From 1988a3dea8297735e8a333548815f28bff509107 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Wed, 7 Mar 2018 18:15:08 +0800 Subject: mail/dovecot: use both passdb and userdb files to support user aliases --- roles/mail/templates/dovecot/dovecot.conf.j2 | 63 +++++++--------------------- 1 file changed, 15 insertions(+), 48 deletions(-) (limited to 'roles/mail/templates/dovecot/dovecot.conf.j2') diff --git a/roles/mail/templates/dovecot/dovecot.conf.j2 b/roles/mail/templates/dovecot/dovecot.conf.j2 index 3f4d627..134a9fd 100644 --- a/roles/mail/templates/dovecot/dovecot.conf.j2 +++ b/roles/mail/templates/dovecot/dovecot.conf.j2 @@ -39,11 +39,6 @@ listen = *, :: # SSL/TLS is used (LOGINDISABLED capability). disable_plaintext_auth = yes -# Space separated list of realms for SASL authentication mechanisms -# that need them. You can leave it empty if you don't want to support -# multiple realms. -#auth_realms = - # Require a valid SSL client certificate or the authentication fails. #auth_ssl_require_client_cert = no @@ -59,40 +54,21 @@ disable_plaintext_auth = yes auth_mechanisms = plain login # The password database used by Dovecot to authenticate users. -# See: https://wiki2.dovecot.org/PasswordDatabase +# See: https://wiki.dovecot.org/PasswordDatabase passdb { driver = passwd-file - args = scheme=SHA512-CRYPT username_format=%u /usr/local/etc/dovecot/passwd - - # This is not a database for denied users. - deny = no - # This is not a database for master users, which can log in as - # other users. - master = no - pass = no - skip = never - result_failure = continue - result_internalfail = continue - result_success = return-ok + args = scheme=SHA512-CRYPT \ + username_format=%u \ + /usr/local/etc/dovecot/passdb } # User database, which will be looked up to obtain user's information # after the user has been successfully authenticated. The userdb lookup # is also done by LDA to find out how to deliver mails for the user. -# -# Dovecot doesn't need to verify the username or the password. -# -# See: https://wiki2.dovecot.org/UserDatabase -# +# See: https://wiki.dovecot.org/UserDatabase userdb { - driver = static - # - # Set 'allow_all_users=yes' will make Dovecot ignore the user lookup - # from the userdb and entirely rely on the passdb lookup. Therefore, - # the username may be repeated to have multiple passwords, which can - # be utilized to achieve device-specific passwords. - # - args = allow_all_users=yes + driver = passwd-file + args = username_format=%n /usr/local/etc/dovecot/userdb } @@ -121,7 +97,8 @@ auth_verbose_passwords = sha1 # the client sent before any changes by auth process, to keep track of # the actual usages. # -login_log_format_elements = user=<%{orig_user}> method=%m rip=%r lip=%l mpid=%e %c +login_log_format_elements = user=<%{orig_user}> method=%m \ + rip=%r lip=%l mpid=%e %c ## @@ -129,24 +106,14 @@ login_log_format_elements = user=<%{orig_user}> method=%m rip=%r lip=%l mpid=%e ## Mailbox settings and mail handling. ## -# There are a few special variables you can use, eg.: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if there's no domain -# %h - home directory -# -# See doc/wiki/Variables.txt for full list. - -# Home directories for virtual users, where Dovecot can save user-specific -# files. Home directory shouldn't be the same as mail directory with mbox -# or Maildir formats (but with dbox/obox it's fine). +# Home for virtual users, where Dovecot can save user-specific files, +# e.g., custom Sieve filters. +# NOTE: home specified in the userdb will override this. mail_home = {{ mail.vuser.home }}/%n -# Location for users' mailboxes. The default is empty, which means that -# Dovecot tries to find the mailboxes automatically. This won't work if -# the user doesn't yet have any mail, so you should explicitly tell -# Dovecot the full location. +# Format and location for users' mailboxes. +# * '~' will be expanded to $mail_home (i.e., user's home) +# * LAYOUT=fs : use filesystem directories for mailbox folders mail_location = maildir:~/mail:LAYOUT=fs # System user and group used to access mails. If you use multiple, -- cgit v1.2.2