Eric Abrahamsen via dovecot <[email protected]> writes:
> Hi,
>
> I've been using postfix and dovecot for a few years, and have been doing
> public mailboxes with dovecot-lda, using a postfix transport that looks
> like (line wrapped for the mailer):
>
> my-public-transport unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u <me> -e \
> /usr/lib/dovecot/dovecot-lda -f ${sender} -d <me> -m public/${user}
>
> So messages first passed to spamassassin, using my own personal config
> for bayes rules, then to dovecot-lda, using my user for auth, and
> finally delivering to a public/* mailbox, with acl rules for access.
>
> I'm moving spamassassin to a mimedefang milter, so that's out of the
> equation; and LDA to LMTP, so the postfix config simply becomes:
>
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> That's much nicer, but I'm not sure how to handle the public mailbox
> using LMTP.
>
> How are people doing this? While Googling I saw a recommendation to
> create a virtual user for the public mailboxes, and then presumably
> Postfix would map "[email protected]" to "[email protected]"
> and I would go from there. But that seems a little weird: I don't want
> anyone to be able to log in as publicuser, nor to send mail as that user
> (Postfix uses Dovecot for auth). Yet I don't seem to be able to pass
> other arguments to lmtp, that might indicate which user to use for auth.
What I ended up doing, which is working out very nicely, is nesting
another userdb inside the lmtp protocol stanza:
protocol lmtp {
# ...
userdb {
passwd-file
args = /etc/dovecot/publicuser.db
}
}
That database defines my public user, [email protected], and its
mail/home arguments, but it's only valid for the LMTP transport -- it's
not available for IMAP login, nor postfix SMTP authentication. Its
mailboxes are only accessible by other users, via acl files.
Postfix's virtual_alias_maps contain entries like:
[email protected] [email protected]
Then sieve rules in the public user's directory look at the "to" header
(envelope "to" is always [email protected]) and shunt the mail into
the right mailbox.
This works great (though I'm a tiny bit uncomfortable that the
Delivered-To header still contains "[email protected]").
Later I changed postfix's config to:
[email protected] [email protected]
That way I didn't need a sieve script at all, only needed make sure
recipient_delimiter was "+", and lmtp_save_to_detail_mailbox was "yes".
Hope this is useful for posterity...
Eric
