Dear Aki, good afternoon.
Thank you very much for your response and thank you again for the tip on how I could resolve this issue. The problem I'm facing is that I need dovecot to serve emails with two different authorization methods for imap and sasl, one through the kerberos ticket as in https://wiki.dovecot.org/Authentication/Kerberos which I have working but only with a static userdb and also with plain (over tls of course) performing an ldap bind. I also need to verify the validity of incoming emails for the lmtp process. I have only managed to get plain working with the ldap userdb, or the kerberos solution with static databases and no address verification working but not both. I believe I could set up two different dovecot instances listening on different ports or even on different ip addresses over the same ethernet device but I believe I would run into problems with the locking of files and I would like a one solution to serve them all. Is this even possible? Is there information on how to achieve this somewhere I haven't found?
Thank you very much again. Best regards, David Wells.
El 30/09/2019 a las 03:36, Aki Tuomi escribió:
On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote:
Good afternoon.
I have dovecot setup to authenticate virtual users using either gssapi or doind a bind to an ldap server to achieve a single sign on capable imap server connected to a samba active directory DC. What I am also trying to achieve is to have dovecot's lmtp daemon handle the mails passed from postfix. However, the only way I've gotten this to work is setting allow_all_users = yes in the userdb but this causes lmtp to deliver mails to non existant accounts without rejection. I've been searching but haven't found a way to set this same thing up but having dovecots lmtp check the validity of the mails recipient against the same samba AD DC through ldap before delivering it and rejecting unknown email addresses. Could someone please provide some insight into how to achieve this?
Thank you very much in advance. Best regards, David Wells.
You could setup LDAP userdb without bind authentication, and use a service account instead.
Aki