[Dovecot] Disable PAM username change?

George jorgito1412 at gmail.com
Wed Aug 28 20:12:47 EEST 2013 

Ok, I figured it out.

I used the dovecot_delivery transport with Exim. When using the "-d
$local_part" option, it does the same userdb lookup that Dovecot itself
does later, so the mail gets delivered and is fetched to the right location.

Hope this helps.

Best regards.


On Sat, Aug 24, 2013 at 4:52 AM, George <jorgito1412 at gmail.com> wrote:

> Hi! I have a problem involving Samba4, exim4, fetchmail, Dovecot and PAM...
> I am using Dovecot 2.1.7 on Debian Wheezy.
>
> I have setup a "maildrop" machine, which fetches mail from an external
> POP3 server for multiple accounts using fetchmail, delivers to local users
> mailboxes through exim4 and then serves them on the intranet via IMAP with
> Dovecot.
> This works great with local unix users, but I am having some trouble to
> configure it to work with Samba4 AD users (Samba 4.0.9 running as a DC on
> the same machine).
>
> Basically, I have configured PAM with winbind and it works fine (AD users
> can SSH the machine for example). Dovecot also authenticates properly via
> PAM, but the problem is that the username gets changed in the process (PAM
> returrns the "username" as "DOMAIN\username"):
>
> Aug 21 22:50:22 dc2 dovecot: auth-worker(5179): Debug:
> auth(foo,127.0.0.1): username changed foo -> DOMAIN\foo
> Aug 21 22:50:22 dc2 dovecot: auth: Debug:
> auth(foo,127.0.0.1,<0bBfg3/kpQB/AAAB>): username changed foo -> DOMAIN\foo
>  Aug 21 22:50:22 dc2 dovecot: auth: Debug: client out:
> OK#0111#011user=DOMAIN\foo
>
> So the actual problem is that exim4 is delivering the mail to, for
> example, "/var/mail/foo" but Dovecot is looking for the mailbox on
> "/var/mail/DOMAIN\foo", even if the username given in the IMAP session is
> just "foo". The wiki mentions<http://wiki2.dovecot.org/PasswordDatabase/PAM>that "a PAM module can change the username". Can this be avoided?
>
> I need either:
> * Exim to deliver the mail to the user mailbox, *including* the domain
> part (out of scope of this list, but information is welcome), or
> * Dovecot to fetch the mail *not* using the domain part as part of the
> username variable.
>
> As a quick and dirty workaround, I hardcoded the domain part in the exim
> delivery path (something like "/var/mail/DOMAIN\\$local_part"), but this is
> far from optimal since I cannot use both unix users and AD users, I cannot
> use dovecot_delivery LDA transport, etc.
>
> As a bottom line, I also posted this to the Samba list because I believe
> this could also be solved if winbind just always returned the username
> without the domain when queried (conf option not working, probable bug)
>
> Ideas are welcome!!
>
> Best regards,
>
> Jorge
>

More information about the dovecot mailing list