Properly "locking" a useraccount (on a proxy)

Robert Schetterer rs at
Tue Oct 21 19:46:54 UTC 2014

Am 21.10.2014 um 20:37 schrieb Ralf Hildebrandt:
> * Ralf Hildebrandt <r at>:
>> 2) defer LMTP delivery somehow (Postfix is talking to dovecot's LMTP server)
> I could of course put a mysql: query into postfix which would return 
> user at domain retry:
> for the "locked" user. But I'm lazy and would prefer a single place /
> a single query to lock the account

in sql postfixadmin schema there is an "active" flag 0 vs 1 per user

smtpd_recipient_restrictions = reject_unknown_recipient_domain,

i use configured it as

query = SELECT CONCAT('REJECT mailaddress %s is set in inactive mode')
address FROM mailbox WHERE username='%s' AND active = '0'

you may use not REJECT but

421 text (Postfix 2.3 and later) which is tmp error

dovecot site may look like this


password_query = SELECT username as user, password, \
1001 as userdb_uid, \
1001 as userdb_gid, \
"/usr/local/virtual/%d/%u/" AS userdb_home, \
"maildir:/usr/local/virtual/%d/%u/" AS userdb_mail \
FROM mailbox WHERE username = '%u' AND active = '1'

but to be honest, its a long time ago i tested this feature, and in real
world nobody seems to use "active" settings

however perhaps you can adapt this idea to fit in your setup somehow

Best Regards
MfG Robert Schetterer

[*] sys4 AG, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the dovecot mailing list