[Dovecot] local AND virtual mail locations ?

Pierre-Philipp Braun pbraun at nethence.com
Mon Aug 26 19:11:08 EEST 2013 

Hi rob0,

Quoting /dev/rob0 26/08/2013 15:17,
>> mail_location: mbox:~/mail/:INBOX=/var/mail/%u
>> mail_location:
>> mbox:/var/spool/virtual/%d/%n.imap:INBOX=/var/spool/virtual/%d/%n
> 
> This exercise becomes trivial when you follow the advice of the 
> Dovecot wiki and give your virtual users a $HOME. (Well, to be 
> simple, you'd also have to have INBOX in $HOME. An alternative is to 
> specify INBOX for virtual users in your virtual userdb.)

Thank for your answer.  Are you referring to the VirtualUsers page? 
(http://wiki.dovecot.org/VirtualUsers)  Ok I tried the mbox:~/ and 
userdb home= trick,

# dovecot -n
# 1.2.17: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.3-RELEASE amd64
protocols: imap
ssl: no
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
first_valid_uid: 6
first_valid_gid: 6
mail_privileged_group: mail
mail_location: mbox:~/
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
auth default:
   passdb:
     driver: passwd-file
     args: username_format=%n /etc/virtual/%d/passwd
   passdb:
     driver: passwd
   userdb:
     driver: static
     args: uid=mail gid=mail home=/var/spool/virtual/%d/%n.imap

but I end up with the same result, everything is read from the virtual 
folders, namely /var/spool/virtual.  How to also access local users' email?

>> # 1.2.17: /usr/local/etc/dovecot.conf
> 
> Very old! Consider an upgrade to 2.2.

Well if it's the only way to get that double impact feature I need, I 
will!  I won't upgrade today if there is no practical advantage over the 
1.2 version.

> Hmmm, plaintext AUTH without TLS/SSL could be dangerous. If a spammer 
> can get in a position to sniff those credentials, you could be 
> inundated with spam to relay.

Yes I will deal with that some other time.

>> I find that first_valid_uid and first_valid_gid don't look
>> pretty but it seems mandatory for the standard 'mail' user and
>> group ownerships to work on the virtual mbox files and folders.
>> I created the user while the group already existed.  If you
>> have any advices on that too, I would be pleased.
> 
> There is no "standard" UID/GID for virtual mailboxes. In fact there 
> is no need to have them all share the same UID/GID. But on a shared 
> UID/GID virtual system, typically you should set a higher UID/GID 
> such that you exclude all the system accounts (<100 or <500 or maybe 
> <1000 depending on OS. If your OS starts human user accounts at UID 
> 1000, UID 999 would be a good choice for virtual mailbox owner, with 
> that as first_valid_uid also.)

I tried with uid 999 and even if I update the ownerships on 
/etc/virtual/ /var/spool/virtual /var/spool/mqueue/ (no need for 
/var/mail/ which get the sticky bit, here) the smtp daemon isn't able to 
write to the virtual mbox anymore, and I don't know why.  I have 
searched the whole file system for relying '6' UID, nothing wrong is 
left.  I don't see why my smtp deamon won't work once I change the UID 
_and_ update the file and folder ownerships.  Maybe some freebsd system 
security which is today unknown to me.  So I switched back to uid 6.

More information about the dovecot mailing list