How to map email addresses to usernames?
Hello,
I have a general question about userdb and passdb lookups, in my case related to driver=sql.
The documentation and most examples in the internet seem to assume that a user's login username to access a mailbox is identical to his email-address, or at least to the local-part of this email-address. This setup works fine. But I don't understand how to setup dovecot, when login username and email adresses differ. Or to say it in other words, how to map email-adresses to mailbox users.
I need a sql password_query for passdb to validate the password for a given login name during SMTP or SASL authentication. Lets say the credentials are "user-1"/"anypassword", then the query is similar to "select password from mailboxes where username='%u'".
The next step, user_query for userdb is executed to get storage information for user "user-1". This query must also search for the username "user-1", not for an email-adress: "select home, mail from mailboxes where username='%u'".
So far, so good. But:
For incoming mails via LMTP, my user_query from userdb is being executed with the email-address as search parameter (instead of the login name), so it fails. I miss a third query that maps one user to each email address for delivery, prior to the userdb lookup. For Example:
bob@example.org => user-1 eve@example.org => user-1 ted@example.org => user-2 @catchall.org => user-3
"select username from addr_maps where addr='%n@%d'".
What is the correct setup for this szenario?
I've found two solutions that seem to work, but i'm not sure if they are really failsafe.
I) I use driver=prefetch as a first userdb, so for authentication, only the password_query from passdb is relevant and returns all mailbox details. A second userdb does a user_query lookup against email-addresses and is only called for incoming mails.
passdb { driver = sql args = /etc/dovecot/sql-check-user.conf } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/sql-check-addr.conf }
II) The second userdb performs lookups against usernames (as in the passwd query), but I place a third userdb {} within the lmtp's protocol section, which does a address lookup instead of a username lookup:
protocol lmtp { userdb { driver = sql args = /etc/dovecot/sql-check-addr.conf } }
passdb { driver = sql args = /etc/dovecot/sql-check-user.conf } userdb { driver = sql args = /etc/dovecot/sql-check-user.conf }
What do you think, is there a better solution?
- greetings Andreas
Dovecot Version: 2.2.27 (c0f36b0)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 10 Oct 2017, Andreas Born wrote:
For incoming mails via LMTP, my user_query from userdb is being executed with
I think from https://wiki2.dovecot.org/UserDatabase
you write user_query to accept any spellings of the user, I mean:
bob@example.org => user-1 eve@example.org => user-1 ted@example.org => user-2 @catchall.org => user-3
user-1 => user-1 ^ no domain from passdb lookup
Then have the extra field "user=" return the correct user string "user-1" along with its data. I'm sort of pretty sure, that I had such setup once ago. Currently, I let the MTA map all email addresses into the user name, your shown examples.
I mean, you have to avoid a scenario like:
passdb / userdb bob@example.org => user-1@example.net user-1@example.net => user-2@example.net
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWd8VSHz1H7kL/d9rAQIYDAf/fJchwWIigPkDKfUl1L4v0JDERsNO0XiW qu6ubfTTneCd+RvAgXcnT0xDalv2eptN/8ZHkocw2KyfhZBOQZqbThQE4BjE8bA3 QQvegMtndz5rVgN/YpTEUaSw4r2wxzzSg1NZdQs8zXwRx1XrtpGUnO0qa6vGB7Sg Zq9zjWCXMUa5snF6D8oEbSdAQeNGAU9QaLloJXX9byzxC2BtRQv+EHv80ncayNfQ eTmSOX9DjsSTas7AnA9RZF6bCRR6ewsOVkoMAi0m8Nt/RJ3IyjvNlClLmCjkB4GO L6mstfdarQ51vIttbwJAi3hmWk5rUO66xEGjVBGNqDcKgR9fSBe4Tg== =8xoS -----END PGP SIGNATURE-----
participants (2)
-
Andreas Born
-
Steffen Kaiser