LMTP and public mailboxes?

Eric Abrahamsen eric at ericabrahamsen.net
Fri Feb 22 23:48:28 EET 2019

Eric Abrahamsen via dovecot <dovecot at dovecot.org> writes:

> Hi,
> I've been using postfix and dovecot for a few years, and have been doing
> public mailboxes with dovecot-lda, using a postfix transport that looks
> like (line wrapped for the mailer):
> my-public-transport unix - n n - - pipe
>   flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u <me> -e \
>   /usr/lib/dovecot/dovecot-lda -f ${sender} -d <me> -m public/${user}
> So messages first passed to spamassassin, using my own personal config
> for bayes rules, then to dovecot-lda, using my user for auth, and
> finally delivering to a public/* mailbox, with acl rules for access.
> I'm moving spamassassin to a mimedefang milter, so that's out of the
> equation; and LDA to LMTP, so the postfix config simply becomes:
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> That's much nicer, but I'm not sure how to handle the public mailbox
> using LMTP.
> How are people doing this? While Googling I saw a recommendation to
> create a virtual user for the public mailboxes, and then presumably
> Postfix would map "info at mydomain.com" to "publicuser+info at mydomain.com"
> and I would go from there. But that seems a little weird: I don't want
> anyone to be able to log in as publicuser, nor to send mail as that user
> (Postfix uses Dovecot for auth). Yet I don't seem to be able to pass
> other arguments to lmtp, that might indicate which user to use for auth.

What I ended up doing, which is working out very nicely, is nesting
another userdb inside the lmtp protocol stanza:

protocol lmtp {
  # ...
  userdb {
    args = /etc/dovecot/publicuser.db

That database defines my public user, public at mydomain.net, and its
mail/home arguments, but it's only valid for the LMTP transport -- it's
not available for IMAP login, nor postfix SMTP authentication. Its
mailboxes are only accessible by other users, via acl files.

Postfix's virtual_alias_maps contain entries like:

info at mydomain.net   public at mydomain.net

Then sieve rules in the public user's directory look at the "to" header
(envelope "to" is always public at mydomain.net) and shunt the mail into
the right mailbox.

This works great (though I'm a tiny bit uncomfortable that the
Delivered-To header still contains "public at mydomain.net").

Later I changed postfix's config to:

info at mydomain.net   public+info at mydomain.net

That way I didn't need a sieve script at all, only needed make sure
recipient_delimiter was "+", and lmtp_save_to_detail_mailbox was "yes".

Hope this is useful for posterity...


More information about the dovecot mailing list