On Sun, 2007-09-09 at 14:57 -1000, Julian Cowley wrote:
password_query = SELECT username AS user, password, NULLIF(access != 0, 1) AS nologin, 'Access not allowed for this account' AS reason FROM mailbox WHERE username = '%u' .. While this second query works correctly with IMAP and POP authentication, it does not work with Postfix SMTP AUTH. Assuming the password is correct, the user is authenticated even when "access" is zero. It seems that either Postfix and/or dovecot-auth (I'm not sure which) is ignoring the "nologin" field in this case.
The "nologin" is kind of a hack. I don't think Postfix should even support it. The correct way to implement this would be to use something like:
SELECT username AS user, password, if(access!=0, NULL, 'Access not allowed') AS reason WHERE username = '%u' AND access != 0;
This should fix Postfix, but I think Dovecot v1.0 doesn't like it then (v1.1 does). If it doesn't, you can kludge around it with returning "nologin" and:
.. AND (access != 0 or '%s' != 'smtp')