While this solution works fine for imap purposes, I cannot get this to work the way I want with postfix and deliver. What I would like to have is that if a message is sent to a non-existing user, it gets rejected. Instead, I can see in the logs that deliver notices that the mailbox doesn't exist (msgid=<[EMAIL PROTECTED]>: Couldn't open mailbox {}: Mailbox doesn't exist: {}), but it also reports that it delivered it to the INBOX (msgid=<[EMAIL PROTECTED]>: saved mail to INBOX) and postfix reports 'status=sent (delivered via dovecot service). I tried several other options (without '-e' the dovecot line in master.cf - same result; without allow_all_users=yes - dovecot-auth complains that: passdb doesn't support lookups, can't verify user's existence).
In postfix, I have in main.cf: virtual_mailbox_domains = domain.net virtual_alias_maps = hash:/srv/mail/aliases virtual_transport = dovecot dovecot_destination_recipient_limit = 1 master.cf contains: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user} -n -m {$extension} -e In aliases, I have a mapping from, for example, [EMAIL PROTECTED] to koen: [EMAIL PROTECTED] koen dovecot -n shows: # 1.0.10: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_extra_groups: mail mail_location: maildir:/srv/mail/%u/mail mail_debug: yes auth default: passdb: driver: pam userdb: driver: static args: uid=vmail gid=vmail home=/srv/mail/%u allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail I have setup pam with auth required pam_listfile.so onerr=fail item=user sense=allow file=/srv/mail/mailusers Best, Koen On Fri, 2008-01-18 at 10:46 +0100, Koen Vermeer wrote: > Thanks for the pointer. I guess I need to change the userdb entry as > well. I now have > > userdb static { > args = uid=xxx gid=xxx home=whatever allow_all_users=yes > } > > which seems to do what I want. I'll test some more, but I guess this > works fine. Thanks again! > > Best, > Koen > > > On Fri, 2008-01-18 at 09:25 +0000, Rob Coward wrote: > > If you are using pam already, why not add to /etc/pam.d/dovecot > > something like: > > > > auth required pam_listfile.so onerr=fail item=user sense=allow > > file=/etc/dovecot/allowed_users > > > > The syntax may not be quite correct as this is off the top of my head > > and I havent tested it, but we do something very similar with other pam > > authentications, such as from vsftpd, to restrict user access. > > > > Regards, > > Rob > > > > On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote: > > > Hi, > > > > > > On my system, I want to provide imap access for some of the users listed > > > in /etc/passwd. The list of users should be provided by me, and should > > > just be a list in a text file. All the userdb options are static (uid, > > > gid, home directory). Unfortunately, I cannot think of a way to > > > configure Dovecot to do this. The closest I get is with: > > > > > > passdb pam {} > > > userdb passwd-file { > > > args = /path/to/passwd-file > > > } > > > > > > However, the passwd-file is now more complex than it really needs to be, > > > as it includes fields for password, uid, gid and home directory as well. > > > > > > Is there some way to handle this? Or am I trying to do something stupid? > > > > > > Thanks! > > > > > > Koen > > > > > > > > > Please consider the environment before printing this email. > > > > > > GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006 > > Golden Joystick Awards and > > 'Thames Valley Business Award' for Outstanding Employer of Choice 2006. > > > > This e-mail and any files transmitted with it are confidential and intended > > solely for the use of the > > individual or entity to whom they are addressed. If you have received this > > e-mail in error please > > notify the system manager at: > > > > mailto:[EMAIL PROTECTED] > > > > The recipient acknowledges that the transmissions made via the Internet can > > be corrupted and therefore > > THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as > > to the quality or accuracy of > > any information contained in the message or assume any liability for it or > > for its transmission, reception or storage. > > > > This footnote also confirms that this e-mail message has been swept by > > anti-virus software for the presence of computer viruses. > > > > http://www.game.co.uk > > http://www.gamegroup.plc.uk > > > > Registered Number: 1937170 > > Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 > > 6YJ Registered in England and Wales. >