How does a virtual domain differ from a domain?
6.1.2 Virtual domains
Note: This section describes how to integrate Mailman with Postfix for automatic generation of Postfix virtual_alias_maps for Mailman list addresses. Mailman's support of virtual domains is limited in that list names must be globally unique within a single Mailman instance, i.e., two lists may not have the same name even if they are in different domains.
http://www.gnu.org/software/mailman/mailman-install/postfix-virtual.html
What I'm looking to do is to use postfix "vanity domains". A vanity domain is the same thing as a virtual domain? These are syntactically valid domains:
"Postfix on hosts without a real Internet hostname
This section is for hosts that don't have their own Internet hostname. Typically these are systems that get a dynamic IP address via DHCP or via dialup. "
http://www.postfix.org/SOHO_README.html#fantasy
Such as those available for free from no-ip.com? On no-ip.com it's just called a host, and you can add hosts from a drop down of domains which no-ip.com owns. I would call it a sub-domain. The lingo is throwing me a bit.
In this event, just enter the FQDN from no-ip.com into mailman and let postfix handle the rest?
thanks,
Thufir
Thufir wrote:
How does a virtual domain differ from a domain?
As far as Mailman is concerned, there is no difference. GNU-Mailman 2.1.x can handle list addresses in multiple domains with the restriction that the list names themselves must be globally unique. In Mailman, in some contexts the various domains are referred to as 'virtual', but they can be thought of as simply domains or host names.
The difference comes about in the MTA and perhaps the web server. In Postfix for example, some domains may be local and some virtual. The local domain Mailman addresses can be delivered to Mailman via aliases only. The virtual domain Mailman addresses need some kind of virtual address mapping as well. Sometimes the choice of local vs virtual for a domain in Postfix can be somewhat arbitrary. What it boils down to is if delivery to local_part@domain_1.example.net should be handled differently from delivery to local_part@local_domain.example.com, then domain_1.example.net needs to be virtual.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Thu, 2012-11-15 at 19:38 -0800, Thufir wrote:
How does a virtual domain differ from a domain?
To add to what Mark said, technically a "virtual domain" is a domain name that resolves in the domain name system to the same IP address as the primary ("real") domain name for your host. A server host can have many domain names, all pointing to the same IP address, and this is common for web and mail servers these days.
If the protocols supporting the service to the host support it, the particular service agent (mail server, web server, whatever) can determine the name by which it was addressed and do something intelligent with it. This ability is built into the HTTP1.1 standard, and also into the SMTP standard. A list server sits behind a mail server, so technically it _could_ do something with the virtual domain name. It all depends on the way the service agent handles this information.
-- Lindsay Haisley | "We have met the enemy and he is us." FMP Computer Services | 512-259-1190 | -- Pogo http://www.fmp.com |
On Fri, 16 Nov 2012 11:56:50 -0600, Lindsay Haisley wrote:
On Thu, 2012-11-15 at 19:38 -0800, Thufir wrote:
How does a virtual domain differ from a domain?
To add to what Mark said, technically a "virtual domain" is a domain name that resolves in the domain name system to the same IP address as the primary ("real") domain name for your host. A server host can have many domain names, all pointing to the same IP address, and this is common for web and mail servers these days.
It's not totally clear. I suppose it's a somewhat unusual situation because I'm only using my computer and not an intranet or anything along those lines. This configuration is down to postfix?
I don't think I'm using a virtual domain but only a local domain. (And only a local domain, nothing should go out to the internet.)
I'm going with using my vanity domain:
root@dur:~# root@dur:~# newlist mailman Enter the email of the person running the list: thufir@dur.bounceme.net Initial mailman password: To finish creating your mailing list, you must edit your /etc/aliases (or equivalent) file by adding the following lines, and possibly running the `newaliases' program:
...
dur.bounceme.net is a local domain. It doesn't exist in any DNS I'm aware of. It's just a FQDN which I got from no-ip.com as a free "host". It's unique, but I don't own the bounceme.net domain as a whole, only have access to that sub-domain.
I have postfix configured, hopefully, to only send mail to this machine and not to try to send anything to the internet.
I'm not on the wrong track with mailman? Assuming Postfix and my hosts and so forth are configured correctly, of course...
thanks,
Thufir
On Sun, 2012-11-18 at 22:41 -0800, Thufir wrote:
On Fri, 16 Nov 2012 11:56:50 -0600, Lindsay Haisley wrote:
On Thu, 2012-11-15 at 19:38 -0800, Thufir wrote:
How does a virtual domain differ from a domain?
To add to what Mark said, technically a "virtual domain" is a domain name that resolves in the domain name system to the same IP address as the primary ("real") domain name for your host. A server host can have many domain names, all pointing to the same IP address, and this is common for web and mail servers these days.
It's not totally clear. I suppose it's a somewhat unusual situation because I'm only using my computer and not an intranet or anything along those lines. This configuration is down to postfix?
It's not unusual at all. From the point of view of DNS, there's no difference between a virtual domain and a real one. They're just different names which resolve to the same IP address. My server has dozens of them.
I don't think I'm using a virtual domain but only a local domain. (And only a local domain, nothing should go out to the internet.)
I'm going with using my vanity domain:
If you're using a name which is resolved by a local name server, or from a hosts file, you can use any names you want, and of course they don't have to be registered. They don't even have to comply with standard naming conventions, although using names such as "my.mailserver.local" may confuse some software. I'm not sure what's meant by the term "vanity domain" but I'm sure it'll do just fine, as long as it resolves to a proper local IP address and if necessary there's a MX (mail exchange) record associated with it.
--
Lindsay Haisley | "Never expect the people who caused a problem
FMP Computer Services | to solve it." - Albert Einstein
512-259-1190 |
http://www.fmp.com |
Lindsay Haisley writes:
It's not unusual at all. From the point of view of DNS, there's no difference between a virtual domain and a real one.
Actually, that's not true. In the context of Mailman, the most important one is that an MX record must point to a real domain (ie, one with an A record) and you probably even want that A record to be invertible (ie, the PTR for that IP address points back to the same domain). A virtual domain also is not 100% reliable for SSL/TLS services because basic TLS does its certificate exchange at a level "below" the DNS, so deciding which virtual domain's certificate to present is problematic (there is an extension to the protocol which fixes this, but it's not 100% implemented, in particular IE on XP still can't do it according to Wikipedia, which will kill you in Japan where about 1/3 of business systems are still XP-based).
This isn't particularly relevant to people who are just plain users of the system, and I imagine to you it's all second-nature now, but the OP sounds like he's a bit into do-it-yourself so he should be aware of the limitations on doing tricky stuff based on a virtual domain.
Steve
On Tue, 2012-11-20 at 00:53 +0900, Stephen J. Turnbull wrote:
Lindsay Haisley writes:
It's not unusual at all. From the point of view of DNS, there's no difference between a virtual domain and a real one.
Actually, that's not true.
I re-read Thufir's question and realized that I misunderstood it. Yes, what he's trying to do is decidedly unusual.
A virtual domain also is not 100% reliable for SSL/TLS services because basic TLS does its certificate exchange at a level "below" the DNS, so deciding which virtual domain's certificate to present is problematic (there is an extension to the protocol which fixes this, but it's not 100% implemented, in particular IE on XP still can't do it according to Wikipedia, which will kill you in Japan where about 1/3 of business systems are still XP-based).
Being a natural-born cheapskate, and running a _very_ small business, I don't even have a wildcard SSL cert signing for FMP's SSL web presence. Certificates for email SSL/TLS are self-signed by scripts which came with the mail server (Courier-MTA). Customers who want SSL pages get a URL under secure.fmp.com with a directory/symlink to their home directory, and a PHP snippet in the page to deflect non-SSL accesses to the secure URL.
This isn't particularly relevant to people who are just plain users of the system, and I imagine to you it's all second-nature now, but the OP sounds like he's a bit into do-it-yourself so he should be aware of the limitations on doing tricky stuff based on a virtual domain.
I've always been a bit non-conformist in my system administration practices, which hasn't always made things easy, but I've learned a lot. I've never tried anything such as it seems that Thufir is working with, though.
-- Lindsay Haisley | "Fighting against human creativity is like FMP Computer Services | trying to eradicate dandelions" 512-259-1190 | http://www.fmp.com | -- Pamela Jones
participants (4)
-
Lindsay Haisley -
Mark Sapiro -
Stephen J. Turnbull -
Thufir