I tried setting the "destuser" setting on the LMTP director as
follows, to preserve the original envelope rcpt:
protocol lmtp {
auth_socket_path = director-userdb
passdb {
driver = ...
override_fields = destuser=%{orig_user}
}
}
The passdb driver would return the appropriate "user" for each alias.
Suppose, for example, user1 has emails user1 at domain.tld, but also alias1 at
domain.tld.
Now, it turns out that setting the destuser *changes* the backend. It seems that
when the passdb returns "destuser", that username is completely
ignored and the hashing of the destuser determines the backend chosen.
This is incorrect, the backend should be chosen based on the returned
"user", and the "destuser" should only be used for the
remote login (or rcpt, in case of LMTP).
I'm using version 2.2.35. The problem seems to be in lmtp/commands.c, in
client_proxy_rcpt_parse_fields, line 281-285 says:
} else if (strcmp(key, "user") == 0 ||
strcmp(key, "destuser") == 0) {
/* changing the username */
*address = value;
} ...
So it looks as if "user" and "destuser" are treated equally
in the LMTP proxy.
--
Jan-Pieter Cornet <johnpc at xs4all.net>
Systeembeheer XS4ALL Internet bv
www.xs4all.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180326/e49f13bd/attachment.sig>
On 26.03.2018 10:42, Jan-Pieter Cornet wrote:> I tried setting the "destuser" setting on the LMTP director as > follows, to preserve the original envelope rcpt: > > protocol lmtp { > ? auth_socket_path = director-userdb > ? passdb { > ??? driver = ... > ??? override_fields = destuser=%{orig_user} > ? } > } > > The passdb driver would return the appropriate "user" for each alias. > Suppose, for example, user1 has emails user1 at domain.tld, but also > alias1 at domain.tld. > > Now, it turns out that setting the destuser *changes* the backend. It > seems that when the passdb returns "destuser", that username is > completely ignored and the hashing of the destuser determines the > backend chosen. > > This is incorrect, the backend should be chosen based on the returned > "user", and the "destuser" should only be used for the remote login > (or rcpt, in case of LMTP). > > I'm using version 2.2.35. The problem seems to be in lmtp/commands.c, > in client_proxy_rcpt_parse_fields, line 281-285 says: > ??????????????? } else if (strcmp(key, "user") == 0 || > ?????????????????????????? strcmp(key, "destuser") == 0) { > ??????????????????????? /* changing the username */ > ??????????????????????? *address = value; > ??????????????? } ... > > So it looks as if "user" and "destuser" are treated equally in the > LMTP proxy. >Hi! Thanks for reporting this, we'll take a look Aki