How to make dovecot password independent of server password?

dovecot

Solution 1:

Dovecot conceptually separates user account information into two databases:

  • The user database contains everything Dovecot needs except for the password.
  • The password database contains (encrypted) user passwords.

You can have multiple databases of each type, and Dovecot will use the first one with a matching entry. There are several database backends, and you can choose different backends for the user and password databases. For example, you could use SQL for the user database and a flat passwd-like file for the password database.

In your case, it sounds like you want to configure Dovecot to use all of the normal system user information except for the password. This is a pretty common situation, as described in the System Users wiki page:

Admins often wish to use different passwords for IMAP and POP3 than for other services (eg. SSH), because IMAP and POP3 clients often send the password unencrypted over the internet without even bothering to give users any warnings. Dovecot can easily support non-system passwords for system users.

[...]

If you wish to use non-system passwords, you can use pretty much any of the Dovecot's password databases, but for simple installations you'll probably want to use passwd-file.

User database for system users is always passwd.

Here's a concrete example of how you would set it up. In your /etc/dovecot/dovecot.conf you would put something like this:

passdb {
  driver = passwd-file
  args = /etc/dovecot/passwd
}
userdb {
  driver = passwd
}

and your /etc/dovecot/passwd file would contain a line like this:

root:{CRYPT}zVQDPzjspy126

The above configuration tells Dovecot to look in /etc/dovecot/passwd for password information (and only root is present so only that user would be able to log in) and look in the system user database for everything else.

See this answer for how to generate the encrypted password field in your /etc/dovecot/passwd file.

Solution 2:

You want so called virtual users - some separate accounts that are not interfere with system ones. There is lot of backends possible - plain files, SQL servers, LDAP and so on. The only suggestion - use dovecot-auth within postfix to deal with single authorization backend.

Related

Password replication across AD sites
Merge Logical Volume groups
How to find what processes were running at a time in the past?
why bind9 gives connection refused for permission denied error when it is 777
Ubuntu upgrade from 14.04 LTS to 16.04 failed - mysql-server-5.7 dependecies fail
Partition resize [duplicate]
Ubuntu 17.04 slow boot on SSD with dual boot
Install the correct Nvidia driver version for NVIDIA CUDA Toolkit
HP Pavilion G6 1209 temperature higher than usual and fan working in 11.10
Tor "Failed to parse/validate config"
Brother's scanner is not working on Ubuntu 12.10 32-bits
ubuntu 15.10, trendnet TEW-648UBM, internet drops