On Thu, Apr 22, 2010 at 3:33 AM, Thomas Leuxner tlx@leuxner.net wrote:
On Wed, Apr 21, 2010 at 04:34:30PM -0400, Phil Howard wrote:
userdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } What does it take to get Postfix to read this?
Basically these two parameters in 'main.cf':
[main.cf] smtpd_sasl_type=dovecot smtpd_sasl_path=private/auth
Since this will have implications when Dovecot is not running/unavailable as Authtentication Backend, Postfix will reject legit incoming mail in that case, it is better to put this in the master configuration actually and have Postfix use a dedicated submission port for SASL clients:
[master.cf] submission inet n - - - - smtpd smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
So what would local_recipient_maps look like in this case? At this point, I don't understand what is happening for this. I would be expecting Postfix to be asking Dovecot if a user is valid. This is for mail incoming from outside, to make the rejection decision during the SMTP session. This looks more like a configuration to provide a submission interface and authenticate through Dovecot. That's fine, and probably what is needed. But I'm trying to sort out the local_recipient_maps at this time. Can this solve both issues at the same time?
read up on each of the virtual_* configuration parameters to be sure of
It might well be as long the domains are fully distinct. I'll have to go the
effects. I was thinking to use:
mailbox_command = /usr/lib/dovecot/deliver
in Postfix main.cf. Is that workable instead of "virtual_transport = lmtp:unix:private/dovecot-lmtp" Or would running LMTP be a better way?
LMTP would be better long-term as it is more flexible and robust, e.g. allowing multiple recipient deliveries in parallel and has a real protocol handshake compared to piping into the LDA, but both is feasible. Hower LMTP is available with Dovecot 2.0 only.
I'm doing this on Ubuntu 9.10 and it has Dovecot 1.1.11 right now (we need to get this mail server up before we will be ready to eval Ubuntu 10.04 or another distro).