Eric Abrahamsen via dovecot <dovecot at dovecot.org> writes:
> Hi,
>
> I've been using postfix and dovecot for a few years, and have been
doing
> public mailboxes with dovecot-lda, using a postfix transport that looks
> like (line wrapped for the mailer):
>
> my-public-transport unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u <me> -e \
> /usr/lib/dovecot/dovecot-lda -f ${sender} -d <me> -m public/${user}
>
> So messages first passed to spamassassin, using my own personal config
> for bayes rules, then to dovecot-lda, using my user for auth, and
> finally delivering to a public/* mailbox, with acl rules for access.
>
> I'm moving spamassassin to a mimedefang milter, so that's out of
the
> equation; and LDA to LMTP, so the postfix config simply becomes:
>
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> That's much nicer, but I'm not sure how to handle the public
mailbox
> using LMTP.
>
> How are people doing this? While Googling I saw a recommendation to
> create a virtual user for the public mailboxes, and then presumably
> Postfix would map "info at mydomain.com" to "publicuser+info
at mydomain.com"
> and I would go from there. But that seems a little weird: I don't want
> anyone to be able to log in as publicuser, nor to send mail as that user
> (Postfix uses Dovecot for auth). Yet I don't seem to be able to pass
> other arguments to lmtp, that might indicate which user to use for auth.
What I ended up doing, which is working out very nicely, is nesting
another userdb inside the lmtp protocol stanza:
protocol lmtp {
# ...
userdb {
passwd-file
args = /etc/dovecot/publicuser.db
}
}
That database defines my public user, public at mydomain.net, and its
mail/home arguments, but it's only valid for the LMTP transport -- it's
not available for IMAP login, nor postfix SMTP authentication. Its
mailboxes are only accessible by other users, via acl files.
Postfix's virtual_alias_maps contain entries like:
info at mydomain.net public at mydomain.net
Then sieve rules in the public user's directory look at the "to"
header
(envelope "to" is always public at mydomain.net) and shunt the mail
into
the right mailbox.
This works great (though I'm a tiny bit uncomfortable that the
Delivered-To header still contains "public at mydomain.net").
Later I changed postfix's config to:
info at mydomain.net public+info at mydomain.net
That way I didn't need a sieve script at all, only needed make sure
recipient_delimiter was "+", and lmtp_save_to_detail_mailbox was
"yes".
Hope this is useful for posterity...
Eric