Am 16.10.2013 10:57, schrieb Thomas Raschbacher: > On 2013-10-16 10:40, Reindl Harald wrote: >> on the dovecot side i see sometimes such lines, most likely caused by >> mobile clients i think - may this be a reason for the problems some >> users are seeing with dbmail and TLS directly on the wire? >> >> Oct 16 06:31:20 mail dovecot: imap-login: Disconnected (no auth >> attempts in 100 secs): user=<>, *****, TLS >> handshaking: SSL_accept() syscall failed: Connection timed out >> Oct 16 09:17:13 mail dovecot: pop3-login: Disconnected (no auth >> attempts in 100 secs): user=<>, *****, TLS >> handshaking: SSL_accept() syscall failed: Connection timed out >> > > that does sound like it's possible to me but tbh I only had a brief look over > the code. > > anyway how complicated is a dovecot proxy setup? > because I was considering trying this since last night it happened twice (and > the one time was when both me and my > wife were asleep so we didn't check mails )
the dovecot setup is trivial in case passwords are saved in cleartext to provide CRAM-MD5, MD5-DIGEST and whatever auth-mechs see attachments, any other dovecot-config snippets are empty or in my case with self built packages not existent at all __________________________ dbmail.conf needs to be modified listening only on localhost and "dovecot.conf" contains 4 times your public IP, the switch 110/143 on the dovecot side happens this way transparent depending on the protocol [POP] bindip = 127.0.0.1 port = 110 pop_before_smtp = no banner = POP3 timeout = 1800 login_timeout = 1800 [IMAP] bindip = 127.0.0.1 port = 143 timeout = 4000 login_timeout = 1800 imap_before_smtp = no idle_timeout = 30 capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE banner = IMAP max_message_size = 36700160 __________________________ the last block in "dovecot.conf" is for put the following lines into postfix "main.cf" instead cyrus for SASL authentication and is the main reason for me using dovecot - one unique auth provider for the whole mail-system and if you have dovecot running anyways you get the auth-provider that way for free without config smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert = </etc/httpd/conf/ssl/testserver.rhsoft.net.pem
ssl_key = </etc/httpd/conf/ssl/testserver.rhsoft.net.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_parameters_regenerate = 0
# configure imap-proxy
service imap-login {
inet_listener imap {
address = 84.113.45.81
port = 143
}
inet_listener imaps {
address = 84.113.45.81
port = 993
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address = 84.113.45.81
port = 110
}
inet_listener pop3s {
address = 84.113.45.81
port = 995
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %k
login_log_format = %{login_status}: %s
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 50
auth_cache_size = 1024
auth_cache_ttl = 600
auth_cache_negative_ttl = 600
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=10000 gid=10000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=dbmail user=dbmail password=***** password_query = SELECT passwd as password, '127.0.0.1' as host, userid as destuser, passwd AS pass, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u' default_pass_scheme = plain
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
