[BlueOnyx:26550] Re: Dovecot Aliases for email username?

Fri, 20 Oct 2023 23:34:20 -0700 

Hi Greg,


Hmm. Not happy with Microsoft on this one.



Yeah, it's a stupid change. They break something and we have to bend 
over backwards? Not really.



At the very least, it should be opt in… Just saying.



Indeed. And it's even pretty complicated. Sure, I can write something 
that (if the feature is enabled) dumps out a dovecot alias file and 
keeps it updated whenever email server aliases, user email aliases or 
users and vsites in general change.



But that doesn't solve another problem: Saslauth will also then need a 
similar change to be able to accept logins with username or email 
address. And that's where it gets a little tricky.



Either way: This is somewhat complicated and invasive and it's not some 
code I can crank out and properly test in a day or three.


There is a half-assed half-measure, though:

In /etc/dovecot/conf.d/10-auth.conf one can set this:

auth_username_format = %Ln

And in Postfix's /etc/postfix/main.cf the following settings are needed:

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
auth_username_format = %n


At least according to what I could just dig up. Some of these settings 
are already present. But essentially it switches Postfix from using 
"cyrus" to using Dovecot for auth-checks.


And the ...

auth_username_format = %Ln

... in /etc/dovecot/conf.d/10-auth.conf will then allow both ...

<username>@<vsite-FQDN>
... as well as ...
<username>

The caveat of this is: It won't allow:

<email-alias>@<vsite-FQDN>
... or ...
<email-alias>@<vsite-email-server-alias>


In ordert to cover these as well we'd need to write out and maintain a 
complete alias file for Dovecot as linked in the first message of this 
topic.



And that's just the Postfix side of things and Sendmail is an entirely 
different topic. If I do this, then probably only for Dovecot and 
Postfix anyway.


--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx






















					Reply via email to