[Dovecot] Please help me resolve why mail isn't being delivered to virtual users

Gerard gerard at seibercom.net
Wed Jan 9 22:33:09 EET 2008 

On Wed, 9 Jan 2008 12:17:22 -0800 (PST)
Asheesh Laroia <asheesh at asheesh.org> wrote:

> On Wed, 9 Jan 2008, Charles Marcus wrote:
> 
> > On 1/9/2008, Asheesh Laroia (asheesh at asheesh.org) wrote:  
> >> Basically - the above is a reason to use 'adduser', not a reason
> >> to use virtual users!  If I'm wrong, please clarify my
> >> understanding.   
> >
> > My understanding is using Virtual Users is inherently more secure,
> > since the users do not have system accounts, much less shell
> > accounts.  
> 
> There should be a straightforward way to set their shell to something
> that prevents shell login but allows Dovecot login.  Then they have
> their own separate security contexts (i.e., UID), so in the case that
> Dovecot goes horribly awry each user's data is isolated from the
> other's.

Whether a user is a virtual user or a regular user makes not
difference. Their data is still isolated from each other. Virtual users
do not have all of their data jumbled together into one file, which
seems to me anyway what you are referring to. A virtual user simply
does not have a system account, and therefore cannot interact with the
system directly. Why give any user who does not require access to a
system the possibility of doing so by making them regular users?
Besides, as I stated in a previous post, once in place, adding virtual
users is trivial and far safer than adding regular shell accounts.

> I believe /bin/false will work for this; since it is not listed in 
> /etc/shells, shell login will fail even with e.g. ssh
> user at host /bin/sh, but PAM should authorize the user for Dovecot.  I
> would double-check this before using it in production.

I am not sure what you are trying to describe here. It appears that you
are not either.

-- 

Gerard
gerard at seibercom.net

Sometimes, when I think of what that girl means
to me, it's all I can do to keep from telling her.

	Andy Capp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20080109/a9c30ca1/attachment.bin

More information about the dovecot mailing list