Timo Sirainen schrieb am 22.03.2013 09:48:

Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze.

My doveconf -n:

# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686-bigmem i686 Debian 6.0.7 auth_cache_size = 10 M auth_debug = yes auth_mechanisms = plain login digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = sha1 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 105 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = } protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imap { address = localhost port = 999 } inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_ca =

Thanks, David

-- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87

On 22.3.2013, at 11.53, David Obando david@cryptix.de wrote:

Timo Sirainen schrieb am 22.03.2013 09:48:

...

Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze.

passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam }

Nope, you can't currently do "user@domain" auth for sql and "user" for PAM. You could try using passdb checkpassword instead though, which allows you to script it any way you want.

userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd }

Also userdb passwd can't do that.

I've thought of adding a generic passdb/userdb { auth_username_format } setting, but that doesn't exist yet. Would be easy to do though..

On Thu, 2013-04-11 at 11:04 +0200, David Obando wrote:

Hi,

thanks for the answer. Do I understand you right that currently it's not possible to manage both system users and virtual users in a dovecot 2 and lmtp setup?

If you have only a single domain, set auth_username_format=%Ln and configure your virtual userdb to work without @domain.

Or you could switch to using only virtual users, and have your MTA forward the local users' mails to virtual users.

Or you could use userdb checkpassword instead of passwd, which strips away the domain before doing a passwd lookup.

You were talking about "adding a generic passdb/userdb { auth_username_format } setting". Are there any plans to do so?

Sure, but as to when I'll actually implement it, no idea. It's not a big priority right now (although it would probably be pretty quick to implement).

What are your recommendations about migrating from dovecot 1.2.15 to dovecot 2 regarding system and virtual users? Should I use LDA instead of LMTP then?

That's one possibility too, yes.