You will likely get better results if you let postfix to validate recipients with LDAP first. This way it can already refuse to accept mail for invalid recipients, and this reduces backscatter spam.
Aki
On 09/05/2023 10:11 EEST Moritz Pflanzer <moritz@pflanzer.eu> wrote:
Thanks for the hints. I already followed that guide.
The question about best practices was more a conceptual one. Should dovecot and postfix talk independently to the LDAP database? Or should dovecot be the gateway for postfix to get the information out of the LDAP database?
Cheers, Moritz
On 09/05/2023 08:30 CEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 08/05/2023 23:06 EEST Marc <marc@f1-outsourcing.eu> wrote:
so far I had a setup where Dovecot was using a passwd file as userdb and passdb. Postfix was then authenticating with Dovecot via SASL to validate user accounts.
Now I added an LDAP backend and would like to use that for Dovecot and Postfix. My first approach was to change the passdb to use the LDAP driver with the following settings:
hosts = openldap:1389 base = ou=users,dc=example,dc=com auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=example,dc=com
So why not handle this on the os? Have the os publish the ldap users, and have dovecot handle os users. It needs to create uid's anyway for the files etc.
Doing "real unix UIDs" based solution only makes sense if you are gonna have users logging into the system over SSH or something to check their mails.
Otherwise it's just a useless complication over virtual user system.
https://doc.dovecot.org/configuration_manual/howto/simple_virtual_install/
A simple guide on how to get started with virtual users, and some information about how to get LDAP working
https://doc.dovecot.org/configuration_manual/authentication/ldap/
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org