You could have virtual users with any username (matching the required format for 'New Outlook') and password in an SQL passdb + userdb, and a second backend for the system users (PAM probably) as a fallback.
The docs describe this precise scenario at: https://doc.dovecot.org/configuration_manual/authentication/multiple_authent...
Ok I have tried this and I'm having trouble. I set up 2 accounts both accessing the same mailbox and here's what I see in the logs:
Error: Mailbox INBOX: Sync failed for mbox: UID inserted in the middle of mailbox (7323 > 6645, seq=1, idx_msgs=1)
Some searching indicates this is caused when dovecot doesn't expect a second process (itself in this case!) to be modifying a mailbox.
Here's what I did:
In conf.d/10-auth.conf I enabled system and passwdfile auth: !include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext !include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-static.conf.ext
In /etc/passwd, I have my imap login (mb1234) and my shell login which I never use via imap.
/etc/passwd looks like this:
mgrant:x:1234:1234:Michael Grant:/home/mgrant:/bin/bash mb1234:x:1234:1234:Michael Grant:/home/mgrant:/bin/false
(note, this has worked for more than a decade maybe two like this!)
In auth-passwefile.conf.ext I have: passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users }
userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users
# Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G default_fields = uid=dovecot-virtual gid=dovecot-virtual home=/home/dovecot-virtual/%u
# Override fields from passwd-file #override_fields = home=/home/virtual/%u }
mgrant@grant.org:{CRYPT}blablablabla:1234:1234::/home/mgrant:Michael Grant:userdb_mail=mbox:~/mail:INBOX=/var/mail/%n
This is an example right out of: https://doc.dovecot.org/configuration_manual/mail_location/#passwd-file
I'm sure it's using the mgrant@grant.org in /etc/dovecot/users because the mail app accepts the username mgrant@grant.org and password which is not my shell login password. I also see the successful auths in the mail log:
imap-login: Login: user=mgrant@grant.org imap-login: Login: user=<mb1234>
I get mail in mb1234 but nothing in the mgrant@grant.org imap mailbox.
I get the feeling that instead of 2 separate auths like this, I think I need to use %n in the username format and not use the passdb auth at all and move everything into userdb and move away from using mb1234. I can do this.
Before I set out on this mission, is there some way to make this work with 2 separate logins for the same mailbox?
Michael Grant