Virtual Mail Accounts

Setting up Virtual Mail Accounts

Purpose: The purpose of this page is to explain how to set up Virtual email accounts on the mail server, and to explain the process involved. These instructions cover username setup, password setup, sendmail configuration, and pop server (teapop) configuration.

Procedure:

Setting up the user accounts
Configuring sendmail
Configuring teapop

Theory:

Overview of the virtual mail process

Part 1: Setting up the user accounts.

Think of a local username and password for the new virtual account

Verify that this name is unique, and doesn't appear in /etc/passwd.

think of a random-ish password for that account: eg j04n4CmE is ok, johnacme is not.

Create the user and account:

Set the password:

Convert the password file to shadow format, so that teapop can authenticate with PAM

Part 2: Setting up Sendmail

Make an entry into sendmail.cw for the new virtual domain so that sendmail knows it is responsible for this domain:

Modify the virtualusertable.txt file to map virtualuser to localuser:

Regenerate the virtusertable hash file:

Modify the genericstable.txt so that outgoing messages look like they come from the virtualdomain:

Regenerate the genericstable hash file:

Put the virtual domain name into /etc/mail/relay-domains so that they can send mail

Put the virtual domain name into /etc/sendmail.cG

Restart Sendmail so that the changes (particularly to sendmail.cw) take place

Part 3: Setting up Teapop

Put a line into /etc/teapop.passwd to handle mail ftom the virtual domain:

virtualdomain.com:ip-of-virtualdoomain:textfile::0:username:mail:/passwordfile:
eg:
acme.com:63.73.48.3:textfile::0:johnacme:mail:/usr/local/etc/acme.com.passwd
see the examples already in the file

Create a password file in /usr/local/etc/acme.com.passwd

And that is it! Test it by sending the new account an email, then change the settings on your outlook or netscape to that new account and receive that email. Remember that in outlook and netscape, the username for the pop account is the entire email address, and that in netscape, the username is user%virtualdomain ( teapop rewrites the % as an @ to get around netscapes habit of disposing of anything after an @ in a username ).

Overview of the process: Virtual mail on the mail server is a result of an interplay between the local user authentication system, the sendmail program, and the pop daemon. Each of these systems views the incoming mail request from a slightly different perspective.

When mail is sent to the mailserver, it is handled by sendmail, which first looks in the file sendmail.cw to see if the virtual domain is one for which sendmail is responsible. If it is, sendmail then looks at its hashed database file /etc/mail/virtusertable to find the name of the local user who corresponds to the virtual user. Sendmail then handles that mail, and passes it over to procmail, which writes the message to a file /var/spool/mail/$localuser.

Similarly, when a virtual user sends mail from this account, sendmail looks into the hash database file /etc/mail/genericstable for the local user , and rewrites the From field in the mail address so that it corresponds to the virtual user. Sendmail then checks the file /etc/relay-domains to see whether this virtual domain can send from the mailserver, and if so, the mail is sent. Throughout this process, the "real ID" of the user, from sendmails perspective, is some arbitrary local user, not the user whose name appears in user@virtualdomain. Some other agent must therefore control access to the local system as the virtual user and ensure that the virtual user is recognised and granted the access rights of the correct local user.

On the mailserver, the program teapop (by ibrahim khalifa) is used to manage access to the mail system. A users netscape, or outlook explorer connects to port 110 on daisy, and an instance of teapop is started. Teapop sends a greeting, and then waits for the username to be sent, in the format of user@virtualdomain . Teapop then requests a password and splits the username into virtualusername and virtual domain. Teapop looks for an entry for the virtual domain in /etc/teapop.passwd, and then reads a password file (/usr/local/etc/virtualdomain.passwd) to verify the password and see which local user the virtual user corresponds to. Teapop then authenticates the local user, and if all is ok, allows the access to the mail system as localuser.