On 2/2/2011 5:25 PM, Victor Duchovni wrote:
On Wed, Feb 02, 2011 at 05:10:08PM -0500, Matt wrote:
I'm working on replacing an ageing Posfix install with a new server.
On the old and new server we use virtual domains.
On the old server we login with: username.domain.com
On the new server Postfix is configured to allow login as: usern...@domain.com
I'd actually rather prefer the new format, however, for ease of
transition is there a way I can configure Postfix to allow the . and
even better yet, to allow either?
Postfix does not process SASL user-names, they are opaque strings
returned by the SASL library. If your SASL drivers support multiple
login names for the same user account, then Postfix will accept either,
since all the work is done by the SASL library.
If you use smtpd_sender_login_maps, you'll need to list all the variant
names for each login in that table.
If you use dovecot for imap/pop3, you should compile postfix with CFLAG
-DDEF_SERVER_SASL_TYPE=\"dovecot\" Then, dovecot does allow you to
configure the auth to do what you like, such as resolving sasl_username
to the real username in mysql/postgre.
Look at the wiki2 of dovecot for the configuration of "service"
paramter, such as "service auth { config here }". Using the config,
you can include a small bash script, as part of the auth process, to
transform the username using"if" statements. Such as:
if [${USER} != ""]; then
USER=$(sed ....${USER})
endif
You're not limited to bash, just to stdin stdout :) This was really
ingenious of Timo, one maintainer of dovecot as it allowed us to store a
bunch of criteria for security, such as the ip address logging in, the
last login time, etc.
Jerrale G.
SC Senior Admin
