Hi!
I'm using static results in LDAP-lookups:
uris = ldap://127.0.0.1
dn = xxxxxxxxxxxxx
dnpass = xxxxxxxxxxxx
tls = no
ldap_version = 3
base = xxxxxxxxxxxxxxxxx
user_attrs =
=home=/mail/%d/%n,=uid=10000,=gid=10000,jpberlinMailQuota=quota_rule=*:storage=%$B
user_filter = (email=%u)
pass_attrs = userPassword=password
pass_filter = (email=%u)
default_pass_scheme = PLAIN
Unfortunately, LMTP accepts mail for *all* users, even for those users,
that doesn't exist in LDAP at all:
010-08-04 12:27:58 auth: Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
2010-08-04 12:27:58 auth: Debug: auth client connected (pid=10049)
2010-08-04 12:27:58 lmtp(10054): Debug: none: root=, index=, control=,
inbox=
2010-08-04 12:27:58 auth: Debug: master in: USER 1
tessdfdfgd...@example.org service=lmtp lip=(null) r
ip=(null)
2010-08-04 12:27:58 auth: Debug:
ldap(tessdfdfgd...@example.org,0.0.0.0): user search:
base=xxxxxxxxxxxxxxxxxxx
2010-08-04 12:27:58 auth: Debug:
ldap(tessdfdfgd...@example.org,0.0.0.0): no fields returned by the
server
2010-08-04 12:27:58 auth: Debug: master out: USER 1
tessdfdfgd...@example.org home=/mail/example.org/tessdfdfgd
sft uid=10000 gid=10000
2010-08-04 12:27:58 lmtp(10054): Debug: auth input:
tessdfdfgd...@example.org home=/mail/example.org/tessdfdfgdsft
uid=10000 gid=
10000
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Effective uid=10000, gid=10000, home=/mail/example.org/tessdfd
fgdsft
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no
, list=yes, subscriptions=yes
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
maildir++: root=/mail/example.org/tessdfdfgdsft/Maildir, index
=, control=, inbox=/mail/example.org/tessdfdfgdsft/Maildir
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, h
idden=no, list=children, subscriptions=no
2010-08-04 12:27:58 lmtp(10054, tessdfdfgd...@example.org): Debug:
shared: root=/var/run/dovecot, index=, control=, inbox=
Looks like the "allow_all_users"-Problem from the static database. :-)
How can I tell LMTP do reject Mails to users, that doesn't exist in the
database/LDAP?
It's much better to do this in Dovecot/LMTP then in Postfix-Relay (which
can then use LMTP for dynamic address verification).
Peer
--
Heinlein Professional Linux Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de
Tel: 030-405051-42
Fax: 030-405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
# 2.0.rc3 (d5a923df60d4): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-ac x86_64 Debian 5.0.5
auth_debug = yes
auth_mechanisms = plain login cram-md5 digest-md5 apop
auth_username_translation = %Lu
auth_verbose = yes
debug_log_path = /tmp/log
disable_plaintext_auth = no
listen = *
log_timestamp = %Y-%m-%d %H:%M:%S
mail_debug = yes
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest
namespace {
inbox = yes
list = yes
location =
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
list = children
location = maildir:%%h:INDEX=~/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 10
}
protocols = lmtp imap
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
verbose_proctitle = yes
