Re: [Dovecot] Dovecot proxy
Is it possible to use backend's passdb on the relay server in your setup? If you are - for example - using SQL database as passdb on the backend, you can access it from relay server as well. Let's say you have "relay_enabled" column in the table of users, then you can use something like: select ... from users where user = ... and relay_enabled = true Users, who are not permitted access from internet, will get authentication failure If your passdb can't be shared this way (unix accounts, passwd-file etc.), this won't work of course. Maybe you can try to play around allow_nets (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets), possibly combined with login_trusted_networks on backend The idea here is that your relay provides user's real IP and you use allow_nets extra field to restrict access to your internal network only. Not sure if this can work though, never tried. Alex Ferrara wrote: Hi everyone, I have a problem that hopefully has an easy solution. I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely. What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with an account are permitted to access their email from the internet. I thought that using a post-login script would get me out of trouble, but it isn't possible in a relay configuration. dovecot.conf ## Dovecot configuration file mail_uid = dovecot mail_gid = dovecot protocols = imap listen = *, :: passdb { driver = imap # IMAP server to authenticate against args = host=192.168.1.1 # IMAP server to connect to for mailbox default_fields = proxy=yes host=192.168.1.1 } userdb { driver = prefetch } auth_mechanisms = plain login # This is the auth service used by Postfix to do dovecot auth. service auth { unix_listener auth-userdb { } inet_listener { port = 12345 } } ## ## SSL settings ## # These will need to ba adjusted to point to *your* certificates, not mine 8-) # The ssl_ca line refers to the intermediate certificate bundle which may or may not be required by your SSL provider ssl_cert =
[Dovecot] Dovecot proxy
Hi everyone, I have a problem that hopefully has an easy solution. I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely. What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with an account are permitted to access their email from the internet. I thought that using a post-login script would get me out of trouble, but it isn't possible in a relay configuration. dovecot.conf ## Dovecot configuration file mail_uid = dovecot mail_gid = dovecot protocols = imap listen = *, :: passdb { driver = imap # IMAP server to authenticate against args = host=192.168.1.1 # IMAP server to connect to for mailbox default_fields = proxy=yes host=192.168.1.1 } userdb { driver = prefetch } auth_mechanisms = plain login # This is the auth service used by Postfix to do dovecot auth. service auth { unix_listener auth-userdb { } inet_listener { port = 12345 } } ## ## SSL settings ## # These will need to ba adjusted to point to *your* certificates, not mine 8-) # The ssl_ca line refers to the intermediate certificate bundle which may or may not be required by your SSL provider ssl_cert =
[Dovecot] Dsyncing mail in director setup
Hi All, I have a pair of dovecot director proxies and six dovecot backend mailstores using NFS v4.1 to access five filesystems on EMC VNX NFS storage. This is all working fine until I try and dsync new email mailboxes via one of the mailstores onto the NFS storage. I get major NFS lockups at random on one or more of the mailstores with none of the NFS mounts accessible on one or more of the mailstores. I am getting our storage guy to look into it to see if it is just a performance issue. I can understand there may be locking issues but I wouldn't have thought it would have this effect. I also wonderif there is a better way to run dsync so it handle writing to NFS? Maybe passing it some of the nfs related dovecot options? Thanks Murray
[Dovecot] Dovecot/Postfix Auth, howto not working ?
Hi Guys, I'm trying to auth Dovecot agains FreeIPA using this tut: http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On (and also Postfix using this: https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/(as it should be working with dovecot at the end I believe) I'm having some issues here and get the following errors no matter what I do: May 4 23:13:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:13:18 mail-01 postfix/smtpd[2949]: error: open database /etc/aliases.db: No such file or directory May 4 23:13:18 mail-01 postfix/smtpd[2949]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled May 4 23:13:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:13:18 mail-01 postfix/smtpd[2949]: connect from unknown[xxx.xxx.xxx.xxx] May 4 23:13:28 mail-01 dovecot: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx May 4 23:13:28 mail-01 postfix/smtpd[2949]: fatal: no SASL authentication mechanisms May 4 23:13:29 mail-01 postfix/master[1627]: warning: process /usr/lib/postfix/smtpd pid 2949 exit status 1 May 4 23:13:29 mail-01 postfix/master[1627]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 4 23:14:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:14:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection rate 1/60s for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection count 1 for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max cache size 1 at May 4 23:13:18 Outside the issue that it cannot find the aliasses db, I'm kinda stuck here... the tut should be working "out of the box", but I have the feeling I'm missing something here. I hope someone can help me out! Thanks! Matt
[Dovecot] Unknown user when sending internal email
I use MySQL to store my virtual users, domains and aliases. My database is setup as follows: |CREATE| |TABLE| |`dovecot_passwords` (| |||`username` ||varchar||(100) ||NOT| |NULL||,| |||`appname` ||varchar||(50) ||NOT| |NULL||,| |||`||password||` varbinary(256) ||NOT| |NULL||,| |||PRIMARY| |KEY| |(`username`,`appname`)| |) I then add a users: | |INSERT| |INTO| |dovecot_passwords (username, appname, ||password||) ||VALUES||( ||'t...@domain.com'||, ||'desktop'||, MD5(||'password'||) ); My /usr/local/etc/dovecot/dovecot-sql.conf.ext has: | |driver = mysql | |connect = host=127.0.0.1 dbname=mailserver user=mailuser password=blahblah| |default_pass_scheme = PLAIN password_query = SELECT NULL AS password,'Y' as nopassword, username AS userFROM dovecot_passwordsWHERE username = '%u' AND password=MD5(REPLACE('%w',' ','')) Logging in works great and I can use a desktop email client or webmail just fine to check email. The problem occurs when I try to email another user in MY domain. When I send an email from us...@domain.com to us...@domain.com I get the following error in the logs: to=, relay=mail.domain.com[private/dovecot-lmtp], delay=0.08, delays=0.05/0.01/0/0.02, dsn=5.1.1, status=bounced (host mail.domain.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn't exist: us...@domain.com (in reply to RCPT TO command)) | I thought it may have something to do with this: http://wiki2.dovecot.org/DomainLost To quote: SQL password_query gets often misconfigured to drop the domain if username and domain are stored separately. For example: # BROKEN: password_query = SELECT username AS user, password FROM users WHERE username = '%n' AND domain = '%d' The "username AS user" changes the username permanently and the domain is dropped. You can instead use: # MySQL: password_query = SELECT concat(username, '@', domain) AS user, password FROM users WHERE username = '%n' AND domain = '%d' Despite the above I didn't have any luck. From what I can tell in the logs it is using the username AND domain for the user (and not dropping off the domain). Does anyone know how I can get local mail delivery to work again? I have changed the way my users are stored in MySQL so that I can make use of "Application Specific Passwords". If I revert back to using the previous user database internal mail works fine again. I can't seem to figure this out so appreciate any help! Any questions please ask. The details: Dovecot version: |2.2.12 # OS: FreeBSD 10.0-STABLE amd64 zfs auth_debug = yes auth_mechanisms = plain login auth_verbose = yes imap_id_log = * imap_id_send = * log_path = /var/log/dovecot.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Junk { auto = subscribe special_use = \Junk } prefix = } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = /var/mail/dovecotsieve/%d/%n/.dovecot.sieve sieve_default = /var/mail/sieve/default.sieve sieve_dir = /var/mail/dovecotsieve/%d/%n/sieve sieve_global_dir = /var/mail/sieve/ } protocols = imap lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } ssl = required ssl_cert = ssl_cipher_list = HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED:+AES256-SHA ssl_key =