You really need to database your passwd auth
sasl supports pgsql / mysql
you can then alter the queries by selecting flags pending the access you want to allow
dovecot-pgsql.conf
password_query = SELECT username as user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
user_query = SELECT home, uid, gid FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
#iterate_query = SELECT user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
iterate_query = SELECT "username" as user, domain FROM email_users WHERE status = True and alias_flag = False
postfix
smtpd.conf -> /usr/local/lib/sasl2/smtpd.conf
#Postygres pwcheck_method: auxprop mech_list: PLAIN LOGIN auxprop_plugin: sql sql_engine: pgsql sql_hostnames: pg.scom.ca:5433 sql_database: scom_billing sql_user: xxxx sql_passwd: xxxx sql_select: SELECT password FROM email_users WHERE username = '%u@%r' and password <> 'alias' and currentcount_bad < 30 and status = True
i use status to allow disabling the users ability to login but you can easily expand the select statement to include another flag for imap user(s)
Happy Wednesday !!! Thanks - paul
Paul Kudla
Scom.ca Internet Services http://www.scom.ca 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 6/1/2022 7:40 AM, dovecot-bounces@dovecot.org wrote:
Hi,
we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP users. We also use this for Postfix authentication. Nothing special.
But, we need to exclude some of the users from IMAP login. This means, some users should be allowed to send mail via Postfix (submission) and therefore authenticate via SASL against dovecot successfully, but they should not be allowed to login to their IMAP mail box.
How could this be done?
Thanks! -lutzn