[Dovecot] problem configuring deliver in LDAP environment.

Andrea Borghi andrea at z80.it
Thu Feb 10 22:26:35 EET 2011


On Thursday 10 February 2011, Timo Sirainen wrote:
> On Tue, 2011-02-08 at 20:23 +0100, Andrea Borghi wrote:
> 
> > dovecotlda  unix  -       n       n       -       -       pipe
> >   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -s -e -f ${sender} -d ${recipient}
> ..
> > What i am trying to do is leaving all the dovecot services running in chroot mode 
> > (as they do) but let deliver running in NORMAL (non-chroot mode)
> 
> How is deliver even chrooting? Postfix doesn't call it chrooted and
> since it's user vmail:vmail the process isn't privileged to do any
> chrooting of its own.

Server with no local users except for root,

I enabled SUID bit on deliver binary, to get the thing going. but i doen't like that. It was
only a rapid solution to get the system going while searching a more robust alternative.

I was reasoning that deliver is in a protected path, with antivirus et al before it so i can 
live with deliver not-chrooted, while i certainly desire the client-contacted modules (imap, 
pop3, etc) in their own jail.

> > So you know a method to substitute TWO ldap values in the mail parameter definition?
> 
> Not possible currently.

so you're telling i have no other option except to fold over the two parts of the path
directly in the LDAP database and reconfigure dovecot (as a whole) to map just one attribute?

I can certainly live with that but in this case i am loosing flexibility.

perhaps dovecot 2+ can do this (i confess i have not researched version2 yet) ? i certainly 
can move from the packetized debian version to a locally built one without much trouble.

bye
 Andrea




More information about the dovecot mailing list