Hi,
Is it possible to have a static user database along with an LDAP password database and *not* be forced to set "allow_all_users=yes" for the userdb?
The wiki page on static user database says "Normally static userdb handles this by doing a passdb lookup instead." How should the passdb behave in order for this to work?
In my tests (on a test server) I am using Dovecot 2.0.7 and Postfix 2.7.0 on Ubuntu 10.04.1. I use (or am trying to use) LMTP with Dovecot and Postfix according to the HOWTO in the wiki [1] as well as dynamic address verification with LMTP [2]. Users are virtual, using a static userdb and passwords from LDAP. I also serve local system users which is why I also have userdb and passdb pam, but this isn't the issue here.
Delivering mail to an existing virtual user works fine as far as I can see but when a non-existent user is the recipient Dovecot complains that the passdb doesn't support lookups:
postfix/smtpd[26469]: connect from remote-smtp.example.net[10.0.0.10] postfix/cleanup[26474]: 772A760B25: message- id=<20101125172409.772A760B25@mailtest.example.com> postfix/qmgr[27672]: 772A760B25: from=<double- bounce@mailtest.example.com>, size=276, nrcpt=1 (queue active) dovecot: lmtp(22109): Connect from local dovecot: auth: Error: static(not-a-user@test01.example.com): passdb doesn't support lookups, can't verify user's existence dovecot: lmtp(22109): Error: user not-a-user@test01.example.com: Auth USER lookup failed dovecot: lmtp(22109): Disconnect from local: Client quit postfix/lmtp[26475]: 772A760B25: to=<not-a-user@test01.example.com>, relay=mailtest.example.com[private/dovecot-lmtp], delay=0.18, delays=0.17/0.01/0/0, dsn=4.3.0, status=undeliverable (host mailtest.example.com[private/dovecot-lmtp] said: 451 4.3.0 <not-a- user@test01.example.com> Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command)) postfix/qmgr[27672]: 772A760B25: removed postfix/smtpd[26469]: NOQUEUE: reject: RCPT from remote- smtp.example.net[10.0.0.10]: 450 4.1.1 <not-a-user@test01.example.com>: Recipient address rejected: unverified address: ho st mailtest.example.com[private/dovecot-lmtp] said: 451 4.3.0 <not-a- user@test01.example.com> Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command); from=<andreas.ntaflos@example.net> to=<not-a-user@test01.example.com> proto=ESMTP helo=<remote-smtp.example.net> postfix/smtpd[26469]: disconnect from remote-smtp.example.net[10.0.0.10]
I've uploaded this log file excerpt for your viewing convenience to
https://daff.pseudoterminal.org/misc/dovecot/failed_delivery.log
More relevant information (doveconf -n, dovecot-ldap.conf) is found
below. I can also provide a log excerpt from a successful delivery to an
existing virtual user, if needed.
To summarise: I want to use LMTP, dynamic address verification, a static user database and an LDAP password database. Can it be done without having to rely on the MTA (Postfix) to verify existing users?
Thanks in advance!
Andreas
[1] http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP [2] http://wiki2.dovecot.org/LDA/Postfix
dovecot-ldap.conf: uris = ldap://ldap.example.com:389 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt base = ou=virtualDomains,dc=example,dc=com dn = uid=dovecot,ou=services,dc=example,dc=com dnpass = xxx
pass_attrs=uid=user, userPassword=password pass_filter=(&(objectClass=hostedAccount)(uid=%u)(accountEnabled=TRUE))
iterate_attrs = uid=user iterate_filter = (objectClass=hostedAccount)
doveconf -n: https://daff.pseudoterminal.org/misc/dovecot/doveconf-n.txt
Andreas Ntaflos Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4