Thank you for your advice! I have it working now, by changing the second
passdb to static.
I was not able to give arbitrary names to my two passdbs though; it
seems that Dovecot expects names of mechanisms like "passwd-file" or
"static", or else it doesn't work. Unless I'm doing something wrong,
anyway. But if I'm correct, that means that Dovecot 2.4.1 is going to
have trouble if you need to consult multiple passwd-files.
Here is what worked for me:
passdb passwd-file {
passwd_file_path = /vmail/Maildir/passwdfile
passdb_result_success = return-ok
passdb_result_failure = continue-fail
}
passdb static {
fields {
nopassword = yes
allow_nets = xxx.xxx.xxx.xxx/32
}
passdb_result_success = return-ok
passdb_result_failure = return-fail
}
On 11/13/2025 7:18 AM, Aki Tuomi via dovecot wrote:
On 13/11/2025 14:05 EET Lou Duchez via dovecot <[email protected]> wrote:
I recently upgraded from 2.3 to 2.4.1, a little unwillingly (thanks
Fedora), and I've almost got 2.4.1 working on my failover mail server.
The failover server's job is, if the main mail server is inaccessible,
mail gets delivered to the failover instead. Then the main server will
retrieve mail from the failover server when it can.
This has worked very well for many years. The way I implemented it was,
I had two passdb's on the failover server: one for ordinary users who
might need to access the failover server directly (login and password
required), and one so that the main mail server could grab mail from the
failover server (no password required). This broke when I went to 2.4.1;
now, no matter what I do, Dovecot honors only one of the passdbs.
Here is the configuration as it stands now. The intention is that, if
the user properly authenticates with the first passdb, they're
authenticated and the second passdb isn't consulted. But if the user
doesn't authenticate with the first passdb, Dovecot moves on to the
second passdb.
# the passdb for normal users to check their mail on the failover server
passdb passwd-file {
passwd_file_path = /vmail/Maildir/passwdfile
passdb_result_success = return-ok
passdb_result_failure = continue-fail
}
# the passdb for the main server to grab mail from the failover server
passdb passwd-file {
passwd_file_path = /vmail/Maildir/passwdfile
passdb_skip = authenticated
fields {
nopassword = yes
allow_nets = xxx.xxx.xxx.xxx/32
}
passdb_result_success = return-ok
passdb_result_failure = return-fail
}
As explained in
https://doc.dovecot.org/2.4.1/installation/upgrade/2.3-to-2.4.html you need to
give unique names to passdb.
So basically
passdb user-failover-passwd {
driver = passwd-file
passwd_file_path = /vmail/Maildir/passwdfile
result_success = return-ok
result_failure = continue-fail
}
passdb server-to-failover {
passwd_file_path = /vmail/Maildir/passwdfile
skip = authenticated
fields {
nopassword = yes
allow_nets = xxx.xxx.xxx.xxx/32
}
result_success = return-ok
result_failure = return-fail
}
fwiw i would use static password for the second passdb instead of nopassword +
allow_nets.
Aki
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
