Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
Hi,
thanks for the answer.
Do I understand you right that currently it's not possible to manage
both system users and virtual users in a dovecot 2 and lmtp setup?
You were talking about adding a generic passdb/userdb {
auth_username_format } setting. Are there any plans to do so?
What are your recommendations about migrating from dovecot 1.2.15 to
dovecot 2 regarding system and virtual users? Should I use LDA instead
of LMTP then?
Thank you very much,
David
Timo Sirainen schrieb am 31.03.2013 10:53:
On 22.3.2013, at 11.53, David Obando da...@cryptix.de wrote:
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb
configuration. So, doveconf -n output?
I use version 2.1.7 from the backports repo on Debian Squeeze.
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
Nope, you can't currently do user@domain auth for sql and user for PAM.
You could try using passdb checkpassword instead though, which allows you to
script it any way you want.
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
driver = passwd
}
Also userdb passwd can't do that.
I've thought of adding a generic passdb/userdb { auth_username_format }
setting, but that doesn't exist yet. Would be easy to do though..
--
The day microsoft makes something that doesn't suck is the day they start
making vacuum cleaners.
gpg --keyserver pgp.mit.edu --recv-keys 1920BD87
Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
On Thu, 2013-04-11 at 11:04 +0200, David Obando wrote:
Hi,
thanks for the answer.
Do I understand you right that currently it's not possible to manage
both system users and virtual users in a dovecot 2 and lmtp setup?
If you have only a single domain, set auth_username_format=%Ln and
configure your virtual userdb to work without @domain.
Or you could switch to using only virtual users, and have your MTA
forward the local users' mails to virtual users.
Or you could use userdb checkpassword instead of passwd, which strips
away the domain before doing a passwd lookup.
You were talking about adding a generic passdb/userdb {
auth_username_format } setting. Are there any plans to do so?
Sure, but as to when I'll actually implement it, no idea. It's not a big
priority right now (although it would probably be pretty quick to
implement).
What are your recommendations about migrating from dovecot 1.2.15 to
dovecot 2 regarding system and virtual users? Should I use LDA instead
of LMTP then?
That's one possibility too, yes.
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
On 22.3.2013, at 11.53, David Obando da...@cryptix.de wrote:
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb
configuration. So, doveconf -n output?
I use version 2.1.7 from the backports repo on Debian Squeeze.
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
Nope, you can't currently do user@domain auth for sql and user for PAM. You
could try using passdb checkpassword instead though, which allows you to script
it any way you want.
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
driver = passwd
}
Also userdb passwd can't do that.
I've thought of adding a generic passdb/userdb { auth_username_format }
setting, but that doesn't exist yet. Would be easy to do though..
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
I'm interested in this as well, and having looked over the wiki2 pages on LDA and LMTP, and the files conf.d/15-lda.conf and conf.d/20-lmtp.conf to which they refer, I still don't see how the lmtpd knows a given user@domain is a system user. For virtual domains, I guess the assumption is that the Dovecot username is user@domain. (Even that assumption is not necessarily valid; there is no requirement to format virtual usernames that way.) The closest I can find is hostname in 15-lda.conf, but that does not really say anything about it being used to identify a system user. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
On Thu, 2013-03-21 at 15:10 +0100, David Obando wrote: Is there a way to define if user is local then auth_username_format = %n else auth_username_format = %Lu? Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output?
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb
configuration. So, doveconf -n output?
I use version 2.1.7 from the backports repo on Debian Squeeze.
My doveconf -n:
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686-bigmem i686 Debian 6.0.7
auth_cache_size = 10 M
auth_debug = yes
auth_mechanisms = plain login digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
auth_verbose_passwords = sha1
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 105
listen = *
log_timestamp = %Y-%m-%d %H:%M:%S
login_log_format_elements = user=%u method=%m rip=%r lip=%l mpid=%e %c
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir =
}
protocols = imap lmtp sieve pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service imap-login {
inet_listener imap {
address = localhost
port = 999
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 1
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
ssl_ca = /etc/ssl/certs/cacert.org.pem
ssl_cert = /etc/ssl/certs/mail.orange.cryptix.de.crt
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
ssl_key = /etc/ssl/private/mail.orange.cryptix.de.key
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
driver = passwd
}
protocol imap {
imap_idle_notify_interval = 2 mins
imap_logout_format = bytes=%i/%o
mail_max_userip_connections = 20
mail_plugins =
}
protocol lmtp {
mail_plugins = sieve
}
protocol pop3 {
mail_max_userip_connections = 20
pop3_uidl_format = %08Xu%08Xv
}
Thanks,
David
--
The day microsoft makes something that doesn't suck is the day they start
making vacuum cleaners.
gpg --keyserver pgp.mit.edu --recv-keys 1920BD87
Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
[Dovecot] Postfix/Dovecot/lmtp with virtual and local users
Hi all, I'm about to change my Debian mailserver setup from Postfix/dovecot1/procmail to Postfix/dovecot2/sieve with lmtp enabled. After enabling lmtp the virtual users can receive e-mails but not the local users: Mar 21 14:21:40 orange postfix/lmtp[4119]: DE62226216: to=u...@orange.domain.de, relay=orange.domain.de[private/dovecot-lmtp], delay=7627, delays=7627/0/0/0.02, dsn=5.1.1, status=bounced (host orange.domain.de[private/dovecot-lmtp] said: 550 5.1.1 u...@orange.domain.de User doesn't exist: u...@orange.domain.de (in reply to RCPT TO command)) In 10-auth.conf I have the setting auth_username_format = %Lu. When changing it to auth_username_format = %n the local users can be found but not the virtual users anymore. Is there a way to define if user is local then auth_username_format = %n else auth_username_format = %Lu? Thanks and best regards, David -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
