- Timo Sirainen tss@iki.fi:
On Wed, 2010-10-06 at 16:19 +0200, Ralf Hildebrandt wrote:
Yeah, you can make the service user=root, but give only vmail user permission to it so only processes running as vmail can connect to it.
Good. The question is: which user will connect to the socket?
dovecot-lda will assume the UID of the user it's trying to deliver to. So any user must be able to connect to the socket?
Yes. Although you could also play with groups, like make deliver always run with dovemail group enabled for the process (mail_access_groups=dovemail from deliver's side, but might be problematic from Postfix's side).
In my setup I still have my users in /etc/passwd, thus everybody has their own ID.
An alternative to running as root would be to use LMTP to deliver the "over quota" mail to user and use some trick to disable quota for this. Maybe something like:
protocol lmtp { local_ip 127.0.0.1 { plugin { quota = maildir:user:noenforcing } } }
Ugh.
You're already using dovecot-lda to deliver the out-of-quota mails?
No, I'm trying. I migrated from 1.2.4, where I used a script that delivered the "Over quota infomail" by writing into the Maildir DIRECTLY.
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de