thr3ads.net - dovecot - [Dovecot] LMTP: Rejecting unknown users [Aug 2010]

If this information is useful, please help other people find it:
Share via:

Peer Heinlein

2010-Aug-04 13:37 UTC

[Dovecot] LMTP: Rejecting unknown users

Hi!

I'm using static results in LDAP-lookups:

uris = ldap://127.0.0.1
dn = xxxxxxxxxxxxx
dnpass = xxxxxxxxxxxx
tls = no
ldap_version = 3
base = xxxxxxxxxxxxxxxxx
user_attrs = 
=home=/mail/%d/%n,=uid=10000,=gid=10000,jpberlinMailQuota=quota_rule=*:storage=%$B
user_filter = (email=%u)
pass_attrs = userPassword=password
pass_filter = (email=%u)
default_pass_scheme = PLAIN

Unfortunately, LMTP accepts mail for *all* users, even for those users, 
that doesn't exist in LDAP at all:

010-08-04 12:27:58 auth: Debug: Loading modules from 
directory: /usr/lib/dovecot/modules/auth
2010-08-04 12:27:58 auth: Debug: auth client connected (pid=10049)
2010-08-04 12:27:58 lmtp(10054): Debug: none: root=, index=, control=, 
inbox2010-08-04 12:27:58 auth: Debug: master in: USER        1       
tessdfdfgdsft at example.org       service=lmtp    lip=(null)      r
ip=(null)
2010-08-04 12:27:58 auth: Debug: 
ldap(tessdfdfgdsft at example.org,0.0.0.0): user search: 
base=xxxxxxxxxxxxxxxxxxx
2010-08-04 12:27:58 auth: Debug: 
ldap(tessdfdfgdsft at example.org,0.0.0.0): no fields returned by the 
server
2010-08-04 12:27:58 auth: Debug: master out: USER       1       
tessdfdfgdsft at example.org       home=/mail/example.org/tessdfdfgd
sft    uid=10000       gid=10000
2010-08-04 12:27:58 lmtp(10054): Debug: auth input: 
tessdfdfgdsft at example.org home=/mail/example.org/tessdfdfgdsft 
uid=10000 gid10000
2010-08-04 12:27:58 lmtp(10054, tessdfdfgdsft at example.org): Debug: 
Effective uid=10000, gid=10000, home=/mail/example.org/tessdfd
fgdsft
2010-08-04 12:27:58 lmtp(10054, tessdfdfgdsft at example.org): Debug: 
Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no
, list=yes, subscriptions=yes
2010-08-04 12:27:58 lmtp(10054, tessdfdfgdsft at example.org): Debug: 
maildir++: root=/mail/example.org/tessdfdfgdsft/Maildir, index
=, control=, inbox=/mail/example.org/tessdfdfgdsft/Maildir
2010-08-04 12:27:58 lmtp(10054, tessdfdfgdsft at example.org): Debug: 
Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, h
idden=no, list=children, subscriptions=no
2010-08-04 12:27:58 lmtp(10054, tessdfdfgdsft at example.org): Debug: 
shared: root=/var/run/dovecot, index=, control=, inbox

Looks like the "allow_all_users"-Problem from the static database. :-)
How can I tell LMTP do reject Mails to users, that doesn't exist in the 
database/LDAP?

It's much better to do this in Dovecot/LMTP then in Postfix-Relay (which 
can then use LMTP for dynamic address verification).

Peer


-- 

Heinlein Professional Linux Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de

Tel: 030-405051-42
Fax: 030-405051-19

Zwangsangaben lt. ?35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg, 
Gesch?ftsf?hrer: Peer Heinlein  -- Sitz: Berlin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot.conf
Type: text/x-c++hdr
Size: 1594 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20100804/cfedaf5e/attachment-0002.bin>

Timo Sirainen

2010-Aug-04 14:28 UTC

head link

[Dovecot] LMTP: Rejecting unknown users

On Wed, 2010-08-04 at 15:37 +0200, Peer Heinlein wrote:> user_attrs = 
>
=home=/mail/%d/%n,=uid=10000,=gid=10000,jpberlinMailQuota=quota_rule=*:storage=%$B
> user_filter = (email=%u)
Looks ok..
> Unfortunately, LMTP accepts mail for *all* users, even for those users, 
> that doesn't exist in LDAP at all:
Shouldn't happen..
> 2010-08-04 12:27:58 auth: Debug: master in: USER        1       
> tessdfdfgdsft at example.org       service=lmtp    lip=(null)      r
> ip=(null)
The lip=(null) rip=(null) here is a bug (fixed by
http://hg.dovecot.org/dovecot-2.0/rev/10c4c9d5fb5b) but I don't think
that matters.
> 2010-08-04 12:27:58 auth: Debug: 
> ldap(tessdfdfgdsft at example.org,0.0.0.0): user search: 
> base=xxxxxxxxxxxxxxxxxxx
> 2010-08-04 12:27:58 auth: Debug: 
> ldap(tessdfdfgdsft at example.org,0.0.0.0): no fields returned by the 
> server
> 2010-08-04 12:27:58 auth: Debug: master out: USER       1       
> tessdfdfgdsft at example.org       home=/mail/example.org/tessdfdfgd
> sft    uid=10000       gid=10000
It looks like LDAP still sent a reply. Otherwise it would do that it
does with me:

Aug 04 15:24:57 auth: Debug: Loading modules from directory:
/usr/local/lib/dovecot/auth
Aug 04 15:24:57 auth: Debug: master in: USER	1	tss at example.com	service=lmtp
lip=::1	rip=::1
Aug 04 15:24:57 auth: Debug: ldap(tss at example.com,::1): user search:
base=ou=people,dc=example,dc=com scope=subtree filter=(mail=tss at example.com)
fields=uidNumber
Aug 04 15:24:57 auth: Info: ldap(tss at example.com,::1): unknown user
Aug 04 15:24:57 auth: Debug: master out: NOTFOUND	1

BTW. You should be able to test this more easily with "doveadm user
foo at example.org". It should also return "unknown user".

Seemingly Similar Threads

Search for more seemingly similar threads

dovecot - Aug 2010 - LMTP: Rejecting unknown users

[Dovecot] LMTP: Rejecting unknown users

[Dovecot] LMTP: Rejecting unknown users

Seemingly Similar Threads