Re: [Dovecot] Static list of users with passdb pam
On Thu, 2008-01-31 at 16:33 +0200, Timo Sirainen wrote: Either verify the user's existence in Postfix (I don't really know how, more of a postfix-users list question), or use something else than passdb pam + userdb static. There's just no way to ask from PAM if a user exists or not, and userdb static gives the same values for everyone so it can't verify users' existence either. In that case: Is there any chance of a future user database that is like a stripped-down passwd-file? The password field is never used for a userdb, gecos and shell isn't used either, and the other fields are only required if they are not fixed. Then, in the configuration file, the uid, gid and home can be set to a fixed or default value (as can now be done with passwd). For now, I just fill the passwd-file like this: [username1]::uid:gid::/path/[username1]:: [username2]::uid:gid::/path/[username2]:: which contains a lot of static data in each entry. Best, Koen
Re: [Dovecot] Static list of users with passdb pam
While this solution works fine for imap purposes, I cannot get this to
work the way I want with postfix and deliver. What I would like to have
is that if a message is sent to a non-existing user, it gets rejected.
Instead, I can see in the logs that deliver notices that the mailbox
doesn't exist (msgid=[EMAIL PROTECTED]: Couldn't open
mailbox {}: Mailbox doesn't exist: {}), but it also reports that it
delivered it to the INBOX (msgid=[EMAIL PROTECTED]:
saved mail to INBOX) and postfix reports 'status=sent (delivered via
dovecot service). I tried several other options (without '-e' the
dovecot line in master.cf - same result; without allow_all_users=yes -
dovecot-auth complains that: passdb doesn't support lookups, can't
verify user's existence).
In postfix, I have in main.cf:
virtual_mailbox_domains = domain.net
virtual_alias_maps = hash:/srv/mail/aliases
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
master.cf contains:
dovecot unix- n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${user} -n -m {$extension} -e
In aliases, I have a mapping from, for example, [EMAIL PROTECTED] to
koen:
[EMAIL PROTECTED] koen
dovecot -n shows:
# 1.0.10: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_extra_groups: mail
mail_location: maildir:/srv/mail/%u/mail
mail_debug: yes
auth default:
passdb:
driver: pam
userdb:
driver: static
args: uid=vmail gid=vmail home=/srv/mail/%u allow_all_users=yes
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
I have setup pam with
auth required pam_listfile.so onerr=fail item=user sense=allow
file=/srv/mail/mailusers
Best,
Koen
On Fri, 2008-01-18 at 10:46 +0100, Koen Vermeer wrote:
Thanks for the pointer. I guess I need to change the userdb entry as
well. I now have
userdb static {
args = uid=xxx gid=xxx home=whatever allow_all_users=yes
}
which seems to do what I want. I'll test some more, but I guess this
works fine. Thanks again!
Best,
Koen
On Fri, 2008-01-18 at 09:25 +, Rob Coward wrote:
If you are using pam already, why not add to /etc/pam.d/dovecot
something like:
authrequiredpam_listfile.so onerr=fail item=user sense=allow
file=/etc/dovecot/allowed_users
The syntax may not be quite correct as this is off the top of my head
and I havent tested it, but we do something very similar with other pam
authentications, such as from vsftpd, to restrict user access.
Regards,
Rob
On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote:
Hi,
On my system, I want to provide imap access for some of the users listed
in /etc/passwd. The list of users should be provided by me, and should
just be a list in a text file. All the userdb options are static (uid,
gid, home directory). Unfortunately, I cannot think of a way to
configure Dovecot to do this. The closest I get is with:
passdb pam {}
userdb passwd-file {
args = /path/to/passwd-file
}
However, the passwd-file is now more complex than it really needs to be,
as it includes fields for password, uid, gid and home directory as well.
Is there some way to handle this? Or am I trying to do something stupid?
Thanks!
Koen
Please consider the environment before printing this email.
GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006
Golden Joystick Awards and
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the
individual or entity to whom they are addressed. If you have received this
e-mail in error please
notify the system manager at:
mailto:[EMAIL PROTECTED]
The recipient acknowledges that the transmissions made via the Internet can
be corrupted and therefore
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as
to the quality or accuracy of
any information contained in the message or assume any liability for it or
for its transmission, reception or storage.
This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses.
http://www.game.co.uk
http://www.gamegroup.plc.uk
Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21
6YJ Registered in England and Wales.
[Dovecot] Static list of users with passdb pam
Hi,
On my system, I want to provide imap access for some of the users listed
in /etc/passwd. The list of users should be provided by me, and should
just be a list in a text file. All the userdb options are static (uid,
gid, home directory). Unfortunately, I cannot think of a way to
configure Dovecot to do this. The closest I get is with:
passdb pam {}
userdb passwd-file {
args = /path/to/passwd-file
}
However, the passwd-file is now more complex than it really needs to be,
as it includes fields for password, uid, gid and home directory as well.
Is there some way to handle this? Or am I trying to do something stupid?
Thanks!
Koen
Re: [Dovecot] Static list of users with passdb pam
Thanks for the pointer. I guess I need to change the userdb entry as
well. I now have
userdb static {
args = uid=xxx gid=xxx home=whatever allow_all_users=yes
}
which seems to do what I want. I'll test some more, but I guess this
works fine. Thanks again!
Best,
Koen
On Fri, 2008-01-18 at 09:25 +, Rob Coward wrote:
If you are using pam already, why not add to /etc/pam.d/dovecot
something like:
auth requiredpam_listfile.so onerr=fail item=user sense=allow
file=/etc/dovecot/allowed_users
The syntax may not be quite correct as this is off the top of my head
and I havent tested it, but we do something very similar with other pam
authentications, such as from vsftpd, to restrict user access.
Regards,
Rob
On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote:
Hi,
On my system, I want to provide imap access for some of the users listed
in /etc/passwd. The list of users should be provided by me, and should
just be a list in a text file. All the userdb options are static (uid,
gid, home directory). Unfortunately, I cannot think of a way to
configure Dovecot to do this. The closest I get is with:
passdb pam {}
userdb passwd-file {
args = /path/to/passwd-file
}
However, the passwd-file is now more complex than it really needs to be,
as it includes fields for password, uid, gid and home directory as well.
Is there some way to handle this? Or am I trying to do something stupid?
Thanks!
Koen
Please consider the environment before printing this email.
GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006
Golden Joystick Awards and
'Thames Valley Business Award' for Outstanding Employer of Choice 2006.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the
individual or entity to whom they are addressed. If you have received this
e-mail in error please
notify the system manager at:
mailto:[EMAIL PROTECTED]
The recipient acknowledges that the transmissions made via the Internet can
be corrupted and therefore
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to
the quality or accuracy of
any information contained in the message or assume any liability for it or
for its transmission, reception or storage.
This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses.
http://www.game.co.uk
http://www.gamegroup.plc.uk
Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21
6YJ Registered in England and Wales.
Re: [Dovecot] Log data on dovecot-auth socket
Op vr, 11-05-2007 te 16:01 +0300, schreef Timo Sirainen: A bit late, but auth_debug_passwords=yes makes it log most of the traffic I think. If not, then I guess there aren't any easy ways. Thanks for the reply! I needed a real log of the conversation. Anyway, I got it working without the log, so never mind. Koen
[Dovecot] Log data on dovecot-auth socket
Hi, Is there any way I can monitor or log the data that is being received/sent on the dovecot-auth socket? I'm trying to debug some authentication stuff, and monitoring the conversation would be very useful. Thanks! Koen
[Dovecot] Master auth: what is 'client-id'?
Hi, I am trying to get some useful data from the master auth socket. On the wiki, I found that I need to do: M: REQUEST TAB id TAB client-pid TAB client-id M: USER TAB id TAB userid TAB service=service [TAB parameters] However, what should I specify for client-id? I cannot find a definition on the Wiki. Thanks! Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op do, 22-03-2007 te 00:10 +0200, schreef Timo Sirainen: You need to tell Postfix's pipe not to send the +mailbox part to Dovecot, since Dovecot just treats user+mailbox as a username. I don't know how though. Just an update: It seems that postfix doesn't first try 'user [EMAIL PROTECTED]' and then '[EMAIL PROTECTED]' when you use pipe. So, I'm trying indeed how to get the address rewritten to '[EMAIL PROTECTED]' when calling deliver. I'll report back on that later. Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op wo, 21-03-2007 te 22:13 +0200, schreef Timo Sirainen:
On Mon, 2007-03-19 at 19:28 +0100, Koen Vermeer wrote:
The required data is there: The shadow-file contains a list of valid
usernames. It would be nice to have something like an extra option for
userdb static to tell it to have a look in this list and see if a user
exists. Maybe a 'userlist = /var/mail/vhosts/vermeer.tv/shadow' entry or
something like that. Running a database just for this purpose seems to
be a bit too much...
Well... Fine: http://dovecot.org/list/dovecot-cvs/2007-March/008265.html
http://dovecot.org/list/dovecot-cvs/2007-March/008266.html
Thanks! I patched the Debian rc27 package, and ran a quick test. The new
folder isn't created anymore, which is good news! The bad news is that
the message is now bounced ('user unknown'). I'm not sure where the
problem is: postfix, dovecot, some mis-communication between those two,
or just my config...
Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op vr, 16-03-2007 te 22:41 -0400, schreef Bill Boebel:
So for the example above, you can call it like this:
deliver -d [EMAIL PROTECTED] -m spam
To do this from Postfix, /etc/postfix/master.cf:
dovecot unix - n n -- pipe
flags=DRhu user=virtual argv=/usr/libexec/dovecot/deliver -d ${recipient} -f
${sender} -m ${extension}
I have this setup like that, although without the -f and -m options.
Anyway, it seems that postfix first tries to run deliver with
$recipient=joe+spam, and deliver happily creates a new mailbox 'joe
+spam'. Any idea how to solve this?
The postfix documentation says it first tries to deliver to 'joe+spam',
and then to 'joe'. I'm not sure why deliver just accepts the user+ext
name, and creates a new folder.
Koen
