[Dovecot] Postfix/Dovecot/lmtp with virtual and local users
Hi all,
I'm about to change my Debian mailserver setup from Postfix/dovecot1/procmail to Postfix/dovecot2/sieve with lmtp enabled. After enabling lmtp the virtual users can receive e-mails but not the local users:
Mar 21 14:21:40 orange postfix/lmtp[4119]: DE62226216: to=<user@orange.domain.de>, relay=orange.domain.de[private/dovecot-lmtp], delay=7627, delays=7627/0/0/0.02, dsn=5.1.1, status=bounced (host orange.domain.de[private/dovecot-lmtp] said: 550 5.1.1 <user@orange.domain.de> User doesn't exist: user@orange.domain.de (in reply to RCPT TO command))
In 10-auth.conf I have the setting "auth_username_format = %Lu".
When changing it to "auth_username_format = %n" the local users can be found but not the virtual users anymore.
Is there a way to define "if <user> is local then auth_username_format = %n else auth_username_format = %Lu"?
Thanks and best regards, David
-- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze.
My doveconf -n:
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686-bigmem i686 Debian 6.0.7 auth_cache_size = 10 M auth_debug = yes auth_mechanisms = plain login digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = sha1 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 105 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = } protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imap { address = localhost port = 999 } inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_ca = </etc/ssl/certs/cacert.org.pem ssl_cert = </etc/ssl/certs/mail.orange.cryptix.de.crt ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 ssl_key = </etc/ssl/private/mail.orange.cryptix.de.key userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } protocol imap { imap_idle_notify_interval = 2 mins imap_logout_format = bytes=%i/%o mail_max_userip_connections = 20 mail_plugins = } protocol lmtp { mail_plugins = " sieve" } protocol pop3 { mail_max_userip_connections = 20 pop3_uidl_format = %08Xu%08Xv }
Thanks, David
-- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
I'm interested in this as well, and having looked over the wiki2 pages on LDA and LMTP, and the files conf.d/15-lda.conf and conf.d/20-lmtp.conf to which they refer, I still don't see how the lmtpd knows a given user@domain is a system user. For virtual domains, I guess the assumption is that the Dovecot username is user@domain. (Even that assumption is not necessarily valid; there is no requirement to format virtual usernames that way.)
The closest I can find is "hostname" in 15-lda.conf, but that does not really say anything about it being used to identify a system user.
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
On 22.3.2013, at 11.53, David Obando <david@cryptix.de> wrote:
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze.
passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam }
Nope, you can't currently do "user@domain" auth for sql and "user" for PAM. You could try using passdb checkpassword instead though, which allows you to script it any way you want.
userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd }
Also userdb passwd can't do that.
I've thought of adding a generic passdb/userdb { auth_username_format } setting, but that doesn't exist yet. Would be easy to do though..
Hi,
thanks for the answer. Do I understand you right that currently it's not possible to manage both system users and virtual users in a dovecot 2 and lmtp setup?
You were talking about "adding a generic passdb/userdb { auth_username_format } setting". Are there any plans to do so?
What are your recommendations about migrating from dovecot 1.2.15 to dovecot 2 regarding system and virtual users? Should I use LDA instead of LMTP then?
Thank you very much, David
Timo Sirainen schrieb am 31.03.2013 10:53:
On 22.3.2013, at 11.53, David Obando <david@cryptix.de> wrote:
Timo Sirainen schrieb am 22.03.2013 09:48:
Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze.
passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } Nope, you can't currently do "user@domain" auth for sql and "user" for PAM. You could try using passdb checkpassword instead though, which allows you to script it any way you want.
userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } Also userdb passwd can't do that.
I've thought of adding a generic passdb/userdb { auth_username_format } setting, but that doesn't exist yet. Would be easy to do though..
-- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
On Thu, 2013-04-11 at 11:04 +0200, David Obando wrote:
Hi,
thanks for the answer. Do I understand you right that currently it's not possible to manage both system users and virtual users in a dovecot 2 and lmtp setup?
If you have only a single domain, set auth_username_format=%Ln and configure your virtual userdb to work without @domain.
Or you could switch to using only virtual users, and have your MTA forward the local users' mails to virtual users.
Or you could use userdb checkpassword instead of passwd, which strips away the domain before doing a passwd lookup.
You were talking about "adding a generic passdb/userdb { auth_username_format } setting". Are there any plans to do so?
Sure, but as to when I'll actually implement it, no idea. It's not a big priority right now (although it would probably be pretty quick to implement).
What are your recommendations about migrating from dovecot 1.2.15 to dovecot 2 regarding system and virtual users? Should I use LDA instead of LMTP then?
That's one possibility too, yes.
participants (3)
-
/dev/rob0
-
David Obando
-
Timo Sirainen