> On 08/09/2022 02:00 EEST Tom <tom at foscore.com> wrote: > > > As you can see in this snip of the maillog, the domain part of the username is being stripped away: > > Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): Performing userdb lookup > Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): lookup > Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): username changed gumby at example.com -> gumby > Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby,10.0.0.70,<YlSArw3oaqoKAABG>): Finished userdb lookup > > This means that my mail_location will fail since it stores mail by user and domain. dovecot -n: > > # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf > # OS: Linux 5.19.6-200.fc36.x86_64 x86_64 Fedora release 36 (Thirty Six) > # Hostname: vaj.example.com > auth_debug = yes > auth_default_realm = EXAMPLE.COM > auth_gssapi_hostname = $ALL > auth_krb5_keytab = /etc/dovecot/dovecot-krb5.keytab > auth_mechanisms = gssapi login plain > auth_realms = example.com > auth_username_format = %u > auth_verbose = yes > debug_log_path = /var/log/dovecot/debug > info_log_path = /var/log/dovecot/info > log_path = /var/log/dovecot/error > log_timestamp = "%Y.%m.%d %H:%M:%S " > mail_debug = yes > mail_location = maildir:%h/Maildir/%d > mbox_write_locks = fcntl > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix > } > passdb { > driver = pam > } > ssl = no > ssl_cert = </etc/pki/dovecot/certs/dovecot.pem > ssl_cipher_list = PROFILE=SYSTEM > ssl_key = # hidden, use -P to show it > userdb { > driver = passwd > } > userdb { > driver = passwd > override_fields = mail=maildir:%h/Maildir/%d > } > verbose_ssl = yes > > How can I get around this issue? I need mailboxes stored by user/domain.I don't see how in this config you can even have multiple domains? Using passwd ensures that all users are accepted for all domains, because it will only look at local username part. Aki
On 2022-09-08 02:59, Aki Tuomi wrote:>> On 08/09/2022 02:00 EEST Tom <tom at foscore.com> wrote: >> As you can see in this snip of the maillog, the domain part of the username is being stripped away: >> >> Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): Performing userdb lookup >> Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): lookup >> Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby at example.com,10.0.0.70,<YlSArw3oaqoKAABG>): username changed gumby at example.com -> gumby >> Sep 6 23:12:40 vaj dovecot[114637]: auth-worker(114662): Debug: conn unix:auth-worker (pid=114660,uid=97): auth-worker<2>: passwd(gumby,10.0.0.70,<YlSArw3oaqoKAABG>): Finished userdb lookup>> How can I get around this issue? I need mailboxes stored by user/domain. > I don't see how in this config you can even have multiple domains? Using passwd ensures that all users are accepted for all domains, because it will only look at local username part.I'm already using this setup without GSSAPI. Each user can have email addresses in multiple domains. Validating email addresses is done by FreeIPA in this case, or LDAP in my prior setup. Maybe I need to use another driver.