Re: LMTP and passdb deny=yes not working

27 Aug 2014 · _non-existant_


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 27 Aug 2014, Jogi Hofmüller wrote:
...
Am 2014-08-26 16:48, schrieb Gregory Finch:
...
I don't think that LMTP/LDA use passdb. I'm pretty sure that they use
userdb only.
The delivery agents just need to lookup if the recipient exists and
where to store the mail.
OK, good point.  Now I tried to disable LMTP for one user by means of a
special userdb that would return 'return-fail' when it finds a user.  I
figured then LMTP would reject the message.  Not so much though ...
this is the special userdb I am using.  The default fields are there to
keep error messages in logs low.
userdb {
driver = passwd-file
args = /etc/dovecot/deny/%s/deny-user
default_fields = uid=vmail gid=vmail home=/tmp/%Ln
result_success = return-fail
}
Attached you find the config I tested.
you have lots of userdb's in your config. If you use %s in the general
ones, I would remove the special ones in the "lmtp" section at all.
Also, try this #1
userdb {
args = /etc/dovecot/deny/%s/deny-user
default_fields = uid=vmail gid=vmail home=/tmp/non-existant-name
driver = passwd-file
}
That way, you get an hit for that userdb. Now return an _non-existant_
mail location. You get an error in the logs, but LMTP should tempfail the
request.
===============
Try #2
If you enforce quota and tempfail the message, if the user is over quota,
lower the user's quota to 1 byte temporarily.
===============
Try this #3
Just use one userdb:
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
Then extent your userdb query by:
(&(original query)(!(attr=%s)))
choose any attr'ibute with text, such as description, that does no harm to
other services. Then the LMTP service should get no hit and should, IMHO,
tempfail the delivery.

Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU/3bK3z1H7kL/d9rAQKTeQf9Eqqi+nfWEEMW3UZ3E3sg5ehOUrkInLWJ
8QPJ3A223+Uwul3662art4dbDJ1ybP5S+DxRW+K7mVjyIYEjMDGM6OkhTsFqURvw
wmlkBjIZNkF8VSAR2MjrtBlyVjSoQ3LsVljrPR3MnIF1U3lyAVhzdUCkwxYSPgP2
/ijFaO0xIl7/Xk4uok14dT3IeBkjvCe56nY9B0mjjW+v5jyfb3iPnINySYtsobT6
Hb4Sb7Ffwyc56HmSAcvjV5wa4MWDnRxqCYU77DWBTgOcVSIUfFN9VGRIDh8Q4yjr
9Ke8lmGGYLG9tO+H+dWGUlayQEZgATsWwh/eT/vf41bGtleuIbv3JA==
=coxQ
-----END PGP SIGNATURE-----