> On 26. Mar 2022, at 19.32, Mark Olbert <m...@arcabama.com> wrote: > > Apologies if this has already been raised here (which I suspect it has 😊). I > tried to raise it as an issue over on github but issues are not enabled for > the repository. > > The support for mixing virtual users, with fully-qualified email addresses, > and system users could be simpler. Assuming it doesn’t mess up other stuff in > the code base, of course 😊. > > The problem appears to be that the PAM passwd module requires just user names > without a domain (which makes sense given that they’re system users) but does > not, so far as I can see, support the username_format argument. In my setup, > the default structure of 10-auth.conf demonstrates this: > > auth_username_format = %n > > That means all username arguments lack the domain part…which complicates > using fully-qualified ones for virtual users. I realize I could assign > arbitrary unique names to the virtual accounts in the lookup file. But that > complicates administering the system, so I want to be able to include the > domain for virtual users.
Change that. use auth_username_format = %Lu (which is the default, not %n) then for the PAM passdb use username_filter = !*@* that will then skip all usernames that have @ included. Dovecot 2.2.30 or later required for that. Sami