> On 13/11/2025 14:05 EET Lou Duchez via dovecot <[email protected]> wrote: > > > I recently upgraded from 2.3 to 2.4.1, a little unwillingly (thanks > Fedora), and I've almost got 2.4.1 working on my failover mail server. > The failover server's job is, if the main mail server is inaccessible, > mail gets delivered to the failover instead. Then the main server will > retrieve mail from the failover server when it can. > > This has worked very well for many years. The way I implemented it was, > I had two passdb's on the failover server: one for ordinary users who > might need to access the failover server directly (login and password > required), and one so that the main mail server could grab mail from the > failover server (no password required). This broke when I went to 2.4.1; > now, no matter what I do, Dovecot honors only one of the passdbs. > > Here is the configuration as it stands now. The intention is that, if > the user properly authenticates with the first passdb, they're > authenticated and the second passdb isn't consulted. But if the user > doesn't authenticate with the first passdb, Dovecot moves on to the > second passdb. > > # the passdb for normal users to check their mail on the failover server > passdb passwd-file { > passwd_file_path = /vmail/Maildir/passwdfile > passdb_result_success = return-ok > passdb_result_failure = continue-fail > } > > # the passdb for the main server to grab mail from the failover server > passdb passwd-file { > passwd_file_path = /vmail/Maildir/passwdfile > passdb_skip = authenticated > fields { > nopassword = yes > allow_nets = xxx.xxx.xxx.xxx/32 > } > passdb_result_success = return-ok > passdb_result_failure = return-fail > } >
As explained in https://doc.dovecot.org/2.4.1/installation/upgrade/2.3-to-2.4.html you need to give unique names to passdb. So basically passdb user-failover-passwd { driver = passwd-file passwd_file_path = /vmail/Maildir/passwdfile result_success = return-ok result_failure = continue-fail } passdb server-to-failover { passwd_file_path = /vmail/Maildir/passwdfile skip = authenticated fields { nopassword = yes allow_nets = xxx.xxx.xxx.xxx/32 } result_success = return-ok result_failure = return-fail } fwiw i would use static password for the second passdb instead of nopassword + allow_nets. Aki _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
