Re: Postfix & Dovecot LDA

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Postfix & Dovecot LDA

Jens Dönhoff-3
Hi.

I know, this is a pretty old thread, but since I just ran into similar
problems while setting up my one-user-per-virtual-domain postfix +
multi-instance-dovecot/-lda, I thought I might share my "fix" in this
related  (and most useful) thread.

My setup might not be used often - I am running two dovecot instances
(on different IP addresses on the same server, in case you're
wondering), with the first instance exporting the auth-master socket. I
am using different UID/GIDs for my virtual domains/mailboxes. I
couldn't get postfix setgid accordingly when callig deliver, and I
didn't want to use SUID on deliver.
The versions I am using are:

dovecot 1.0.13
postfix 2.3.8


My first dovecot instance is using:

auth default {
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }
  }
}

The other is using:

protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
}

And my postfix's master.cf is:

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
${sender} -d ${recipient}

dovecot-other unix -    n       n       -       -       pipe
  flags=DRhu user=vmail-other:vmail-other argv=/usr/lib/dovecot/deliver
-c /etc/dovecot/other/dovecot.conf -f ${sender} -d ${recipient}


My fix is: I use filesystem ACLs and just set the ACLs of the
auth-master socket after starting the first dovecot instance (which
creates the socket).
I.e. I run after starting dovecot (and waiting for a second...):

setfacl -m u:vmail-other:rw /var/run/dovecot/auth-master


This works only for filesystems with ACL support, of course. I use
setfacl with ext2/3; other filesystem ACL tools might differ.

Oh, and thanks for dovecot and this supportive mailinglist btw. (even
though this is my first post: hi everyone :) )

Greetings,

Jens