hello
now that dovecot supports authentication with checkpassword-compatible
modules, I tried to get it working for IMAP on a qmail + vmailmgr
server.
For a subtle detail, while claiming to be "a drop-in replacement for
the standard
checkpassword", checkvpw (auth module for vmailmgr) is not "drop in".
It actually
expects 2 args on its command line, not 1. So, a wrapper is needed to
get it
authenticating correctly with dovecot; a very simple one
(argswrapper.c below).
This wrapper is not sufficient though. In fact, vmailmgr represents
user homes
like this:
$HOME_LOCUSER/users/virtual_username
this is ok with
default_mail_env = maildir:%h/users/%n
$HOME_LOCUSER depends on the domain part of the user's email. The
relation
is held in /var/qmail/control/virtualdomains .
However, on the local part (virtual_username) some rewriting is done
on the username, as
dots are replaced by ":".
So in the end j.doe@foo.com becomes "~mxfoocom/users/j:doe".
Now, var-expand does not support any rewriting. I patched it by
adding another
modifier, m_str_replace(), which replaces REPLACE_SOURCE with
REPLACE_TARGET
in a given string. By defining REPLACE_SOURCE to '.' and
REPLACE_TARGET to ':'
one accomplishes the vmailmgr username rewriting. This modifier is
applied with "P",
so:
default_mail_env = maildir:%h/users/%Pn
A better, general solution would be for dovecot to implement some
kind of general
rewriting, say with regexps and sed-like replacement rules, or with
an external process
in a cgi fashion.
With this patch, dovecot gets the correct path for any user mailbox.
However, there's a bug
in dovecot storage modules (both maildir and mbox) which truncates
the path in the first ":",
when expecting ":INBOX" etc specifiers:
/* <Maildir> [:INBOX=<dir>] [:INDEX=<dir>] [:CONTROL=<dir>] */
if (debug)
i_info("maildir: data=%s", data);
p = strchr(data, ':');
if (p == NULL)
root_dir = data;
else {
root_dir = t_strdup_until(data, p);this way, a former data = /var/maildirs/foo/users/j:doe:INDEX=... is
truncated to
/var/maildirs/foo/users/j . This opens the much worse possibility for
user "j:doe" to be
accounted into user "j" account after authentication.
It is difficult to get a solid fix here, because the grammar is
ambiguous for
INBOX, INDEX and CONTROL tokens. Since they are not separated with an
illegal
path symbol from the rest of the path in default_mail_env, it is not
possible to state
when a ":INBOX=" token belongs to the path and when it is a user
directive. The Best
is to move the specifiers into a different configuration directive.
However, a more solid check with the current modus operandi is
/* <Maildir> [:INBOX=<dir>] [:INDEX=<dir>] [:CONTROL=<dir>] */
if (debug)
i_info("maildir: data=%s", data);
/* extracting INBOX / INDEX / CONTROL suffices */
if (((p = strstr(data, ":INBOX=")) != NULL)
|| ((p = strstr(data, ":INDEX=")) != NULL)
|| ((p = strstr(data, ":CONTROL=")) != NULL)) {
root_dir = t_strdup_until(data, p);which expects the full ":INBOX=" etc strings to be present in data
instead of the
single ":" separator.
The patches that implement this for both {maildir,mailbox}-storage
are also appended
below.
I will take a couple of hours tomorrow to wrap all the iter up on a
web page here
http://mij.oltrelinux.com/net/dovecot-qmail-vmailmgr/
All the patches are applied wrt 1.0-beta7
bye