Hi folks. I've been lurking on this thread for a little while and I thought I might have something relevant to add. I'd normally send it to the users list but I thought it might lead to some useful discussion.
I'm attempting to bring up several lists on one of my servers using virtfs. For those not familiar with virtfs, it's an easy way of using chroot to create several "virtual machines" on one server, each answering to its own IP address and each behaving like it's a standalone machine. In my installation, all of my "virtual" machines sit off on a big raid partition, so they look like /storage/virtual/domainA.com,/storage/virtual/domainB.net, and so on.
The advantages are
- It's easy to manage. I can pop into any machine whether or not it has
shell access and move files around easily. I can also create a new domain from a template in under thirty seconds and start adding users and email accounts.
- It's more secure. I'm moving everything to virtual domains because the
chrooted virtual machines don't have to have any of the tools I'd normally need just to manage a machine, i.e. su, compilers, etc. If someone managed to gain root, it's still hard to get past the chrooted environment.
- Email is really easy to manage, because instead of using sendmail's
mechanism for multiple domains (sorta clumsy compared to the elegant mechanism in apache, for instance), I can just create recklessly and wickedly create users, willy nilly ha ha! Ignore that last indiscression.
The disadvantages are:
- It takes a little more storage. Each machine occupies a few megs of drive
- Getting mailman up and running properly has tied my face in unsightly
So I'm an example of the situation that's come up hypothetically the last few days in the discussion of virtual domains. I'd love to be able to have a robust mailing list manager, with an MTA that will lovingly listen to any IP I choose, that will manage users across lists and domains opaquely to them and transparently to me. Alternately, I might want some day for them or me to be able to manage their own accounts across domains just the same way they might manage their own accounts in one domain. I want separate domains that behave as separate domains in their entirety because they're often easier to manage that way, and more secure. I want I want I want...
If anyone wants to play, this is what I've done:
- I set up several virtual domains on a separate storage server, with their
own copies of sendmail called by a daemon that in turn is called by inetd that's part of the virtfs package.
- I set up separate copies of mailman in each, and because they will be
called/used by both apache (which doesn't use chroot) and sendmail (which does) I created a nice long symbolic link from a directory hung off the virtual root called /storage/virtual/domainA/home/mailman to the virtual /home/mailman directory. That way both apache and the chrooted sendmail can find their way to the mailman files, which have been set up with the --prefix= /storage/virtual/domainA/home/mailman option in configure.
- I've spent many hours trying to figure out why it doesn't work this
way. I need to go buy the O'Reilly Python book, I guess. Somehow mail to test-request@domainA.net gets black-holed with "operating system error" and I haven't figured out why.
There you have it. I hope my concrete example of one of your hypothetical situations helps, and if anyone takes pity on me and figures out why I'm dysfunctional I'd be really grateful.
Thanks! Dave Klingler