[Dovecot] best choice of user database file to work with postfix?
Phil Howard
ttiphil at gmail.com
Thu Apr 22 16:34:40 EEST 2010
On Thu, Apr 22, 2010 at 3:33 AM, Thomas Leuxner <tlx at leuxner.net> wrote:
> On Wed, Apr 21, 2010 at 04:34:30PM -0400, Phil Howard wrote:
> > > userdb {
> > > args = username_format=%u /var/vmail/auth.d/%d/passwd
> > > driver = passwd-file
> > > }
> > What does it take to get Postfix to read this?
>
> Basically these two parameters in 'main.cf':
>
> [main.cf]
> smtpd_sasl_type=dovecot
> smtpd_sasl_path=private/auth
>
> Since this will have implications when Dovecot is not running/unavailable
> as Authtentication Backend, Postfix will reject legit incoming mail in
> that case, it is better to put this in the master configuration actually
> and have Postfix use a dedicated submission port for SASL clients:
>
> [master.cf]
> submission inet n - - - - smtpd
> smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_sasl_type=dovecot
> -o smtpd_sasl_path=private/auth
> -o smtpd_sasl_security_options=noanonymous
> -o smtpd_sasl_local_domain=$myhostname
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
> -o smtpd_sender_restrictions=reject_sender_login_mismatch
> -o
> smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
>
So what would local_recipient_maps look like in this case? At this point, I
don't understand what is happening for this. I would be expecting Postfix
to be asking Dovecot if a user is valid. This is for mail incoming from
outside, to make the rejection decision during the SMTP session. This looks
more like a configuration to provide a submission interface and authenticate
through Dovecot. That's fine, and probably what is needed. But I'm trying
to sort out the local_recipient_maps at this time. Can this solve both
issues at the same time?
> It might well be as long the domains are fully distinct. I'll have to go
> > read up on each of the virtual_* configuration parameters to be sure of
> the
> > effects. I was thinking to use:
> >
> > mailbox_command = /usr/lib/dovecot/deliver
> >
> > in Postfix main.cf. Is that workable instead of "virtual_transport =
> > lmtp:unix:private/dovecot-lmtp" Or would running LMTP be a better way?
>
> LMTP would be better long-term as it is more flexible and robust, e.g.
> allowing multiple recipient deliveries in parallel and has a real
> protocol handshake compared to piping into the LDA, but both is
> feasible. Hower LMTP is available with Dovecot 2.0 only.
>
I'm doing this on Ubuntu 9.10 and it has Dovecot 1.1.11 right now (we need
to get this mail server up before we will be ready to eval Ubuntu 10.04 or
another distro).
More information about the dovecot
mailing list