[Dovecot] Dovecot LDA, LDAP, Postfix and Spawning programs..
Qmail, when using LDAP, a user can specify delvieryProgramPath, or a .qmail file, to launch something like procmail. Qmail correctly setuid() to the uids set for the user in LDAP, as well as set up the common env vars (HOME, USER, MAILDIR).
We moved to Postfix but found that it is quite lacking in the features supported when it comes to "virtual" users. No .forward, and if you set up an alternate transport, they are run as "any user but root, nor postfix, nor the virtual-user's uid". And worse, does not even supply the HOME/MAILDIR values to transport delivery plugin. (Forcing it to getpwnam() or similar).
I have an option to make my own setuid program to query LDAP (postmap -q would work), setuid() and call, say, procmail.
It has been suggested I can use "maildrop" as it can talk to LDAP. However, I picked "Dovecot" as my pop3/imap program due to an irrational dislike of Courier imap.
So, if I tried Dovecot-LDA, would it support the user optionally having a ".forward" file, or perhaps the LDAP attribute deliveryProgramPath, or some other way to filter based on subject/body to sort, and/or forward, mail?
If it can use LDAP, will it setuid() to the users uid (as set in LDAP, assuming I cook the LDAP conf entries correctly) when delivering(I'd hope so!) and running external filters?
I am still running rc10, which works well but flips out regularly. (Previously mentioned 'too many files open' bug, some leaks in locks) I will upgrade when the LDAP changes are deemed stable.
Lund
-- Jorgen Lundman | <lundman@lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
On Thu, 2006-11-16 at 09:42 +0900, Jorgen Lundman wrote:
So, if I tried Dovecot-LDA, would it support the user optionally having a ".forward" file, or perhaps the LDAP attribute deliveryProgramPath, or some other way to filter based on subject/body to sort, and/or forward, mail?
It doesn't support .forward or executing other programs, but you can do filtering and forwarding with Sieve plugin.
If it can use LDAP, will it setuid() to the users uid (as set in LDAP, assuming I cook the LDAP conf entries correctly) when delivering(I'd hope so!) and running external filters?
deliver gets the authentication information from dovecot-auth. So if you have the user's uid correctly in there, then deliver does setuid().
participants (2)
-
Jorgen Lundman
-
Timo Sirainen