[Dovecot] problem configuring deliver in LDAP environment.
Andrea Borghi
andrea at z80.it
Thu Feb 10 22:26:35 EET 2011
On Thursday 10 February 2011, Timo Sirainen wrote:
> On Tue, 2011-02-08 at 20:23 +0100, Andrea Borghi wrote:
>
> > dovecotlda unix - n n - - pipe
> > flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -s -e -f ${sender} -d ${recipient}
> ..
> > What i am trying to do is leaving all the dovecot services running in chroot mode
> > (as they do) but let deliver running in NORMAL (non-chroot mode)
>
> How is deliver even chrooting? Postfix doesn't call it chrooted and
> since it's user vmail:vmail the process isn't privileged to do any
> chrooting of its own.
Server with no local users except for root,
I enabled SUID bit on deliver binary, to get the thing going. but i doen't like that. It was
only a rapid solution to get the system going while searching a more robust alternative.
I was reasoning that deliver is in a protected path, with antivirus et al before it so i can
live with deliver not-chrooted, while i certainly desire the client-contacted modules (imap,
pop3, etc) in their own jail.
> > So you know a method to substitute TWO ldap values in the mail parameter definition?
>
> Not possible currently.
so you're telling i have no other option except to fold over the two parts of the path
directly in the LDAP database and reconfigure dovecot (as a whole) to map just one attribute?
I can certainly live with that but in this case i am loosing flexibility.
perhaps dovecot 2+ can do this (i confess i have not researched version2 yet) ? i certainly
can move from the packetized debian version to a locally built one without much trouble.
bye
Andrea
More information about the dovecot
mailing list