subscriber at viliar.net.ru
2007-Jan-12 01:54 UTC
[Dovecot] dovecot Digest, Vol 45, Issue 18
> > I use postfx 2.3.5 + dovecot (pop3/imap/lda/auth daemon for postfix) rc15. > > root at post /etc/postfix# grep dovecot main.cf > smtpd_sasl_type = dovecot > virtual_transport = dovecot > dovecot_destination_recipient_limit = 1 > > root at post /etc/dovecot# grep password_query dovecot-sql.conf > password_query = SELECT mail as user, cryptp as password, > CONCAT('/home/vmail/',homedir,'/',maildir,'/') as userdb_home, uid as userdb_uid, gid as > userdb_gid, CONCAT('dirsize:/home/vmail/',homedir,'/',maildir,'/',':storage=',quota/1024) as > userdb_quota, nice as userdb_nice, hosts as allow_nets FROM users WHERE mail = '%u' and access > 'Y' and %Ls = 'Y'; > > > When I insert allow_nets (and it should be used without userdb_ prefix) into password_query I could > not send any more letters. In logs next: > > Dec 19 11:25:30 post dovecot: auth-worker(default): sql(mail at example.com): query: SELECT mail as > user, cryptp as password, CONCAT('/home/vmail/',homedir,'/',maildir,'/' > ) as userdb_home, uid as userdb_uid, gid as userdb_gid, > CONCAT('dirsize:/home/vmail/',homedir,'/',maildir,'/',':storage=',quota/1024) as userdb_quota, nice > as userdb_nice > , hosts as allow_nets FROM users WHERE mail = 'mail at example.com' and access = 'Y' and smtp = 'Y'; > Dec 19 11:25:30 post dovecot: auth-worker(default): passdb(mail at example.com): allow_nets check > failed: Remote IP not known > > As I understand, postfix does not transfer to dovecot auth daemon rip ( remote ip ). And it is > looks like allow_nets it is impossible to use together with dovecot sasl auth in postfix. > > Do we have any workaround on it? > >Hello again. As I think, this problem is realy about dovecot. Probably it should not doing looking at allow_net then it using for external auh, or then %Ls = smtp ? Just another trap/check to prevent problem like this? Or am I wrong? Thanks.
On Fri, 2007-01-12 at 04:54 +0300, subscriber at viliar.net.ru wrote:> > Dec 19 11:25:30 post dovecot: auth-worker(default): sql(mail at example.com): query: SELECT mail as > > user, cryptp as password, CONCAT('/home/vmail/',homedir,'/',maildir,'/' > > ) as userdb_home, uid as userdb_uid, gid as userdb_gid, > > CONCAT('dirsize:/home/vmail/',homedir,'/',maildir,'/',':storage=',quota/1024) as userdb_quota, nice > > as userdb_nice > > , hosts as allow_nets FROM users WHERE mail = 'mail at example.com' and access = 'Y' and smtp = 'Y'; > > Dec 19 11:25:30 post dovecot: auth-worker(default): passdb(mail at example.com): allow_nets check > > failed: Remote IP not known > > > > As I understand, postfix does not transfer to dovecot auth daemon rip ( remote ip ). And it is > > looks like allow_nets it is impossible to use together with dovecot sasl auth in postfix. > > > > Do we have any workaround on it? > > > > > Hello again. > > As I think, this problem is realy about dovecot. Probably it should not doing looking at allow_net then > it using for external auh, or then %Ls = smtp ? Just another trap/check to prevent problem like this? > Or am I wrong?I don't think Dovecot at least should have any checks that "oh, there's no IP address, let's just ignore allow_nets then and let the poor user in". But yes, you could do that that in the SQL query by returning allow_nets=NULL when %Ls = smtp. I think Postfix should some day be modified to support providing rip/lip.. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070119/688d6d53/attachment.bin>