Using a separate passdb per service

Gerry ml at x-net.be
Fri Aug 7 16:04:50 UTC 2015 

Situation: one front-facing server running Dovecot as IMAP/POP3/
ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...)
in the back-end. Dovecot's passdb does lookups against MySQL which
contains a simple user/host mapping, the actual authentication happens
on the back-end IMAP servers. The configuration is more or less as
described here: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

Now I would like to add a Postfix instance on the front-facing server
which listens on the submission port and authenticates users via SASL
using the local Dovecot's UNIX socket. The idea being that a user only
needs to remember one single hostname, one username and one password
for all mail-related services.

The problem is that Dovecot is operating in proxy mode, which means
that the password_query returns NULL as the password and explicitly
returns a field "nopasswd" containing "Y". Thus, users can not
authenticate against the UNIX socket.

What I think I want to do is convince Dovecot to use one passdb for the
imap/pop3/managesieve services and different one for the "auth" service.

The configuration snippet below doesn't work, but it should illustrate
what I want to achieve:

> protocols = imap pop3 sieve
> 
> service auth {
>     passdb sql {
>         driver = sql
>         args = /etc/dovecot/mysql-auth-sasl.conf.ext
>     }
> 
>     unix_listener /var/spool/postfix/private/auth {
>         user = postfix
>         group = postfix
>         mode = 0666
>     }
> }
> 
> # IMAP/POP3/ManageSieve auth against MySQL
> passdb sql {
>     driver = sql
>     args = /etc/dovecot/mysql-auth-default.conf.ext
> }

Example mysql-auth-sasl.conf.ext

> driver = mysql
> connect = host=127.0.0.1 dbname=mail user=mail password=somethingrandom
> password_query = SELECT password AS password FROM users WHERE login = '%u'

Example mysql-auth-default.conf.ext:

> driver = mysql
> connect = host=127.0.0.1 dbname=mail user=mail password=somethingrandom
> password_query = SELECT NULL AS password, 'Y' as nopassword, host, 'Y' AS proxy FROM users WHERE login = '%u'

Any pointers?

Gerry

More information about the dovecot mailing list