-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 12 Feb 2016, Gabriel L. Somlo wrote:
I'm trying to allow domain-less logins for a multi-domain virtual IMAP
server, and wondering if I can automatically infer the domain (value of
variable %d) from the local IP (%l) or the hostname used by the client
when connecting to my server.
Let's say I have two host names: mail.foo.org (10.0.0.100) and
mail.bar.com (10.0.0.200), with forward and reverse DNS configured to
resolve A and PTR records in either direction.
Let's also say I have 10.0.0.100 and 10.0.0.200 set up as secondaries
on my server's loopback interface, and routing is set up to bring client
traffic to me for both of those IP addresses.
Hm, it should be possible like so:
1) keep the file you have now as 2nd passdb, in order to let your users
login like now from anywhere
us...@foo.org:{PLAIN}user1foo
2) from this file create another passwd-file with ExtraField via script /
cron jobs, that defines
user1@10.0.0.100:{PLAIN}user1foo:::::user=us...@foo.org
see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
Maybe allow_nets could limit the clients further.
Then add another passdb section pointing to that file using
username_format=%n@%l
http://wiki2.dovecot.org/AuthDatabase/PasswdFile
That will map domain-less logins to full mail addresses, which in turn
sets %d, too.
The relevant bits of my dovecot.conf are:
---%<------------------------------------------------------------------
mail_location = maildir:/var/lib/vmail/%d/%n
passdb {
driver = passwd-file
args = /var/lib/vmail/etc/postfix/userdb
}
userdb {
driver = static
args = uid=dovenull gid=dovenull home=/var/lib/vmail/%d/%n
}
---%<------------------------------------------------------------------
And my userdb passwd-file right now includes:
---%<------------------------------------------------------------------
us...@foo.org:{PLAIN}user1foo
us...@foo.org:{PLAIN}user2foo
us...@bar.com:{PLAIN}user1bar
us...@bar.com:{PLAIN}user2bar
---%<------------------------------------------------------------------
Right now, us...@foo.org must configure their imap client like so:
IMAP server: mail.foo.org
username: us...@foo.org
password: user1foo
I would like to require this (and other) users to only have to set:
IMAP server: mail.foo.org
username: user1
password: ...
and have dovecot somehow infer the "@foo.org" domain based on the fact
that the connection was made to 10.0.0.100, which is mail.foo.org, and
therefore the domain can *only* be "@foo.org".
I could start out by splitting my user database into two files:
userdb.foo.org
---%<------------------------------------------------------------------
user1:{PLAIN}user1foo
user2:{PLAIN}user2foo
---%<------------------------------------------------------------------
userdb.bar.com
---%<------------------------------------------------------------------
user1:{PLAIN}user1bar
user2:{PLAIN}user2bar
---%<------------------------------------------------------------------
... then modify dovecot.conf's passdb setup like so:
---%<------------------------------------------------------------------
passdb {
driver = passwd-file
args = /var/lib/vmail/etc/postfix/userdb.%d
}
---%<------------------------------------------------------------------
... but how would I insure that %d is set to the proper value based
on e.g. a reverse lookup of %l, which, in foo.org's case would be
10.0.0.100, and resolve to mail.foo.org, and *somehow* that would
match %d == "@foo.org" ?
Is this even possible in the first place, or am I just being too fussy
about the aesthetics of my users' imap client config files ? :) :)
Thanks much,
--Gabriel
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBVsbHG3z1H7kL/d9rAQLzRggAoBVJDWXDakkqLD+Gye/9KjHvfcIFkf+5
u3W7ZlPSvyePaAM8u0TDnIPJ15aeyO6XZbTTqB9iKQXzluCusvhNOUl14nVO4CjW
gJASzpo1Kc9moWW7sWXTF/MCO+O4zVSBtJWdVmJch80hQT8LJxG3jU45FJAd1Jj3
j+Rso5vEtH3Qw8i1cePaRc6FpDQ+7wboUI53OVjSKJGXbsyK5MXJFhoyvOo8UnvU
KdbyFoGkYR4n3zaSrkwof6TrRqqgcGA2TUyeQIS8j+ArhDpi7ilOU6x904KK7LoE
Ff2CzskTaTwEyTW1DZgJzLPc38PzMv9PX7QNUhdPHLFnYrhrutOfww==
=CFD6
-----END PGP SIGNATURE-----
