1 files changed, 46 insertions, 0 deletions

diff --git a/roles/mail/templates/postfix/virtual-users.j2 b/roles/mail/templates/postfix/virtual-users.j2
new file mode 100644
index 0000000..4de0a60
--- /dev/null
+++ b/roles/mail/templates/postfix/virtual-users.j2
@@ -0,0 +1,46 @@
+#
+# /usr/local/etc/postfix/virtual-users
+# Postfix: $virtual_mailbox_maps
+#
+# Tell Postfix the virtual users for which its actually responsible
+# for mail delivery.
+#
+# References:
+# * Postfix SASL HOWTO - Envelope sender address authorization
+#   http://www.postfix.org/SASL_README.html#server_sasl_authz
+#
+# Aaron LI
+#
+
+#======#
+# NOTE #  Once modified this file, run "postmap" on it!
+#======#
+
+# NOTE
+# ----
+# Make sure to have two columns, since this file will be used to map
+# e-mail addresses to allowed SASL-authenticated accounts --- in other
+# words, one of the things we're defining here is that when you
+# authenticate to Dovecot as "you@yourdomain.com," Postfix knows that
+# you're allowed to send e-mail from the "you@yourdomain.com" e-mail
+# address.
+#
+# NOTE
+# ----
+# By default an SMTP client may specify *any* envelope sender address
+# in the "MAIL FROM" command, because the server only knows the remote
+# client's hostname and IP address, but not the user who controls the
+# remote client.
+# But the Postfix SMTP server knowns who the sender is once the SASL
+# authentication is used.  This table file provides the maps betwee
+# envelope sender addresses and SASL login names, which is used by the
+# server to decide if the SASL authenticated client is allowed to use
+# a particular envelope sender address.
+#
+
+# Envelope sender               | Owner (SASL login names)
+# ---------------------------------------------------------------------
+{% set mydomain = mail.domains[0] %}
+{% for user in ["aly", "wt", "lulu", "root"] %}
+{{ user }}@{{ mydomain }}	{{ user }}@{{ mydomain }}
+{% endfor %}