[Dovecot] Locking down master user to certain domains through passwd-file auth

[Andrew Obertas]

Yeah, I had screwed up and completely missed the segment at the bottom 
of the variables section that showed how to use them. Felt pretty bad 
after spending a few days trying to get SQL working, noticing how a long 
variable name was referenced in one of the auth lines, and then going 
back to find out that I could have saved myself a lot of trouble by 
reading more thoroughly.

I do have a new issue that I'm trying to fix, though it's probably best 
for me to update Dovecot and see if it persists. For whatever reason, 
I'm starting to see the Dovecot auth worker reporting passwd auth 
attempts without an IP and the log lines don't match up with how a 
normal failed login attempt should look. I'll do that in a separate 
thread though.

Best regards,

Andrew Obertas
Technical Support Representative
Infinet Communications Group

On 12/8/2013 1:47 PM, Timo Sirainen wrote:
> On 22.11.2013, at 0.24, Andrew Obertas <andrew at infinet.net> wrote:
>
>> Hello,
>>
>> I know it is possible to lock down a master user to only have access to certain domains through SQL login but I was wondering if the same was possible with a passwd-based system. I currently have a master-passwd file residing in the /etc/virtual/domain.com/ directories I want the master user to be able to log in to. Is there a way to tell passdb to only allow the master user login to proceed if they can auth to the master-passwd file in the same folder as the user? Alternatively, is there a better way to go about this?
>>
>> What I assumed would be the easy approach, where the domain from the user's e-mail is fetched, doesn't seem to work as %d fetches the master user's domain and, unless I'm doing something wrong, the login_domain variable cannot be used as this is outside Dovecot-auth.
> What do you mean outside Dovecot-auth? Master user login is done in auth process. %{login_domain} should work I think..
>
>