Hi,
I've tried to use the "nologin" extra password-db field as specified here: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin
Due to lack of exact documentation, I've tried to use nologin='y' for
users that can't login, and setting nologin='n' for normal users.
Apparently setting it to NULL for normal users would have been correct, as I've found out. Maybe write that on the above website.
Anyway, login didn't work for a user with nologin='n' set. Trying to
debug a normal user being unable to login, the log (mail.log) says:
dovecot: imap-login: Disconnected (internal failure, 4 successful auths): user=test@example.com, method=PLAIN, rip=<ip6>, lip=<ip6>, TLS, session=<session>
What I'm expecting it to say would be something like "user not allowed to login". I'm considering this a problem because of "Dovecot always logs a detailed error message if something goes wrong." as written here: https://wiki2.dovecot.org/Logging
For the record, setting auth_debug=yes and mail_debug=yes gave the following line in the logs somewhere, from which I was able to figure out that NOLOGIN was the problem:
dovecot: auth: Debug: client passdb out: OK#011<id>#011user=test@example.com#011nologin
Thank you.
dovecot -n output: --snip-- # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-7-amd64 x86_64 Debian 9.5 auth_default_realm = example.com base_dir = ... listen = *,[v6] login_greeting = ... mail_home = .../%d/%n/ mail_location = maildir:~/mail/:INDEX=MEMORY mail_plugins = trees mail_temp_dir = ... namespace inbox { inbox = yes location = prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap lmtp recipient_delimiter = -+ service auth { unix_listener ... { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } service_count = 1 } service lmtp { unix_listener ... { group = postfix mode = 0600 user = postfix } user = vmail } ssl = required ssl_cert = <... ssl_cipher_list = ... ssl_dh_parameters_length = 4096 ssl_key = # hidden, use -P to show it userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } --snap--