Properly "locking" a useraccount (on a proxy)

Robert Schetterer rs at sys4.de
Tue Oct 21 19:46:54 UTC 2014


Am 21.10.2014 um 20:37 schrieb Ralf Hildebrandt:
> * Ralf Hildebrandt <r at sys4.de>:
> 
>> 2) defer LMTP delivery somehow (Postfix is talking to dovecot's LMTP server)
> 
> I could of course put a mysql: query into postfix which would return 
> 
> user at domain retry:
> 
> for the "locked" user. But I'm lazy and would prefer a single place /
> a single query to lock the account
> 

in sql postfixadmin schema there is an "active" flag 0 vs 1 per user

smtpd_recipient_restrictions = reject_unknown_recipient_domain,
                               reject_non_fqdn_recipient,
                               permit_mynetworks,
                               check_recipient_access
mysql:/etc/postfix/mysql_virtual_inactive_mailaddress.cf

i use configured it as

query = SELECT CONCAT('REJECT mailaddress %s is set in inactive mode')
address FROM mailbox WHERE username='%s' AND active = '0'

you may use not REJECT but

http://www.postfix.org/access.5.html

421 text (Postfix 2.3 and later) which is tmp error

dovecot site may look like this

 /etc/dovecot/dovecot-sql.conf.ext

password_query = SELECT username as user, password, \
1001 as userdb_uid, \
1001 as userdb_gid, \
"/usr/local/virtual/%d/%u/" AS userdb_home, \
"maildir:/usr/local/virtual/%d/%u/" AS userdb_mail \
FROM mailbox WHERE username = '%u' AND active = '1'

but to be honest, its a long time ago i tested this feature, and in real
world nobody seems to use "active" settings

however perhaps you can adapt this idea to fit in your setup somehow


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the dovecot mailing list