[Dovecot] Authentication: Dovecot -> Vpopmail - > MySQL with one table per domain

Timo Sirainen tss at iki.fi
Fri Apr 25 03:08:10 EEST 2008

On Mon, 2008-03-24 at 10:44 -0700, James Nordstrom wrote:
> 	password_query = select pw_clear_passwd as password
> from %d where pw_name = '%n'
> 	Where %d is the name of the table.  I can't use the
> exact domain name at it will not match the vpopmail
> format domainname_com.  I would be happy to use some
> sort of sting builder but and not sure what my options
> are in the .conf file.

You could convert '.' to '_':

auth_username_translation = ._

But using %d directly in the SQL query is getting a bit dangerous. The
default auth_username_chars should make it safe, but if you add more
chars such as ';' and ' ' you'll have a potential SQL injection security

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080425/0d94343d/attachment-0001.bin 

More information about the dovecot mailing list