Good morning.

I was just reading https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups and found the following statement
When using LDA and static userdb, deliver can check if destination user exists. With auth binds this check isn't possible.

Is this still relevant? Is there a workaround? It seems like using dovecots lmtp in an active directory environment is not possible, is this correct?


-------- Mensaje reenviado --------
Asunto: Re: lmtp and virtual users
Fecha: Mon, 30 Sep 2019 17:14:16 -0300
De: David Wells - Alfavinil S.A. via dovecot <dovecot@dovecot.org>
Responder a: David Wells - Alfavinil S.A. <dwells@alfavinil.com>
Para: Aki Tuomi <aki.tuomi@open-xchange.com>, dovecot@dovecot.org


Dear Aki, good afternoon.

Thank you very much for your response and thank you again for the tip on
how I could resolve this issue. The problem I'm facing is that I need
dovecot to serve emails with two different authorization methods for
imap and sasl, one through the kerberos ticket as in
https://wiki.dovecot.org/Authentication/Kerberos which I have working
but only with a static userdb and also with plain (over tls of course)
performing an ldap bind. I also need to verify the validity of incoming
emails for the lmtp process. I have only managed to get plain working
with the ldap userdb, or the kerberos solution with static databases and
no address verification working but not both. I believe I could set up
two different dovecot instances listening on different ports or even on
different ip addresses over the same ethernet device but I believe I
would run into problems with the locking of files and I would like a one
solution to serve them all. Is this even possible? Is there information
on how to achieve this somewhere I haven't found?

Thank you very much again.
Best regards,
David Wells.

El 30/09/2019 a las 03:36, Aki Tuomi escribió:
> On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote:
>> Good afternoon.
>>
>> I have dovecot setup to authenticate virtual users using either gssapi
>> or doind a bind to an ldap server to achieve a single sign on capable
>> imap server connected to a samba active directory DC. What I am also
>> trying to achieve is to have dovecot's lmtp daemon handle the mails
>> passed from postfix. However, the only way I've gotten this to work is
>> setting allow_all_users = yes in the userdb but this causes lmtp to
>> deliver mails to non existant accounts without rejection. I've been
>> searching but haven't found a way to set this same thing up but having
>> dovecots lmtp check the validity of the mails recipient against the same
>> samba AD DC through ldap before delivering it and rejecting unknown
>> email addresses. Could someone please provide some insight into how to
>> achieve this?
>>
>> Thank you very much in advance.
>> Best regards,
>> David Wells.
>>
>>
> You could setup LDAP userdb without bind authentication, and use a
> service account instead.
>
> Aki
>