maddy

Fork https://github.com/foxcpp/maddy

git clone git://git.lin.moe/go/maddy.git

  1# Multiple domains configuration
  2
  3By default, maddy uses email addresses as account identifiers for both
  4authentication and storage purposes. Therefore, account named `user@example.org`
  5is completely independent from `user@example.com`. They must be created
  6separately, may have different credentials and have separate IMAP mailboxes.
  7
  8This makes it extremely easy to setup maddy to manage multiple otherwise
  9independent domains.
 10
 11Default configuration file contains two macros - `$(primary_domain)` and
 12`$(local_domains)`. They are used to used in several places thorough the
 13file to configure message routing, security checks, etc.
 14
 15In general, you should just add all domains you want maddy to manage to
 16`$(local_domains)`, like this:
 17```
 18$(primary_domain) = example.org
 19$(local_domains) = $(primary_domain) example.com
 20```
 21Note that you need to pick one domain as a "primary" for use in
 22auto-generated messages.
 23
 24With that done, you can create accounts using both domains in the name, send
 25and receive messages and so on.  Do not forget to configure corresponding SPF,
 26DMARC and MTA-STS records as was recommended in
 27the [introduction tutorial](tutorials/setting-up.md).
 28
 29Also note that you do not really need a separate TLS certificate for each
 30managed domain. You can have one hostname e.g. mail.example.org set as an MX
 31record for multiple domains.
 32
 33**If you want multiple domains to share username namespace**, you should change
 34several more options.
 35
 36You can make "user@example.org" and "user@example.com" users share the same
 37credentials of user "user" but have different IMAP mailboxes ("user@example.org"
 38and "user@example.com" correspondingly). For that, it is enough to set `auth_map`
 39globally to use `email_localpart` table:
 40```
 41auth_map email_localpart
 42```
 43This way, when user logs in as "user@example.org", "user" will be passed
 44to the authentication provider, but "user@example.org" will be passed to the
 45storage backend. You should create accounts like this:
 46```
 47maddy creds create user
 48maddy imap-acct create user@example.org
 49maddy imap-acct create user@example.com
 50```
 51
 52**If you want accounts to also share the same IMAP storage of account named
 53"user"**, you can set `storage_map` in IMAP endpoint and `delivery_map` in
 54storage backend to use `email_locapart`:
 55```
 56storage.imapsql local_mailboxes {
 57   ...
 58   delivery_map email_localpart # deliver "user@*" to "user"
 59}
 60imap tls://0.0.0.0:993 {
 61   ...
 62   storage &local_mailboxes
 63   ...
 64   storage_map email_localpart # "user@*" accesses "user" mailbox
 65}
 66```
 67
 68You also might want to make it possible to log in without
 69specifying a domain at all. In this case, use `email_localpart_optional` for
 70both `auth_map` and `storage_map`.
 71
 72You also need to make `authorize_sender` check (used in `submission` endpoint)
 73accept non-email usernames:
 74```
 75authorize_sender {
 76  ...
 77  user_to_email chain {
 78    step email_localpart_optional           # remove domain from username if present
 79    step email_with_domain $(local_domains) # expand username with all allowed domains
 80  }
 81}
 82```
 83
 84## TL;DR
 85
 86Your options:
 87
 88**"user@example.org" and "user@example.com" have distinct credentials and
 89distinct mailboxes.**
 90
 91```
 92$(primary_domain) = example.org
 93$(local_domains) = example.org example.com
 94```
 95
 96Create accounts as:
 97
 98```shell
 99maddy creds create user@example.org
100maddy imap-acct create user@example.org
101maddy creds create user@example.com
102maddy imap-acct create user@example.com
103```
104
105**"user@example.org" and "user@example.com" have same credentials but
106distinct mailboxes.**
107
108```
109$(primary_domain) = example.org
110$(local_domains) = example.org example.com
111auth_map email_localpart
112```
113
114Create accounts as:
115```shell
116maddy creds create user
117maddy imap-acct create user@example.org
118maddy imap-acct create user@example.com
119```
120
121**"user@example.org", "user@example.com", "user" have same credentials and same
122mailboxes.**
123
124```
125   $(primary_domain) = example.org
126   $(local_domains) = example.org example.com
127   auth_map email_localpart_optional # authenticating as "user@*" checks credentials for "user"
128
129   storage.imapsql local_mailboxes {
130      ...
131      delivery_map email_localpart_optional # deliver "user@*" to "user" mailbox
132   }
133
134   imap tls://0.0.0.0:993 {
135      ...
136      storage_map email_localpart_optional # authenticating as "user@*" accesses "user" mailboxes
137   }
138
139   submission tls://0.0.0.0:465 {
140      check {
141        authorize_sender {
142          ...
143          user_to_email chain {
144            step email_localpart_optional           # remove domain from username if present
145            step email_with_domain $(local_domains) # expand username with all allowed domains
146          }
147        }
148      }
149      ...
150   }
151```
152
153Create accounts as:
154```shell
155maddy creds create user
156maddy imap-acct create user
157```