Re: [Dovecot] Static list of users with passdb pam
On Thu, 2008-01-31 at 16:33 +0200, Timo Sirainen wrote: Either verify the user's existence in Postfix (I don't really know how, more of a postfix-users list question), or use something else than passdb pam + userdb static. There's just no way to ask from PAM if a user exists or not, and userdb static gives the same values for everyone so it can't verify users' existence either. In that case: Is there any chance of a future user database that is like a stripped-down passwd-file? The password field is never used for a userdb, gecos and shell isn't used either, and the other fields are only required if they are not fixed. Then, in the configuration file, the uid, gid and home can be set to a fixed or default value (as can now be done with passwd). For now, I just fill the passwd-file like this: [username1]::uid:gid::/path/[username1]:: [username2]::uid:gid::/path/[username2]:: which contains a lot of static data in each entry. Best, Koen
Re: [Dovecot] Static list of users with passdb pam
While this solution works fine for imap purposes, I cannot get this to work the way I want with postfix and deliver. What I would like to have is that if a message is sent to a non-existing user, it gets rejected. Instead, I can see in the logs that deliver notices that the mailbox doesn't exist (msgid=[EMAIL PROTECTED]: Couldn't open mailbox {}: Mailbox doesn't exist: {}), but it also reports that it delivered it to the INBOX (msgid=[EMAIL PROTECTED]: saved mail to INBOX) and postfix reports 'status=sent (delivered via dovecot service). I tried several other options (without '-e' the dovecot line in master.cf - same result; without allow_all_users=yes - dovecot-auth complains that: passdb doesn't support lookups, can't verify user's existence). In postfix, I have in main.cf: virtual_mailbox_domains = domain.net virtual_alias_maps = hash:/srv/mail/aliases virtual_transport = dovecot dovecot_destination_recipient_limit = 1 master.cf contains: dovecot unix- n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user} -n -m {$extension} -e In aliases, I have a mapping from, for example, [EMAIL PROTECTED] to koen: [EMAIL PROTECTED] koen dovecot -n shows: # 1.0.10: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_extra_groups: mail mail_location: maildir:/srv/mail/%u/mail mail_debug: yes auth default: passdb: driver: pam userdb: driver: static args: uid=vmail gid=vmail home=/srv/mail/%u allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail I have setup pam with auth required pam_listfile.so onerr=fail item=user sense=allow file=/srv/mail/mailusers Best, Koen On Fri, 2008-01-18 at 10:46 +0100, Koen Vermeer wrote: Thanks for the pointer. I guess I need to change the userdb entry as well. I now have userdb static { args = uid=xxx gid=xxx home=whatever allow_all_users=yes } which seems to do what I want. I'll test some more, but I guess this works fine. Thanks again! Best, Koen On Fri, 2008-01-18 at 09:25 +, Rob Coward wrote: If you are using pam already, why not add to /etc/pam.d/dovecot something like: authrequiredpam_listfile.so onerr=fail item=user sense=allow file=/etc/dovecot/allowed_users The syntax may not be quite correct as this is off the top of my head and I havent tested it, but we do something very similar with other pam authentications, such as from vsftpd, to restrict user access. Regards, Rob On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote: Hi, On my system, I want to provide imap access for some of the users listed in /etc/passwd. The list of users should be provided by me, and should just be a list in a text file. All the userdb options are static (uid, gid, home directory). Unfortunately, I cannot think of a way to configure Dovecot to do this. The closest I get is with: passdb pam {} userdb passwd-file { args = /path/to/passwd-file } However, the passwd-file is now more complex than it really needs to be, as it includes fields for password, uid, gid and home directory as well. Is there some way to handle this? Or am I trying to do something stupid? Thanks! Koen Please consider the environment before printing this email. GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006 Golden Joystick Awards and 'Thames Valley Business Award' for Outstanding Employer of Choice 2006. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager at: mailto:[EMAIL PROTECTED] The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to the quality or accuracy of any information contained in the message or assume any liability for it or for its transmission, reception or storage. This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses. http://www.game.co.uk http://www.gamegroup.plc.uk Registered Number: 1937170 Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ Registered in England and Wales.
[Dovecot] Static list of users with passdb pam
Hi, On my system, I want to provide imap access for some of the users listed in /etc/passwd. The list of users should be provided by me, and should just be a list in a text file. All the userdb options are static (uid, gid, home directory). Unfortunately, I cannot think of a way to configure Dovecot to do this. The closest I get is with: passdb pam {} userdb passwd-file { args = /path/to/passwd-file } However, the passwd-file is now more complex than it really needs to be, as it includes fields for password, uid, gid and home directory as well. Is there some way to handle this? Or am I trying to do something stupid? Thanks! Koen
Re: [Dovecot] Static list of users with passdb pam
Thanks for the pointer. I guess I need to change the userdb entry as well. I now have userdb static { args = uid=xxx gid=xxx home=whatever allow_all_users=yes } which seems to do what I want. I'll test some more, but I guess this works fine. Thanks again! Best, Koen On Fri, 2008-01-18 at 09:25 +, Rob Coward wrote: If you are using pam already, why not add to /etc/pam.d/dovecot something like: auth requiredpam_listfile.so onerr=fail item=user sense=allow file=/etc/dovecot/allowed_users The syntax may not be quite correct as this is off the top of my head and I havent tested it, but we do something very similar with other pam authentications, such as from vsftpd, to restrict user access. Regards, Rob On Fri, 2008-01-18 at 10:04 +0100, Koen Vermeer wrote: Hi, On my system, I want to provide imap access for some of the users listed in /etc/passwd. The list of users should be provided by me, and should just be a list in a text file. All the userdb options are static (uid, gid, home directory). Unfortunately, I cannot think of a way to configure Dovecot to do this. The closest I get is with: passdb pam {} userdb passwd-file { args = /path/to/passwd-file } However, the passwd-file is now more complex than it really needs to be, as it includes fields for password, uid, gid and home directory as well. Is there some way to handle this? Or am I trying to do something stupid? Thanks! Koen Please consider the environment before printing this email. GAME Stores Group Ltd has been awarded Retailer of the Year at the 2006 Golden Joystick Awards and 'Thames Valley Business Award' for Outstanding Employer of Choice 2006. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager at: mailto:[EMAIL PROTECTED] The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to the quality or accuracy of any information contained in the message or assume any liability for it or for its transmission, reception or storage. This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses. http://www.game.co.uk http://www.gamegroup.plc.uk Registered Number: 1937170 Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ Registered in England and Wales.
Re: [Dovecot] Log data on dovecot-auth socket
Op vr, 11-05-2007 te 16:01 +0300, schreef Timo Sirainen: A bit late, but auth_debug_passwords=yes makes it log most of the traffic I think. If not, then I guess there aren't any easy ways. Thanks for the reply! I needed a real log of the conversation. Anyway, I got it working without the log, so never mind. Koen
[Dovecot] Log data on dovecot-auth socket
Hi, Is there any way I can monitor or log the data that is being received/sent on the dovecot-auth socket? I'm trying to debug some authentication stuff, and monitoring the conversation would be very useful. Thanks! Koen
[Dovecot] Master auth: what is 'client-id'?
Hi, I am trying to get some useful data from the master auth socket. On the wiki, I found that I need to do: M: REQUEST TAB id TAB client-pid TAB client-id M: USER TAB id TAB userid TAB service=service [TAB parameters] However, what should I specify for client-id? I cannot find a definition on the Wiki. Thanks! Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op do, 22-03-2007 te 00:10 +0200, schreef Timo Sirainen: You need to tell Postfix's pipe not to send the +mailbox part to Dovecot, since Dovecot just treats user+mailbox as a username. I don't know how though. Just an update: It seems that postfix doesn't first try 'user [EMAIL PROTECTED]' and then '[EMAIL PROTECTED]' when you use pipe. So, I'm trying indeed how to get the address rewritten to '[EMAIL PROTECTED]' when calling deliver. I'll report back on that later. Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op wo, 21-03-2007 te 22:13 +0200, schreef Timo Sirainen: On Mon, 2007-03-19 at 19:28 +0100, Koen Vermeer wrote: The required data is there: The shadow-file contains a list of valid usernames. It would be nice to have something like an extra option for userdb static to tell it to have a look in this list and see if a user exists. Maybe a 'userlist = /var/mail/vhosts/vermeer.tv/shadow' entry or something like that. Running a database just for this purpose seems to be a bit too much... Well... Fine: http://dovecot.org/list/dovecot-cvs/2007-March/008265.html http://dovecot.org/list/dovecot-cvs/2007-March/008266.html Thanks! I patched the Debian rc27 package, and ran a quick test. The new folder isn't created anymore, which is good news! The bad news is that the message is now bounced ('user unknown'). I'm not sure where the problem is: postfix, dovecot, some mis-communication between those two, or just my config... Koen
Re: [Dovecot] deliver to subfolder with dovecot's LDA
Op vr, 16-03-2007 te 22:41 -0400, schreef Bill Boebel: So for the example above, you can call it like this: deliver -d [EMAIL PROTECTED] -m spam To do this from Postfix, /etc/postfix/master.cf: dovecot unix - n n -- pipe flags=DRhu user=virtual argv=/usr/libexec/dovecot/deliver -d ${recipient} -f ${sender} -m ${extension} I have this setup like that, although without the -f and -m options. Anyway, it seems that postfix first tries to run deliver with $recipient=joe+spam, and deliver happily creates a new mailbox 'joe +spam'. Any idea how to solve this? The postfix documentation says it first tries to deliver to 'joe+spam', and then to 'joe'. I'm not sure why deliver just accepts the user+ext name, and creates a new folder. Koen