LMTP and passdb deny=yes not working

Wed Aug 27 12:27:52 UTC 2014

Hi,

Am 2014-08-26 16:48, schrieb Gregory Finch:
> I don't think that LMTP/LDA use passdb. I'm pretty sure that they use
> userdb only.
> 
> The delivery agents just need to lookup if the recipient exists and
> where to store the mail.

OK, good point.  Now I tried to disable LMTP for one user by means of a
special userdb that would return 'return-fail' when it finds a user.  I
figured then LMTP would reject the message.  Not so much though ...
this is the special userdb I am using.  The default fields are there to
keep error messages in logs low.

userdb {
  driver = passwd-file
  args = /etc/dovecot/deny/%s/deny-user
  default_fields = uid=vmail gid=vmail home=/tmp/%Ln

  result_success = return-fail
}

Attached you find the config I tested.

Cheers,
-- 
J.Hofmüller

Im Übrigen bin ich der Meinung, das Joanneum muss zerschlagen werden! -
Barbara Fischer
-------------- next part --------------
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid btrfs
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
imapc_features = rfc822.size fetch-headers
imapc_host = hornet.mur.at
imapc_list_prefix = INBOX
imapc_master_user = user
imapc_password = secret
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
imapc_user = %u
lmtp_proxy = yes
lmtp_save_to_detail_mailbox = yes
login_greeting = Dovecot is spitze!
mail_location = maildir:/srv/vmail/%n/Maildir
mail_plugins = acl
mail_prefetch_count = 20
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  hidden = no
  inbox = no
  list = children
  location = maildir:/srv/vmail/%%n/Maildir:INDEX=/srv/vmail/%n/shared/%%n:CONTROL=/srv/vmail/%n/shared/%%n:INDEXPVT=/srv/vmail/%n/shared/%%n
  prefix = shared.%%n.
  separator = .
  subscriptions = yes
  type = shared
}
namespace inbox {
  hidden = no
  ignore_on_failure = no
  inbox = yes
  list = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  subscriptions = yes
  type = private
}
passdb {
  args = /etc/dovecot/deny/%s/deny-user
  deny = yes
  driver = passwd-file
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile:/etc/dovecot/global-acls:cache_secs=300
  acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
  sieve = /srv/vmail/%u/sieve/.dovecot.sieve
  sieve_default = /srv/vmail/sieve/default.sieve
  sieve_dir = /srv/vmail/%u/sieve
  sieve_global_dir = /srv/vmail/sieve/
}
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener auth-userdb {
    group = vmail
    mode = 0777
    user = vmail
  }
}
service lmtp {
  inet_listener lmtp {
    address = 172.16.16.78
    port = 24
  }
  user = vmail
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
  process_min_avail = 1
  service_count = 1
  vsz_limit = 64 M
}
service managesieve {
  process_limit = 256
}
ssl_cert = </etc/dovecot/klee.pem
ssl_key = </etc/dovecot/private/klee.mur.at.pem
userdb {
  args = /etc/dovecot/deny/%s/deny-user
  default_fields = uid=vmail gid=vmail home=/tmp/%Ln
  driver = passwd-file
  result_success = return-fail
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = acl quota sieve
  passdb {
    args = /etc/dovecot/dovecot-ldap_for_lmtp.conf.ext
    driver = ldap
    name = 
  }
  userdb {
    args = /etc/dovecot/dovecot-ldap_for_lmtp.conf.ext
    driver = ldap
    name = 
    skip = found
  }
}
protocol imap {
  mail_plugins = acl imap_acl
}
protocol sieve {
  managesieve_implementation_string = Dovecot Pigeonhole
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140827/f0270b6c/attachment.sig>