[Dovecot] system account delivery userdb authentication
Ben Morrow
ben at morrow.me.uk
Wed May 29 20:44:39 EEST 2013
[Please keep replies on the list.]
At 6AM +0200 on 29/05/13 you (Yann Shukor) wrote:
>
> Although simpler to set up, I chose to steer clear of the single user
> representing 'all' because I liked the idea of giving users access to
> Usermin allowing them to manage their own password and vacation msg
> (+filtering, ...) and furthermore they could login with their username
> (domain-less).
While it's often convenient to make a distinction between 'system' and
'virtual' users, Dovecot doesn't actually know the difference. It just
looks users up in the passdb and userdb you have configured. This means
it's perfectly straightforward to do a completely 'virtual user' setup,
and then change the passdb to 'pam', which will let the users log in
with their ordinary Unix password.
To allow users to log in with just a username, all you need to do is
make sure the users in the userdb and passdb are listed that way.
Userdb passwd and passdb pam naturally are, but there's nothing to stop
you using other userdbs if you want to. The only trick here is that if
you're using LDA/LMTP then incoming deliveries will (or, at least,
usually should) be addressed to a full email address, so you need
auth_username_format to trim that back to a username.
I don't know anything about Usermin, but if it is trying to set up
traditional procmail filtering and vacation(1), you may be in trouble.
Or, at least, you may have to give up on using Dovecot to deliver the
mail and let Postfix's local(8) and procmail deliver it into maildirs
themselves. If you're happy with this, this isn't a problem for Dovecot,
but it might be better to go with Sieve filtering instead.
Sieve is a newish mail filtering language, designed primarily to be safe
(procmail has a nasty habit of letting users run arbitrary programs).
Dovecot's LDA has a pretty complete sieve implementation called
Pigeonhole (you may need to install it separately), which also supports
a protocol called ManageSieve designed for uploading sieve scripts
remotely. There are plugins for some webmail systems (and some desktop
mail clients, for that matter) which let the user edit their filters in
a gooey way; this includes setting up vacation messages. I use Roundcube
webmail for this purpose; it also has a perfectly good PAM password-
changing plugin.
Ben
More information about the dovecot
mailing list