username the same as their e-mail address.

To change an existing user’s password:

saslpasswd2 -u <domain> <username>

This will prompt for password and password verification.  To delete an existing user:

saslpasswd2 -d -u <domain> <username>

Finally, to list the available users on the system, simply use:

sasldblistusers2

This will list all the SASL users defined in the SASL database.  Please note that the users’ passwords will show up only as “userPassword”, so it’s not possible to see their existing passwords (at least, not without some effort).

There—now, the next time I need to do this, I’ll be able to easily remember the instructions.

Every now and then, I like to post out here a list of my current “tech projects.”  These are the things that I’m working on for my own network, things that I may or may not start recommending to or supporting for customers.

Here’s my current list:

• InterNetNews (INN):  I had an installation of INN up and running a short while back, but had to resort to an ugly hack with stunnel in order to make SSL work from a newsreader.  To get a clean build, I’ve decided I’ll just start from scratch with a clean installation.  I’ll be using CentOS 4.1 again as I work on transitioning all my Linux-based servers to a newer Linux distribution, and I’ll be compiling INN from source instead of using a package.
• OpenBSD-based antispam gateway:  I’ve got an antispam gateway running right now (uses Red Hat Linux, Postfix 2.1, SpamAssassin, Postgrey, Razor, DCC, and ClamAV), but I want to try building one using OpenBSD 3.8 (just recently released) and newer builds of Postfix, SpamAssassin, and Amavisd-New.  In particular, I’m interested in the advanced integration of newer versions of Postfix and Amavisd-New.
• XC Connect:  I’ve also mentioned XC Connect before as well, but a previous installation proved to be unstable, and the Apache integration was less than stellar.  In fact, the integration was nonexistent.  I’m going to try a clean build of CentOS 4.1 and XC Connect to see if that will correct the stability and integration problems.

I also need to wrap up the documentation for a few completed items, such as the Cisco VPN integration with Active Directory.  Mac OS X integration with Active Directory is also on the “to do” list, but it will have to wait a little while—I’ll need to find another Mac to “experiment” with instead of using my own PowerBook.

A fair number of people have asked me why I use an Apple Mac when my business centers primarily around Microsoft products such as Windows Server 2003, Active Directory, and Exchange?  That’s a reasonable question.

My computer is simply a tool to get my job done.  About two years ago, I started to evaluate the tasks that I tackle on a regular basis as part of supporting my customers’ networks.  In reviewing those tasks, it become evident to me that using Windows myself was not a prerequisite for designing, installing, and supporting Windows-based networks.  I could run a different OS—like Linux or Mac OS X—and still be perfectly able to get my job done.  In fact, given that I wanted to increase the amount of work that my company did with open source software such as Linux, Apache, Postfix, and SpamAssassin, something other than Windows might actually make that easier.

I then set out to compare the alternatives.  After comparing Linux and Mac OS X, I found that Mac OS X had the best fit for my particular needs.  I loved the mix of open source technologies (the BSD underpinnings and various other open source projects) and closed software (the ultrasmooth Aqua interface).  I loved the hardware.  And, most importantly, I found that there were applications available for Mac OS X to help me get my job done. (See my blog posting about Preferred Mac OS X Applications.)  The fact that many of the applications I needed for my job were open source applications was a bonus.

Is Mac OS X right for you?  I don’t know; that depends upon what you do at your job.  I believe that Mac OS X is a great fit for more people than Windows, but I also believe that people must use what is most ideally suited for their work.  If that is Windows; so be it.  If that is Linux, then great.  And if, like me, it is Mac OS X, then fantastic.  Each of these operating systems have their own strengths and weaknesses, and it is up to each user to determine which OS is right for them.

Now that I have Perdition up and running (although not in the way I really wanted; see my post titled “Perdition Working Now”), I’m moving on to setting up an internal news server.

Before I can get the internal news server up and running, though, I must first address the issue of e-mail submissions to these newsgroups.  See, right now I can send an e-mail to newsgroupname@domain.com (this is obviously an invalid address) and that message will be posted to the newsgroup.  This works well because the mailboxes and the newsgroups live on the same server and the mail gateway can route all messages to this server.

If I setup a separate news server, however, I’ll need some e-mail addresses to be directed to the mail server, but other e-mail addresses (the e-mail addresses for the newsgroups) to a different server altogether.  I think that Postfix can do this, but I don’t know that for certain yet.  I suspect that the answer lies somewhere in the mystery of virtual_alias_maps, but I just can’t wrap my head around it right now.  Of course, it is getting late here so that may explain it.