Thanks for the link. I am using Debian on this server. I noticed that there is an option in authdaemon for authpam; this made me think that it should be able to use the shell accounts on the system.
Perhaps I am being overly paranoid, but doesn't it seem dangerous that this is taking user input and passing that data in a SQL query? Consider this line from the article you linked:
query = SELECT quota FROM mailbox WHERE username='%s'
What if the domain were linuxquestions.org and I sent an email to millergroup';DROP/**/DATABASE/**/postfix;--@linuxquestions.org
? Seeing as how it gets dropped into that query, if the admin had done a GRANT ALL PRIVILEGES, the database would be gone, would it not?