On Sun, 2007-09-09 at 14:57 -1000, Julian Cowley wrote: > password_query = SELECT username AS user, password, NULLIF(access != 0, 1) AS > nologin, 'Access not allowed for this account' AS reason FROM mailbox WHERE > username = '%u' .. > While this second query works correctly with IMAP and POP authentication, > it does not work with Postfix SMTP AUTH. Assuming the password is > correct, the user is authenticated even when "access" is zero. It seems > that either Postfix and/or dovecot-auth (I'm not sure which) is ignoring > the "nologin" field in this case.
The "nologin" is kind of a hack. I don't think Postfix should even support it. The correct way to implement this would be to use something like: SELECT username AS user, password, if(access!=0, NULL, 'Access not allowed') AS reason WHERE username = '%u' AND access != 0; This should fix Postfix, but I think Dovecot v1.0 doesn't like it then (v1.1 does). If it doesn't, you can kludge around it with returning "nologin" and: .. AND (access != 0 or '%s' != 'smtp')
signature.asc
Description: This is a digitally signed message part
