[Dovecot] Configuration of LMTP Reject Code
Petter Urkedal
urkedal at nbi.dk
Tue Feb 22 15:19:24 EET 2011
On 2011-02-22, Timo Sirainen wrote:
> On Tue, 2011-02-22 at 11:02 +0100, Petter Urkedal wrote:
> > userdb {
> > driver = passwd
> > args = home=/srv/mail/nbi.ku.dk/%1n/%n mail=maildir:~/Maildir
> > }
>
> The problem with passwd is that it can't separate "user doesn't exist"
> from "temporary error". http://wiki2.dovecot.org/UserDatabase/NSS can
> separate these, but it hasn't been tested much..
I can see the issue with getpwnam is described in its Linux man-page:
The formulation given above under "RETURN VALUE" is from POSIX.1-2001.
It does not call "not found" an error, and hence does not specify what
value errno might have in this situation. But that makes it impossi-
ble to recognize errors. One might argue that according to POSIX
errno should be left unchanged if an entry is not found. Experiments
on various Unix-like systems show that lots of different values occur
in this situation: 0, ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and
probably others.
Since this is an issue with getpwnam (even the POSIX standard,
apparently), maybe the assumption about why getpwnam fails can be passed
directly to the userdb module? I can see that
userdb_static_template_build accepts arbitrary key=value pairs, so how
about something like
userdb {
driver = passwd
args = ... tempfail=1
}
Anyway, thanks for the suggestion about NSS. We may also use LDAP
directly, though that means we bypass the nslcd (nscd) cache, which is a
bit unfortunate. So I think we can manage, but you have my vote for
adding a workaround for the getpwnam issue.
More information about the dovecot
mailing list