I want to use a separate passed for the unix_listener (postfix smtp-auth) so i can limit access to the smtp server by user/domain using the postfixadmin database. I want to let users access map to receive email but not be able to send. Any ideas? Thanks Damon
You can have a separate dovecot instance for smtp-auth and use that
socket in postfix config.
Just use a small config like the one below for the "auth only
instance"
and fire it up with "dovecot -F -c /etc/dovecot/dovecot-auth.conf"
you can then copy and adapt the systemd script or what ever to start it
automatically. in that sql-conf you just need a password_query, no
user_query.
---
base_dir = /var/run/dovecot-auth
instance_name = dovecot-auth
passdb {
driver = sql
args = /etc/dovecot/dovecot-auth-sql.conf.ext
}
# disable listeners
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 0
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service auth {
unix_listener auth-userdb {
#mode = 0666
#user #group = virtual_mail
}
# Postfix smtp-auth socket
unix_listener /var/spool/postfix/private/auth-smtp {
mode = 0660
group = virtual_mail
}
# Auth process is run as this user.
#user = $default_internal_user
}
---
On 06.10.2015 17:53, Damon wrote:> I want to use a separate passed for the unix_listener (postfix smtp-auth)
so i can limit access to the smtp server by user/domain using the postfixadmin
database.
> I want to let users access map to receive email but not be able to send.
>
> Any ideas?
>
> Thanks
> Damon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 6 Oct 2015, Damon wrote:> I want to use a separate passed for the unix_listener (postfix smtp-auth) so i can limit access to the smtp server by user/domain using the postfixadmin database. > I want to let users access map to receive email but not be able to send.I use %s / %{service} to distinguish SMTP from other requests in the query. It depends on the capability of your passdb, however. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVhTUuHz1H7kL/d9rAQI80Af+MS/YrNsqpxmHiRRgVLrwJBE3rI9M/w6O CFCBQRShvKKtUU6Z0gmFJJB/PqS0I/UXaPImJNAvjD6lQqwRJE+eMKWZZIisdZ8j dhZVtDlwuMMcp+Xs0tkNkMWsHz2t0wGWiqhVl1WQdHpSeHORF4JOXXOaGCDw+PHM iVw16ekiDaVipQViso3bsVtY9S3hRQTBMdffqKQnJS3Igq6kDS8HIuZ2K50KtarH vjr49b/wpst6s4mg51ZaEbv5n/w2kAWlE/gTYSYENPsyG04oHNRLUQrLQLKM/w0o wgPnoKbt3QV4v6AEj5U+vhiKEFQKx11G5VqrxFXAOS2dLsSFPrT5KQ==DV+5 -----END PGP SIGNATURE-----