[Dovecot] Static list of users with passdb pam

Koen Vermeer koen at vermeer.tv
Tue Jan 29 12:48:25 EET 2008 

While this solution works fine for imap purposes, I cannot get this to
work the way I want with postfix and deliver. What I would like to have
is that if a message is sent to a non-existing user, it gets rejected.
Instead, I can see in the logs that deliver notices that the mailbox
doesn't exist (msgid=<1201601833.5315.23.camel at localhost>: Couldn't open
mailbox {}: Mailbox doesn't exist: {}), but it also reports that it
delivered it to the INBOX (msgid=<1201601833.5315.23.camel at localhost>:
saved mail to INBOX) and postfix reports 'status=sent (delivered via
dovecot service). I tried several other options (without '-e' the
dovecot line in master.cf - same result; without allow_all_users=yes -
dovecot-auth complains that: passdb doesn't support lookups, can't
verify user's existence).


In postfix, I have in main.cf:

virtual_mailbox_domains = domain.net
virtual_alias_maps = hash:/srv/mail/aliases
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

master.cf contains:

dovecot unix    -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${user} -n -m {$extension} -e

In aliases, I have a mapping from, for example, k.vermeer at domain.net to
koen:

k.vermeer at domain.net koen

dovecot -n shows:
# 1.0.10: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imaps
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_extra_groups: mail
mail_location: maildir:/srv/mail/%u/mail
mail_debug: yes
auth default:
  passdb:
    driver: pam
  userdb:
    driver: static
    args: uid=vmail gid=vmail home=/srv/mail/%u allow_all_users=yes
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail

I have setup pam with 

auth required pam_listfile.so onerr=fail item=user sense=allow
file=/srv/mail/mailusers


Best,
Koen


On Fri, 2008-01-18 at 10:46 +0100, Koen Vermeer wrote:
> Thanks for the pointer. I guess I need to change the userdb entry as
> well. I now have
> 
> userdb static {
>   args = uid=xxx gid=xxx home=whatever allow_all_users=yes
> }
> 
> which seems to do what I want. I'll test some more, but I guess this
> works fine. Thanks again!
> 
> Best,
> Koen
> 
> 
> On Fri, 2008-01-18 at 09:25 +0000, Rob Coward wrote:
> > If you are using pam already, why not add to /etc/pam.d/dovecot
> > something like:
> > 
> > auth	required	pam_listfile.so	onerr=fail item=user sense=allow
> > file=/etc/dovecot/allowed_users
> > 
> > The syntax may not be quite correct as this is off the top of my head
> > and I havent tested it, but we do something very similar with other pam
> > authentications, such as from vsftpd, to restrict user access.
> > 
> > Regards,
> > Rob
> > 
> > On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote:
> > > Hi,
> > > 
> > > On my system, I want to provide imap access for some of the users listed
> > > in /etc/passwd. The list of users should be provided by me, and should
> > > just be a list in a text file. All the userdb options are static (uid,
> > > gid, home directory). Unfortunately, I cannot think of a way to
> > > configure Dovecot to do this. The closest I get is with:
> > > 
> > > passdb pam {}
> > > userdb passwd-file {
> > >   args = /path/to/passwd-file
> > > }
> > > 
> > > However, the passwd-file is now more complex than it really needs to be,
> > > as it includes fields for password, uid, gid and home directory as well.
> > > 
> > > Is there some way to handle this? Or am I trying to do something stupid?
> > > 
> > > Thanks!
> > > 
> > > Koen
> > > 
> > 
> > 
> > Please consider the environment before printing this email. 
> > 
> > 
> > GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006 Golden Joystick Awards and 
> > 'Thames Valley Business Award' for Outstanding Employer of Choice 2006.
> > 
> > This e-mail and any files transmitted with it are confidential and intended solely for the use of the 
> > individual or entity to whom they are addressed. If you have received this e-mail in error please 
> > notify the system manager at:  
> >  
> >         mailto:postmaster at game.co.uk
> >  
> > The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore 
> > THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to the quality or accuracy of 
> > any information contained in the message or assume any liability for it or for its transmission, reception or storage.  
> > 
> > This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses.
> >  
> > http://www.game.co.uk
> > http://www.gamegroup.plc.uk 
> > 
> > Registered Number: 1937170
> > Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ Registered in England and Wales.
>

More information about the dovecot mailing list