[Dovecot] Dovecot auth user lookup patch for maildrop
Hi,
recently I started using maildrop as a MDA doing lightweight filtering in a Postfix/Dovecot mail server combo. Only thing missing was the fact that maildrop couldn't perform user lookups against a user database that was already being served by Dovecot (for smtp auth in Postfix and for imap access obviously) in order to easily determinate proper mailbox location and home directory of my "virtual" users when delivering e-mails. I wanted to avoid having another authentication daemon running (Courier Authlib) that would be serving this data to maildrop, so I've spent some time to write an extension for maildrop that would allow it to do user lookups directly against Dovecot in a similar way how they are done by Dovecot's LDA deliver. For everyone that are using maildrop in a similar setup that may be interested in this extension, a patch against maildrop version 2.0.4 can be downloaded from the following location: http://www.max.rs/ozone/maildrop-2.0.4-dovecotauth.patch.txt
When this patch is applied, maildrop will be extended with another command line option "-t", which can be used to specify the location of Dovecot's master auth socket that will be used when performing user lookups. There's a readme file (README.dovecotauth) together with patch with a little bit more information regarding the use of this extension. I hope that some of you may find my modification to maildrop useful.
-- Best Regards, Marko Njezic - mr.maX @ MAX Interactive corp. Personal: http://www.markonjezic.com/ MAX's Empire: http://www.maxempire.com/ MAX's HTML Beauty++ 2004: http://www.htmlbeauty.com/
Oh, fantastic!
I use Maildrop for quite a few things and I'm reluctant to convert (was considering all kinds of loopy options including some perl based custom delivery tool...). However, it's been annoying me to drag this extra baggage around
Please submit to the maildrop developers - I hope they won't be too reluctant to consider at least dropping it in as a compile time option
Good luck
Ed W
mr.maX wrote:
Hi,
recently I started using maildrop as a MDA doing lightweight filtering in a Postfix/Dovecot mail server combo. Only thing missing was the fact that maildrop couldn't perform user lookups against a user database that was already being served by Dovecot (for smtp auth in Postfix and for imap access obviously) in order to easily determinate proper mailbox location and home directory of my "virtual" users when delivering e-mails. I wanted to avoid having another authentication daemon running (Courier Authlib) that would be serving this data to maildrop, so I've spent some time to write an extension for maildrop that would allow it to do user lookups directly against Dovecot in a similar way how they are done by Dovecot's LDA deliver. For everyone that are using maildrop in a similar setup that may be interested in this extension, a patch against maildrop version 2.0.4 can be downloaded from the following location: http://www.max.rs/ozone/maildrop-2.0.4-dovecotauth.patch.txt
When this patch is applied, maildrop will be extended with another command line option "-t", which can be used to specify the location of Dovecot's master auth socket that will be used when performing user lookups. There's a readme file (README.dovecotauth) together with patch with a little bit more information regarding the use of this extension. I hope that some of you may find my modification to maildrop useful.
-- Best Regards, Marko Njezic - mr.maX @ MAX Interactive corp. Personal: http://www.markonjezic.com/ MAX's Empire: http://www.maxempire.com/ MAX's HTML Beauty++ 2004: http://www.htmlbeauty.com/
On Apr 25, 2009, at 6:20 PM, mr.maX wrote:
+One significant difference compared to Courier Authlib extension is
that Dovecot +Authentication extension will never return uid/gid
that's equal to zero.
This isn't actually true always. gid=0 can be returned, although to
get that working with imap/pop3 requires also setting
first_valid_gid=0. uid=0 is never returned though.
+One significant difference compared to Courier Authlib extension is that Dovecot +Authentication extension will never return uid/gid that's equal to zero.
This isn't actually true always. gid=0 can be returned, although to get that working with imap/pop3 requires also setting first_valid_gid=0. uid=0 is never returned though.
I wasn't really talking about what Dovecot would return from its database. While speaking about "Dovecot Authentication extension" in my text I was refering to my extension to maildrop, which will simply refuse to operate (and cause maildrop to tempfail) if it somehow gets uid/gid that's equal to zero (or system user that's root) as an answer to the auth master query. If I'm not mistaken Dovecot's LDA deliver will also refuse to accept uid/gid that's zero and I based behavior of my maildrop extension on that.
-- Regards, Marko Njezic
participants (3)
-
Ed W
-
mr.maX
-
Timo Sirainen