dovecot - Mar 2006 - Dovecot, LDAP and something akin to Postfix' "table search order" from virtual deliver.

Hi.

/* The short version. */

Is there a way to mimic Postfix' "table search order" in
Dovecot's LDAP
configuration of pass_filter/user_filter?

/* Here goes the detailed description :) */

Just to quote the http://www.postfix.org/virtual.8.html:

---

TABLE SEARCH ORDER

(...)

The search order is as follows. The search stops upon  the
        first successful lookup.

(...)

        o      The user at domain.tld address, without address exten-
               sion, is looked up next.

        o      Finally, the recipient @domain is looked up.

---

Basicaly this allows to have separate users assigned addresses like 
j.doe at example.com (first account), j.smith at example.com (second account) 
and at the same time to have a "catch all" anything at example.com
mailbox
(for the administrator e.g.).

What do I need it for? To have dovecot-lda working. Why? I want Sieve :)

The test data may look as follows:

account #1:
  + mail: j.doe at example.com
  + mailAlternateAddress: j.c.doe at example.com

account #2:
  + mail: j.smith at example.com
  + mailAlternateAddress: j.t.smith at example.com

account #3 (administrator):
  + mail: bofh at example.com
  + mailAlternateAddress: @example.com (means - anything possible)

The filter I used is (more or less - for both pass_filter and user_filter):

(|(mail=%u)(mailAlternateAddress=%u)(mailAlternateAddress=@%d))

Just for testing purposes I've stripped off some irrelevant data (like 
checking if the account is active), since that made the filter about 140 
characters long ;)

The trouble is when there're both a "catch all" and a true account
that
are linked to different accounts. As an example, if I try to send mail 
to "j.doe at example.com" I receive:

dovecot: auth(default): ldap(j.doe at example.com): Multiple replies found 
for user

Which is of course true, since the filter returns "account #2" and 
"account #3".

What I'd like to get? I'd like to set the filter to:

(|(mail=%u)(mailAlternateAddress=%u))

Where "%u" is expanded to "j.doe at example.com" during the
first run

Then, if dovecot can't find any user that would match this literaly it 
should retry the search operation, but now with "@example.com" as the
"%u".

I've tried to fiddle with the filter itself, but I see any reasonable 
way of doing it. I don't even know if it is possible at all.

Could anyone give me a hint? Or maybe it's already on someone's whish
list?

Some final info.

* I've followed the examples on dovecot.org website:

http://wiki.dovecot.org/LDA#head-dacb9b9a1f19c3ea86bb6f8caa3d64e3ddad9ef8

* Here's the dovecot's master.conf entry:

dovecot unix - n n - - pipe flags=DRhu user=mail:mail 
argv=/usr/libexec/dovecot/deliver -d ${recipient}

Best regards!
Pawel Sawicki

Pawel Sawicki wrote:
> Is there a way to mimic Postfix' "table search order" in
Dovecot's LDAP
> configuration of pass_filter/user_filter?
(...)

Well I think I've managed to prepare a rather simple patch:

---

$ cvs diff -u src/deliver.c
Index: src/deliver.c
==================================================================RCS file:
/home/cvs/dovecot-lda/src/deliver.c,v
retrieving revision 1.39
diff -u -r1.39 deliver.c
--- src/deliver.c       8 Feb 2006 11:39:29 -0000       1.39
+++ src/deliver.c       21 Mar 2006 21:05:55 -0000
@@ -477,7 +477,6 @@
                         return NULL;
                 }

-               script_path = home_expand(SIEVE_SCRIPT_PATH);
                 if (*script_path != '/' && *script_path !=
'\0') {
                         /* relative path. change to absolute. */
                         script_path = t_strconcat(getenv("HOME"),
"/",
@@ -570,6 +569,23 @@
                         auth_socket = DEFAULT_AUTH_SOCKET_PATH;

                 ret = user_init(auth_socket, destination);
+
+               /*
+                * Try to check for Postfix-like catch-all virtual 
mailbox address.
+                * Contributed by Pawel Sawicki 
<pawel.sawicki at pawel-sawicki.com>.
+                */
+
+               if (ret != 0) {
+                       /* Find the first '@' character and rerun the 
check. */
+                       destination = (const char *) strchr(destination, 
'@');
+
+                       /* Rerun the check. */
+                       if (destination != NULL)
+                               ret = user_init(auth_socket, destination);
+               }
+
+               /* End of Postfix-like catch-all virtual mailbox address 
check. */
+
                 if (ret != 0)
                         return ret;

---

First of all - in this case only user_filter is important :)

All in all - the code does its job perfectly. There's one distadvantage 
though. For each unsuccesful lookup (the first one) it produces an entry 
in the error log (syslog). While it would require more work inside the 
dovecot itself I left it intact :)

The patch is is based on 1.39, not 1.40, but it touches no changes made 
in 1.40.

Moreover I think I've located an error when dovecot received sieve path 
from userdb (the first change in the patch). Regardless of the passed 
value it was overwritten - this is my guess at least. Can anyone please 
comment on that?

Best regards,
Pawel Sawicki

Hi!

Just for the sake of archive completeness - I've managed to solve my
problem without any dirty hacks or something.

The key part was to rewrite recipient address before relying mail to
dovecot deliver. This can be achieved using e.g.
recipient_canonical_maps. More info can be found here:

http://pjs.name/pages/en/blog/postfix_dovecot_deliver_catchall/

Once again - thanks Maciej for your input :)

Regards,
Pawel