subject:"\[Dovecot\] different userdb and\/or passdb for lmtp and pop3\/imap\?"

Re: [Dovecot] different userdb and/or passdb for lmtp and pop3/imap?

2012-09-06 Thread Gábor Lénárt

Hi Again,

On Wed, Sep 05, 2012 at 12:20:26PM +0200, Gábor Lénárt wrote:
[...]
> I am also confused, because on receiving a mail (via LMTP) different
> kind of LDAP lookup is needed: then mail must be searched, but it's
> storageMailUid based lookup in case of pop3 or imap login ... Is it
> possible to give different userdb/passdb for lmtp and pop3/imap?

Ok, after some "serious" google usage, I found a message in the mail list
archive, that it helps to put userdb/passdb section inside the protocol
specific part of the configuration.  So I have something now like this:

protocol pop3 {
[...]
}
protocol imap {
[...]
}
protocol lmtp {
[...]
passdb {
[...]
}
userdb {
[...]
}
}
passdb {
[...]
}
userdb {
[...]
}

I have the idea, that in this way, lmtp should use dbs specified in the lmtp
specific protocol settings, any other stuffs will use the settings at the
"root level" of the configuration (this also includes iteration specific
filter).

However eg if I try to deliver a mail through lmtp in this way to a
non-existing mail user, I can see in the logs, that lmtp after trying the
specific dbs, it will also try the "global" ones, which is not good for me,
as it can cause mis-deliveries instead of rejecting (as I have "some@thing"
formatted %u for both of uid and mail but often they are not the same for
the same user).

I would be able to put db specifications into pop3 and imap (so not "global"
configuration for them) but I guess in this case other services may (?)
fail, like doveadm stuffs with CLI swtich -A (or am I wrong here?). Also
it's not as nice, since then I must duplicate the same db specifications in
both of imap and pop3 protocol specification parts of the configuration even
they are the very same.

Is there any idea to fix this little problem and/or a suggestion to solve my
problem in a more elegant way than I tried to do?

Thanks a lot in advance.

- Gábor

[Dovecot] different userdb and/or passdb for lmtp and pop3/imap?

2012-09-05 Thread Gábor Lénárt

Dear All,

I have a bit complex question about ldap based user/passdb with some twists
caused by the LDAP schema I have to use. It's complex for me at least, since
it's my first time to try to setup any dovecot install which is more than a
"trivial" thing eg for some unix system users.

What I'd like to do:

Users are stored in LDAP with the following schema:

storageMailUid:

  contains user's uid in x@z format, and it CAN be different than
  mail address. This value is used to login (pop3/imap) and to
  get the maildir path (well, home) in the form of /mailstorage/z/x/ regardless
  of the value of the "mail" attribute. If @z part is missing (I mean
  the user supplied login, not the LDAP!), some default value (example.com)
  should be treated (I guess that's easy: auth_default_realm may be
  enough, isn't it). It is NOT possible to login via pop3/imap with mail,
  only with storageMailUid! This storageMailUid can specify a string
  which is not even an existing mail address, of course.

mail:

  contains user's mail address, or even mail addresses (there
  can be more mail addresses - more mail ldap attributes - for
  a single ldap entry). This attribute cannot be used
  for pop3/imap login, neither it counts to resolve the maildir path,
  it only counts when a mail is received: the location of the
  user's maildir must be got from storageMailUid.

storageMailQuota: 

  it contains the quota value (in bytes) for the given user, which
  should be enforced on receiving mail, or by using IMAP (not
  counting the Trash folder which is a fixed size for all users
  and it must be handled outside of this).

All user maildirs have the same fixed unix UID/GID, which is not stored
in LDAP, but must be configured statically. "Home directory" of the user
is also not stored in LDAP, it must be got from storageMailUid LDAP parameter.

Mails are received via LMTP only.

I'd like to use prefetchdb to minimalize the amount of LDAP lookups (however
I can live without that).  I am unsure if auth_bind is OK, or it should not
be used, currently I'd like to play with auth_bind, since it worked before
on other servers well.

I'm totally lost with the user_attrs/pass_attrs to create this kind of 
configuration.
In case of static userdb, it was easy to set up:

passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
userdb {
args = uid=vmail gid=vmail home=/mailstorage/%Ld/%Ln
driver = static
}

With this, pop3/imap worked (quota was not of the scope yet, though),
however lmtp is not ("passdb doesn't support lookups, can't verify user's
existence" which is odd for me, as userdb does not support it in my
opinion).

Please, give some suggestion how to set up userdb and passdb to support
this configuration which works with the described scenario. I should also
set iterate_filter and iterate_attrs I guess, so some doveadm commands
can work then (-A stuffs, I guess).

I am also not sure if auth service should be used or not (I mean extra
configuration related): since I want LMTP not LDA, I guessed I don't need
it, but I am not sure.

I am also confused, because on receiving a mail (via LMTP) different
kind of LDAP lookup is needed: then mail must be searched, but it's
storageMailUid based lookup in case of pop3 or imap login ... Is it
possible to give different userdb/passdb for lmtp and pop3/imap?

In theory it's even possible to have x...@example.com as mail and 
y...@example.com
as storageMailUid for one user, and the opposite for the another, so lookups
cannot be done together for mail and storageMailUid.

The LDAP schema/rest of the system works this way, not an option to change.

Any help is greatly welcomed.

Thanks a lot in advance,

Gábor

Re: [Dovecot] different userdb and/or passdb for lmtp and pop3/imap?

[Dovecot] different userdb and/or passdb for lmtp and pop3/imap?

2 matches

Site Navigation

Mail list logo

Footer information