dovecot - Feb 2014 - Hybrid of linux user accounts and virtual user accounts configuration

So some system users have their email forward to 
Maildir in their /home/user directory 
(virtual_alias_maps) for their domain 
. This I 
have working! And the rest are non-system users, 
ie virtual users listed in a plain text file and 
their MailDir will be in /home/vmial/domain.com/user/

The virtual user part is working 100% with 
postfix and dovecot accepting mail for each 
virtual alias and system account holders popping in to retrieve their mail.

The second part is working 50%.  I have email for 
virtual users going into 
/home/vmail/domain.com

  where they are supposed 
to go.  Now, I am very confused on how to 
configure dovecot to allow folks without system 
accounts to login and retrieve their email.  I 
have been going through one guide after 
another.  When I start changing things I break 
the first working part, the system accounts being 
able to get their mail.  Changes to dovecot.conf 
to get the second working negatively impact the first.

Also, a lot of documentation is out of date, which further complicates matters.

Postfix/Dovecot:
Postfix version: 2.6.6
Dovecot version: 2.0.9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 12 Feb 2014, Derek Winterstien wrote:
> The virtual user part is working 100% with postfix and dovecot accepting
mail
> for each virtual alias and system account holders popping in to retrieve 
> their mail.
So that probably means that you've added an userdb for the virtual users.
We don't know without doveconf -n output.
> The second part is working 50%.  I have email for virtual users going into 
> /home/vmail/domain.com??  where they are supposed to go.  Now, I am very 
> confused on how to configure dovecot to allow folks without system accounts
> to login and retrieve their email.  I have been going through one guide
after
> another.  When I start changing things I break the first working part, the 
> system accounts being able to get their mail.  Changes to dovecot.conf to
get
> the second working negatively impact the first.
Add yet another passdb section behind the already existing one, as you've 
did with the userdb for the virtual users.

This doc is not out-of-date:
http://wiki2.dovecot.org/Authentication/MultipleDatabases

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvyem3D1/YhP6VMHAQIPYAf7BFfI89/heEhgl/N1tsn9KCPdfBPAXnLR
JKpCNGHPZqxro1dW5knoGtoeRIsG1AIV9jj8wFjcK59LmJBpPg79iPhDM0beU+Uf
cOJ3phKjgLkQkbX0TnwOBcFYbCkzalNcmXO2egef5Bvh1RHtejj0JSM7Dzu5b+FR
OV91RI3UFPa0FZFPcSgE6sqxOXRo70uNTdAVKF+0sFGuNHmtK4OfgvWFzPRdDeRT
u/c9fzjODHH8PEJAvo7jABt6xqkGul1QcLn/FaDQbILFY2YBisger7AcswTcQlbU
+8qzuPwx29spjlr5Iwjz8TjtXks0vbyhlkSn+YwbYS8hlF/2Xg8L3Q==Lhvh
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 12 Feb 2014, Derek Winterstien wrote:
> The virtual user part is working 100% with postfix and dovecot accepting
mail
> for each virtual alias and system account holders popping in to retrieve 
> their mail.
So that probably means that you've added an userdb for the virtual users.
We don't know without doveconf -n output.
> The second part is working 50%.  I have email for virtual users going into 
> /home/vmail/domain.com??  where they are supposed to go.  Now, I am very 
> confused on how to configure dovecot to allow folks without system accounts
> to login and retrieve their email.  I have been going through one guide
after
> another.  When I start changing things I break the first working part, the 
> system accounts being able to get their mail.  Changes to dovecot.conf to
get
> the second working negatively impact the first.
Add yet another passdb section behind the already existing one, as you've 
did with the userdb for the virtual users.

This doc is not out-of-date:
http://wiki2.dovecot.org/Authentication/MultipleDatabases

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvyem3D1/YhP6VMHAQIPYAf7BFfI89/heEhgl/N1tsn9KCPdfBPAXnLR
JKpCNGHPZqxro1dW5knoGtoeRIsG1AIV9jj8wFjcK59LmJBpPg79iPhDM0beU+Uf
cOJ3phKjgLkQkbX0TnwOBcFYbCkzalNcmXO2egef5Bvh1RHtejj0JSM7Dzu5b+FR
OV91RI3UFPa0FZFPcSgE6sqxOXRo70uNTdAVKF+0sFGuNHmtK4OfgvWFzPRdDeRT
u/c9fzjODHH8PEJAvo7jABt6xqkGul1QcLn/FaDQbILFY2YBisger7AcswTcQlbU
+8qzuPwx29spjlr5Iwjz8TjtXks0vbyhlkSn+YwbYS8hlF/2Xg8L3Q==Lhvh
-----END PGP SIGNATURE-----

Hi Derek, 

I have done this in reverse order.   I used a short howto with  users in LDAP. 
It uses an an LDAP schema called iredmail.schema that lets me create virtual
domains and mail users that aren't posix users.   I have my  posix users
under ou=users and my virtual users under ou=domains.  Haven't setup mail
delivery yet but the lda will need some sort of setuid access to write mail to
the user folders.

Hope this helps ...

Murray



On 13 February 2014 11:34:04 AM AWST, Derek Winterstien <14dovecotml at
robotz.com> wrote:
>So some system users have their email forward to 
>Maildir in their /home/user directory 
>(virtual_alias_maps) for their domain 
>. This I 
>have working! And the rest are non-system users, 
>ie virtual users listed in a plain text file and 
>their MailDir will be in /home/vmial/domain.com/user/
>
>The virtual user part is working 100% with 
>postfix and dovecot accepting mail for each 
>virtual alias and system account holders popping in to retrieve their
>mail.
>
>The second part is working 50%.  I have email for 
>virtual users going into 
>/home/vmail/domain.com
>
>  where they are supposed 
>to go.  Now, I am very confused on how to 
>configure dovecot to allow folks without system 
>accounts to login and retrieve their email.  I 
>have been going through one guide after 
>another.  When I start changing things I break 
>the first working part, the system accounts being 
>able to get their mail.  Changes to dovecot.conf 
>to get the second working negatively impact the first.
>
>Also, a lot of documentation is out of date, which further complicates
>matters.
>
>Postfix/Dovecot:
>Postfix version: 2.6.6
>Dovecot version: 2.0.9
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Feb 2014, Murray Trainer wrote:
> Haven't setup mail delivery yet but the lda will need some sort of 
> setuid access to write mail to the user folders.
That's one reason I switched to LMTP at last.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvzdY3D1/YhP6VMHAQLU2Qf/fG7jf1pu64axgR45wm3n5LUc46Wa8IK3
vEfJMlwD9/ri/gCnFZVmV+nEmYMUKAowLfQbIPFY4aFbhjLfHA16B6FTZplpni7+
XppI2JYLHeRZVcE7inc9lxIv1OFyCo1bFE7yw3eTRffLPwA980IxCsNG3u6xlUvt
zJmBsfYTvsMHjppxKDWP8f6Mnq0ST3K7ZJMIi3KTixOBDTSX1uIB/0i7LDSuBTqf
mvEm9XXrKurF6nJLrnGxLesJDYHFT1eOYTte1FNE0GUpFrhu12XaVOP8XF2TlEMe
zkNfKXYfgRgRClOeOfylw2WeJajoGIL9IrHiBw/G2bOlUDpa7qaSFQ==+wUY
-----END PGP SIGNATURE-----

Hello again.  I have my virtual users working now.  Postfix delivers 
mail, and dovecot retrieves it for pop and imap users in the virtual 
user database.  Just one more thing though, it is understood that 
dovecot is going to ask pam to check first for a unix account, which 
will fail, then dovecot tries the virtual user text file, and 
succeeds when the user is located.  However, the pam error generated 
in the secure log is ugly.

auth: pam_succeed_if(dovecot:auth): error retrieving information about user foo

I would like to suppress this error, only when dovecot succeeds from 
the virtual user text file.  However, still report the pam error when 
no valid user exists in either.  Is this possible?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Feb 2014, Derek Winterstien wrote:
> and dovecot retrieves it for pop and imap users in the virtual user
database.
> Just one more thing though, it is understood that dovecot is going to ask
pam
> to check first for a unix account, which will fail, then dovecot tries the 
> virtual user text file, and succeeds when the user is located.  However,
the
> pam error generated in the secure log is ugly.
>
> auth: pam_succeed_if(dovecot:auth): error retrieving information about user
> foo
>
> I would like to suppress this error, only when dovecot succeeds from the 
> virtual user text file.  However, still report the pam error when no valid 
> user exists in either.  Is this possible?
change the order of passdb {} sections.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUv3UDXD1/YhP6VMHAQK3uQf+N/Px+8tpuu4KX7kv/ND45h75zCN0/2Vq
28eAdKFeSAsKI0Swq6hWFjoK9+oDB8mGo2sXtsIZwHT54V2cTGcZqxZfptBTvJSF
URE9kO7togLgwnzKrnwIfmFHwZkFb/vvphHWYe+/E5v8m8J6rsoGrRCB2+mk47H8
rmvYd2zd7CJmOsesRqOqEhzktDBATrYjJsJnkZ9ILW487M7Br6yZA62w0QqzkL59
nvhYcrP0SQlqr6DBDnv6zrp7Z1v6BgwP5Tsidt/Qi21sTO3W9tFcSbtJ7C6u+cP9
fa/mODX3SD9WJRY23rd7b4awdCQdEjJn7RyL0hKiG4cOH7Xn7PLNOg==pmmi
-----END PGP SIGNATURE-----