Fwd: lmtp and virtual users

David Wells - Alfavinil S.A. dwells at alfavinil.com
Tue Oct 1 17:33:17 EEST 2019


Good morning.

I was just reading
https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups and found the
following statement
> When using LDA <https://wiki.dovecot.org/LDA> and static userdb,
> deliver can check if destination user exists. With auth binds this
> check isn't possible.

Is this still relevant? Is there a workaround? It seems like using
dovecots lmtp in an active directory environment is not possible, is
this correct?


-------- Mensaje reenviado --------
Asunto: 	Re: lmtp and virtual users
Fecha: 	Mon, 30 Sep 2019 17:14:16 -0300
De: 	David Wells - Alfavinil S.A. via dovecot <dovecot at dovecot.org>
Responder a: 	David Wells - Alfavinil S.A. <dwells at alfavinil.com>
Para: 	Aki Tuomi <aki.tuomi at open-xchange.com>, dovecot at dovecot.org



Dear Aki, good afternoon.

Thank you very much for your response and thank you again for the tip on
how I could resolve this issue. The problem I'm facing is that I need
dovecot to serve emails with two different authorization methods for
imap and sasl, one through the kerberos ticket as in
https://wiki.dovecot.org/Authentication/Kerberos which I have working
but only with a static userdb and also with plain (over tls of course)
performing an ldap bind. I also need to verify the validity of incoming
emails for the lmtp process. I have only managed to get plain working
with the ldap userdb, or the kerberos solution with static databases and
no address verification working but not both. I believe I could set up
two different dovecot instances listening on different ports or even on
different ip addresses over the same ethernet device but I believe I
would run into problems with the locking of files and I would like a one
solution to serve them all. Is this even possible? Is there information
on how to achieve this somewhere I haven't found?

Thank you very much again.
Best regards,
David Wells.

El 30/09/2019 a las 03:36, Aki Tuomi escribió:
> On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote:
>> Good afternoon.
>>
>> I have dovecot setup to authenticate virtual users using either gssapi
>> or doind a bind to an ldap server to achieve a single sign on capable
>> imap server connected to a samba active directory DC. What I am also
>> trying to achieve is to have dovecot's lmtp daemon handle the mails
>> passed from postfix. However, the only way I've gotten this to work is
>> setting allow_all_users = yes in the userdb but this causes lmtp to
>> deliver mails to non existant accounts without rejection. I've been
>> searching but haven't found a way to set this same thing up but having
>> dovecots lmtp check the validity of the mails recipient against the same
>> samba AD DC through ldap before delivering it and rejecting unknown
>> email addresses. Could someone please provide some insight into how to
>> achieve this?
>>
>> Thank you very much in advance.
>> Best regards,
>> David Wells.
>>
>>
> You could setup LDAP userdb without bind authentication, and use a
> service account instead.
>
> Aki
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20191001/f4ff5cdb/attachment-0001.html>


More information about the dovecot mailing list