lists at mlserv.org
2019-Sep-03 08:07 UTC
Different passdb backends for different services
Hi, as Dovecot supports submission, which is the sending direction, I am interested to know, if I can configure a separate passdb backend just for submission. I habe LDAP attributes that differ sending or receiving permissions. It would be nice, if I had a second passdb backend just for submission, which has a LDAP filter for locking this service. Example for IMAP, POP3, Sieve: (&(mail=%s)(mailAllowIncoming=TRUE)) Example for Submission: (&(mail=%s)(mailAllowOutgoing=TRUE)) Use case is to lock compromised accounts that send spam. An operator can notify the account owner by placing a warning messegae into his/her mailbox. Is this possible? Thanks in advance Christian
> On 3 Sep 2019, at 11.07, R.N.S. via dovecot <dovecot at dovecot.org> wrote: > > Hi, > > as Dovecot supports submission, which is the sending direction, I am interested to know, if I can configure a separate passdb backend just for submission. > > I habe LDAP attributes that differ sending or receiving permissions. It would be nice, if I had a second passdb backend just for submission, which has a LDAP filter for locking this service. > > > Example for IMAP, POP3, Sieve: > > (&(mail=%s)(mailAllowIncoming=TRUE))protocol imap { passdb { ... } }> > > Example for Submission: > > (&(mail=%s)(mailAllowOutgoing=TRUE))protocol submission { passdb { ... } } etc. Sami
lists at mlserv.org
2019-Sep-03 16:08 UTC
Different passdb backends for different services
> Am 03.09.2019 um 10:54 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>: > > > >> On 3 Sep 2019, at 11.07, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> Hi, >> >> as Dovecot supports submission, which is the sending direction, I am interested to know, if I can configure a separate passdb backend just for submission. >> >> I habe LDAP attributes that differ sending or receiving permissions. It would be nice, if I had a second passdb backend just for submission, which has a LDAP filter for locking this service. >> >> >> Example for IMAP, POP3, Sieve: >> >> (&(mail=%s)(mailAllowIncoming=TRUE)) > > protocol imap { > passdb { > ... > } > } > > >> >> >> Example for Submission: >> >> (&(mail=%s)(mailAllowOutgoing=TRUE)) > > protocol submission { > passdb { > ... > } > }I tried this, but I have done something wrong probably. I added this to 20-imap 20-pop 20-managesieve and 20-submission. Always in the protocol sections. I also disabled the passdb section from the auth-ldap.conf.ext in 10-auth and left over the userdb part. Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. my pid=16106, input bytes=0 Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. my pid=16107, input bytes=0 Can somebody tell me which "things" need the userdb and which the passdb sections? I am a little bit confused. Or do I have to add the above lines and is some inheritance working here? Thanks in advance Christian