You really need to database your passwd auth
sasl supports pgsql / mysql
you can then alter the queries by selecting flags pending the access you
want to allow
dovecot-pgsql.conf
password_query = SELECT username as user, password FROM email_users
WHERE username = '%u' and password <> 'alias' and status = True and
destination = '%u'
user_query = SELECT home, uid, gid FROM email_users WHERE username =
'%u' and password <> 'alias' and status = True and destination = '%u'
#iterate_query = SELECT user, password FROM email_users WHERE username =
'%u' and password <> 'alias' and status = True and destination = '%u'
iterate_query = SELECT "username" as user, domain FROM email_users WHERE
status = True and alias_flag = False
postfix
smtpd.conf -> /usr/local/lib/sasl2/smtpd.conf
#Postygres
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
auxprop_plugin: sql
sql_engine: pgsql
sql_hostnames: pg.scom.ca:5433
sql_database: scom_billing
sql_user: xxxx
sql_passwd: xxxx
sql_select: SELECT password FROM email_users WHERE username = '%u@%r'
and password <> 'alias' and currentcount_bad < 30 and status = True
i use status to allow disabling the users ability to login but you can
easily expand the select statement to include another flag for imap user(s)
Happy Wednesday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]
On 6/1/2022 7:40 AM, [email protected] wrote:
Hi,
we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP
users.
We also use this for Postfix authentication. Nothing special.
But, we need to exclude some of the users from IMAP login.
This means, some users should be allowed to send mail via Postfix (submission)
and therefore
authenticate via SASL against dovecot successfully, but they should not be
allowed to login
to their IMAP mail box.
How could this be done?
Thanks!
-lutzn
