If nothing worked still, you might try using sql e.g. as first passdb
method for main server and passwd file for failover server, refer to this
https://doc.dovecot.org/2.3/configuration_manual/authentication/multiple_authentication_databases/
Zak.
On 2025-11-13 12:05, Lou Duchez via dovecot wrote:
> I recently upgraded from 2.3 to 2.4.1, a little unwillingly (thanks
Fedora), and I've almost got 2.4.1 working on my failover mail server. The
failover server's job is, if the main mail server is inaccessible, mail
gets delivered to the failover instead. Then the main server will retrieve
mail from the failover server when it can.
>
> This has worked very well for many years. The way I implemented it was,
I had two passdb's on the failover server: one for ordinary users who
might need to access the failover server directly (login and password
required), and one so that the main mail server could grab mail from the
failover server (no password required). This broke when I went to 2.4.1;
now, no matter what I do, Dovecot honors only one of the passdbs.
>
> Here is the configuration as it stands now. The intention is that, if
the user properly authenticates with the first passdb, they're
authenticated and the second passdb isn't consulted. But if the user
doesn't authenticate with the first passdb, Dovecot moves on to the second
passdb.
>
> # the passdb for normal users to check their mail on the failover server
> passdb passwd-file {
> passwd_file_path = /vmail/Maildir/passwdfile
> passdb_result_success = return-ok
> passdb_result_failure = continue-fail
> }
>
> # the passdb for the main server to grab mail from the failover server
> passdb passwd-file {
> passwd_file_path = /vmail/Maildir/passwdfile
> passdb_skip = authenticated
> fields {
> nopassword = yes
> allow_nets = xxx.xxx.xxx.xxx/32
> }
> passdb_result_success = return-ok
> passdb_result_failure = return-fail
> }
>
> As things stand now, Dovecot always moves on to the second passdb and
authenticates the user, or not, according to the outcome of the second
passdb. The outcome of the first passdb does not seem to matter.
>
> Curiously, if I comment out the second passdb, the first passdb
authenticates users as expected.
>
> I've tried all kinds of gyrations with passdb_result_success and
passdb_result_failure, and none of them seem to work. The options I have
there right now are, to the best of my knowledge, the ones that best match
the flow I want to be seeing.
>
> There's a chance there's a bug in 2.4.1, but I bet I'm doing something
wrong. What am I doing wrong?
>
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
