LMTP Post login script for acl_groups

Aki Tuomi aki.tuomi at open-xchange.com
Wed Aug 28 21:11:10 EEST 2019 

> On 28/08/2019 21:07 R.N.S. via dovecot <dovecot at dovecot.org> wrote:
> 
>  
> > Am 28.08.2019 um 20:02 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>:
> > 
> > 
> >> On 28/08/2019 21:01 R.N.S. via dovecot <dovecot at dovecot.org> wrote:
> >> 
> >> 
> >>> Am 28.08.2019 um 19:46 schrieb Jakobus Schürz via dovecot <dovecot at dovecot.org>:
> >>> 
> >>> I think, i had the same problem as you.
> >>> 
> >>> When dovecot runs lmtp, no user is logged in, so there is no user from
> >>> which you can get groups. So i think, my solution is (not really sure,
> >>> if this is right, it's a long time ago, i played around) this transport
> >>> in exim for local delivery
> >>> 
> >>> dovecot_delivery:             
> >>>  debug_print = "T: dovecot_delivery_pipe for $local_part@$domain
> >>> translates to GET_LOCAL_MAIL"
> >>>  driver = pipe               
> >>>  command = /usr/lib/dovecot/deliver -d "GET_LOCAL_MAIL"
> >>>  message_prefix =
> >>>  message_suffix =
> >>>  delivery_date_add
> >>>  envelope_to_add             
> >>>  return_path_add             
> >>>  log_output
> >>>  user = MAILUSER
> >>>  group = MAILUSER
> >>> 
> >>> I have a really sophisticated setup with ldap... so GET_LOCAL_MAIL and
> >>> MAILUSER are makros which get the email-adress and the mailuser for the
> >>> receiving emailadress.
> >>> 
> >>> GET_LOCAL_MAIL could be $local_part@$domain
> >>> MAILUSER is vmail in my setup, the user who owns all mailboxes
> >>> 
> >>> /usr/lib/dovecot/deliver is an alternative for the lmtp-delivery.
> >> 
> >> Unfortunately this way Postfix and Dovecot need to run on the same host.
> >> 
> >> I wonder, if this is a LMTP or Sieve issue. Maybe something can be done in sieve configuration to solve this?
> >> 
> >> Is there nobody from @Dovecot who could give some feedback :-) please :-)
> >> 
> >> Thanks
> >> 
> >> Christian
> > 
> > It could be possible to solve this with auth lua script that would allow returning the acl groups as a string, instead of using post-login script.
> 
> Does that mean, I would give a second userdb with a Lua script?
> 
> Can I combine LDAP and Lua backends? Are both read together or is it a first-match-wins decision?
> 
> Christian

You can combine them, dovecot allows you to decide if you want first-match or all of them.

See https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb

Aki

More information about the dovecot mailing list