[BlueOnyx:26550] Re: Dovecot Aliases for email username?

2023-10-20 Thread Michael Stauber via Blueonyx 

Hi Greg,


Hmm. Not happy with Microsoft on this one.


Yeah, it's a stupid change. They break something and we have to bend 
over backwards? Not really.



At the very least, it should be opt in… Just saying.


Indeed. And it's even pretty complicated. Sure, I can write something 
that (if the feature is enabled) dumps out a dovecot alias file and 
keeps it updated whenever email server aliases, user email aliases or 
users and vsites in general change.


But that doesn't solve another problem: Saslauth will also then need a 
similar change to be able to accept logins with username or email 
address. And that's where it gets a little tricky.


Either way: This is somewhat complicated and invasive and it's not some 
code I can crank out and properly test in a day or three.


There is a half-assed half-measure, though:

In /etc/dovecot/conf.d/10-auth.conf one can set this:

auth_username_format = %Ln

And in Postfix's /etc/postfix/main.cf the following settings are needed:

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
auth_username_format = %n

At least according to what I could just dig up. Some of these settings 
are already present. But essentially it switches Postfix from using 
"cyrus" to using Dovecot for auth-checks.


And the ...

auth_username_format = %Ln

... in /etc/dovecot/conf.d/10-auth.conf will then allow both ...

@
... as well as ...


The caveat of this is: It won't allow:

@
... or ...
@

In ordert to cover these as well we'd need to write out and maintain a 
complete alias file for Dovecot as linked in the first message of this 
topic.


And that's just the Postfix side of things and Sendmail is an entirely 
different topic. If I do this, then probably only for Dovecot and 
Postfix anyway.


--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26549] Re: Dovecot Aliases for email username?

2023-10-20 Thread Greg Kuhnert via Blueonyx 
Hmm. Not happy with Microsoft on this one. Attacks against a known username 
make it easier to compromise an account. Lets assume a percentage of BX users 
out there have the same password on BX as something else, and the something 
else has had a breach. Right now, they cant get into mail because of the fact 
of the different username. If this change happens, that will disappear.

At the very least, it should be opt in… Just saying.

> On 21 Oct 2023, at 7:19 am, Michael Aronoff via Blueonyx 
>  wrote:
> 
> Michael, In the latest version of Microsoft Mail it is no longer possible to 
> use an email account where the username is not the email address. Microsoft 
> has been making moves toward this for a while but until now it has always 
> been possible to find a place to put the username directly.
> 
> Outlook still allows that but Microsoft Mail does not any longer. I happen to 
> be Goggling the issue and found a page about Dovecot aliases and it occurred 
> to me that this might be doable on BlueOnyx. You already have a place for the 
> prefered email alias in the GUI so that auto-replies are sent from that 
> address. Would it be possible to use that info to also populate a dovecot 
> alias?
> 
> Here is what I found about dovecot aliases. 
> https://serverfault.com/questions/1054395/login-aliases-for-smtp-imap
> 
> Thanks, 
> 
> M Aronoff Out – maron...@gmail.com  
>  
> I'm a great believer in luck, and I find 
> the harder I work the more I have of it.
>   - Thomas Jefferson
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it 
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26548] Re: Dovecot Aliases for email username?

2023-10-20 Thread Michael Stauber via Blueonyx 

Hi Michael,

Here is what I found about dovecot aliases. 
https://serverfault.com/questions/1054395/login-aliases-for-smtp-imap 



That looks interesting, indeed! I'll look into it.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26547] Dovecot Aliases for email username?

2023-10-20 Thread Michael Aronoff via Blueonyx 
Michael, In the latest version of Microsoft Mail it is no longer 
possible to use an email account where the username is not the email 
address. Microsoft has been making moves toward this for a while but 
until now it has always been possible to find a place to put the 
username directly.


Outlook still allows that but Microsoft Mail does not any longer. I 
happen to be Goggling the issue and found a page about Dovecot aliases 
and it occurred to me that this might be doable on BlueOnyx. You already 
have a place for the prefered email alias in the GUI so that 
auto-replies are sent from that address. Would it be possible to use 
that info to also populate a dovecot alias?


Here is what I found about dovecot aliases. 
https://serverfault.com/questions/1054395/login-aliases-for-smtp-imap


Thanks,

M Aronoff Out – maron...@gmail.com

I'm a great believer in luck, and I find
the harder I work the more I have of it.
  - Thomas Jefferson
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx