Using a separate passdb per service

Edgar Pettijohn edgar at pettijohn-web.com
Sat Aug 8 03:57:51 UTC 2015 

I'm not sure if this would work, but possibly having two separate 
instances of dovecot with separate configs running may work for you.

http://wiki2.dovecot.org/RunningDovecot

On 08/07/15 11:04, Gerry wrote:
> Situation: one front-facing server running Dovecot as IMAP/POP3/
> ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...)
> in the back-end. Dovecot's passdb does lookups against MySQL which
> contains a simple user/host mapping, the actual authentication happens
> on the back-end IMAP servers. The configuration is more or less as
> described here: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
>
> Now I would like to add a Postfix instance on the front-facing server
> which listens on the submission port and authenticates users via SASL
> using the local Dovecot's UNIX socket. The idea being that a user only
> needs to remember one single hostname, one username and one password
> for all mail-related services.
>
> The problem is that Dovecot is operating in proxy mode, which means
> that the password_query returns NULL as the password and explicitly
> returns a field "nopasswd" containing "Y". Thus, users can not
> authenticate against the UNIX socket.
>
> What I think I want to do is convince Dovecot to use one passdb for the
> imap/pop3/managesieve services and different one for the "auth" service.
>
> The configuration snippet below doesn't work, but it should illustrate
> what I want to achieve:
>
>> protocols = imap pop3 sieve
>>
>> service auth {
>>      passdb sql {
>>          driver = sql
>>          args = /etc/dovecot/mysql-auth-sasl.conf.ext
>>      }
>>
>>      unix_listener /var/spool/postfix/private/auth {
>>          user = postfix
>>          group = postfix
>>          mode = 0666
>>      }
>> }
>>
>> # IMAP/POP3/ManageSieve auth against MySQL
>> passdb sql {
>>      driver = sql
>>      args = /etc/dovecot/mysql-auth-default.conf.ext
>> }
> Example mysql-auth-sasl.conf.ext
>
>> driver = mysql
>> connect = host=127.0.0.1 dbname=mail user=mail password=somethingrandom
>> password_query = SELECT password AS password FROM users WHERE login = '%u'
> Example mysql-auth-default.conf.ext:
>
>> driver = mysql
>> connect = host=127.0.0.1 dbname=mail user=mail password=somethingrandom
>> password_query = SELECT NULL AS password, 'Y' as nopassword, host, 'Y' AS proxy FROM users WHERE login = '%u'
> Any pointers?
>
> Gerry

More information about the dovecot mailing list