I have implemented dovecot (2.2.4) proxying to DBMail 2.2.17 with
proposed configuration.
The setup is working well but I have frequent error messages ? :
"dbmail/imap4d[6971]: Error:[imapsession]
dbmail-imapsession.c,dbmail_imap_session_readln(+1587): timeout occurred
in dbmail_imap_session_readln"
I have also another trouble with a dbmail user name beeing the same as
an unix account name. Dovecot auth session is looking for a namespace of
the unix account and then failed. Is there a way to tell dovecot to
ignore local user for auth session?
Le 05/09/2013 17:08, Reindl Harald a écrit :
Am 05.09.2013 16:39, schrieb Pascal Longrais:
I am a long time user of dbmail as an imapd service for webmail clients.
I would like now to setup a complete mail system with SMTP service and common
SASL auth for all.
Reading this discussion, I am wondering why using dovecot as proxy and not
postfix which is there for SMTP relay
service?
because Postfix is not a IMAP/POP3 nor any proxy
postfix is an MTA
Because : 1) POP over TLS isnt supported by postfix?
you are mixing POP3/IMAP/SMTP
postfix is SMTP only
2) Dovecat has more spam filtering features ?
not relevant in my case -> MX is a Barracuda Networks appliance
dovecot simply offered TLS and non-plaintext auth-mechs while
dbmail2 did not and since it greatly handles SASAL and makes
the whole setup in doubt more secure because before successful
authentication on the dovecot-proxy happened which is done
directly with the mysql-database the client machine has
no connection to the dbmail-backend behind dovecot
some of this reasons are no longer true for dbmail3 but
never change a running system
oh - and dbmail here logs only real errors and OP3/IMAp
logging is done from dovecot alone - makes it easier
to grep through mailllog by processnames
Regarding SASL auth mechanisums, why prefering postfix over dovecot, as I
understood both have capabilities to
identify users through a sql driver?
the other drirection if you look at my config below
prefer dovecot over postfix while both is technically incorrect
postfix is using SASL offered by dovecot, the advantage is
simply that you have exactly the same auth-mechs on IMAP/PO3/SMTP
and in my case also the same username translations treat % and @
identical (historical reasons of no longer existing environoment
but only god knows how many clients still using the %)
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
configures dovecot to offer SASL for postfix
while "smtpd_sasl_type = dovecot" in main.cf is
using dovecot SASL instead cyrus
Le 03/09/2013 04:39, Reindl Harald a écrit :
Am 03.09.2013 04:21, schrieb Regan Yelcich:
Can anyone point me in the direction of a detailed how-to for setting up a
postfix and dovecot (proxy) node with dbmail?
In particular I'm looking for a how-to which shows dovecot authenticating
against the dbmail database directly.
The only example I've found is this one which requires a duplication of the
user database.
http://content.fens.org/index.php?q=admin-howto/mail/dovecot2dbmail-proxy
___________________________________________________
[root@testserver:~]$ cat /etc/dovecot/sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysqld.sock dbname=dbmail user=dbmail
password=***********
password_query = SELECT passwd as password, '127.0.0.1' as host, userid as
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
___________________________________________________
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert = </etc/postfix/certs/localhost.pem
ssl_key = </etc/postfix/certs/localhost.pem
ssl_cipher_list =
EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2
# configure imap-proxy
service imap-login {
inet_listener imap {
address = <public-ip>
port = 143
}
inet_listener imaps {
address = <public-ip>
port = 993
}
vsz_limit = 256M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address = <public-ip>
port = 110
}
inet_listener pop3s {
address = <public-ip>
port = 995
}
vsz_limit = 256M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %c
login_log_format = %$: %s
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 50
auth_cache_size = 1024
auth_cache_ttl = 600
auth_cache_negative_ttl = 600
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=10000 gid=10000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
