Log in with domain alias

Anonymous
2012-01-17
2013-01-23

  • Anonymous
    2012-01-17

    Posting this in forums rather than feature requests since I doubt there is much demand for this to be patched into the docs.

    Up until users started complaining recently I didn't even know that they were permitted to log in with domain aliases on our old qmail servers, so I've re-written the dovecot-mysql.conf password-query to allow for users to use any active domain alias for login.

    password_query = SELECT DISTINCT mb.username as user, mb.password AS password, concat('/usr/local/mail/domains/', mb.maildir) as userdb_home, concat('maildir:/usr/local/mail/domains/', mb.maildir) as userdb_mail, FROM mailbox mb LEFT JOIN alias_domain ad ON mb.domain = ad.target_domain AND ad.active = 1 WHERE ((mb.username = '%u') OR (mb.local_part = '%n' AND ad.alias_domain = '%d')) AND mb.active = 1
    

    I've trimmed out most of my specific config, and you may need to add your own. The main bit that is necessary for this to work is after the FROM statement. Here it is with better formatting:

    FROM mailbox mb LEFT JOIN alias_domain ad
        ON mb.domain = ad.target_domain
            AND ad.active = 1
    WHERE
        (
            (mb.username = %u)
            OR (mb.local_part = %n AND ad.alias_domain = %d)
        ) AND mb.active = 1
    

    Where %u is the full 'user@domain' username, %n is the 'user' part, and '%d' is the domain part. [doc]

    Also, I've found that the user_query does not need modification, it appears to use the 'username' field retrieved in the password_query.

     

  • Anonymous
    2012-01-19

    I should also have noted that this only allows login through dovecot, ie. IMAP and POP connections, not into postfixadmin itself. Postfixadmin processes logins separately through PHP/mySQL, so users will still need to log in using the root/authoritative domain.

     
  • Martijn
    Martijn
    2012-12-07

    Thanks, this was exactly what I was looking for.

    Adding to that: this also works perfectly well if you have Postfix, use SMTP-AUTH, and do authentication over a dovecot socket. I have this set up to make it work in /etc/postfix/main.cf:
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    Users logging in to Postfix for SMTP-AUTH will now have usernames with alias domains accepted.