Re: [Dovecot] Dovecot proxy
Is it possible to use backend's passdb on the relay server in your setup?
If you are - for example - using SQL database as passdb on the backend,
you can access it from relay server as well. Let's say you have
"relay_enabled" column in the table of users, then you can use something
like:
select ... from users where user = ... and relay_enabled = true
Users, who are not permitted access from internet, will get
authentication failure
If your passdb can't be shared this way (unix accounts, passwd-file
etc.), this won't work of course. Maybe you can try to play around
allow_nets
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets),
possibly combined with login_trusted_networks on backend
The idea here is that your relay provides user's real IP and you use
allow_nets extra field to restrict access to your internal network only.
Not sure if this can work though, never tried.
Alex Ferrara wrote:
Hi everyone,
I have a problem that hopefully has an easy solution.
I am setting up an IMAP proxy in a DMZ network. It will connect to
the real IMAP server and authenticate using "driver = imap", and this
I have working really nicely.
What I want to do is have it look up a list of users that are allowed
to connect through the proxy before proxying the connection, as not
all users with an account are permitted to access their email from
the internet. I thought that using a post-login script would get me
out of trouble, but it isn't possible in a relay configuration.
dovecot.conf
## Dovecot configuration file
mail_uid = dovecot mail_gid = dovecot
protocols = imap
listen = *, ::
passdb { driver = imap # IMAP server to authenticate against args =
host=192.168.1.1 # IMAP server to connect to for mailbox
default_fields = proxy=yes host=192.168.1.1 } userdb { driver =
prefetch }
auth_mechanisms = plain login
# This is the auth service used by Postfix to do dovecot auth.
service auth { unix_listener auth-userdb { } inet_listener { port =
12345 } }
## ## SSL settings ##
# These will need to ba adjusted to point to *your* certificates, not
mine 8-) # The ssl_ca line refers to the intermediate certificate
bundle which may or may not be required by your SSL provider
ssl_cert =
[Dovecot] Dovecot proxy
Hi everyone,
I have a problem that hopefully has an easy solution.
I am setting up an IMAP proxy in a DMZ network. It will connect to the real
IMAP server and authenticate using "driver = imap", and this I have working
really nicely.
What I want to do is have it look up a list of users that are allowed to
connect through the proxy before proxying the connection, as not all users with
an account are permitted to access their email from the internet. I thought
that using a post-login script would get me out of trouble, but it isn't
possible in a relay configuration.
dovecot.conf
## Dovecot configuration file
mail_uid = dovecot
mail_gid = dovecot
protocols = imap
listen = *, ::
passdb {
driver = imap
# IMAP server to authenticate against
args = host=192.168.1.1
# IMAP server to connect to for mailbox
default_fields = proxy=yes host=192.168.1.1
}
userdb {
driver = prefetch
}
auth_mechanisms = plain login
# This is the auth service used by Postfix to do dovecot auth.
service auth {
unix_listener auth-userdb {
}
inet_listener {
port = 12345
}
}
##
## SSL settings
##
# These will need to ba adjusted to point to *your* certificates, not mine 8-)
# The ssl_ca line refers to the intermediate certificate bundle which may or
may not be required by your SSL provider
ssl_cert =
[Dovecot] Dsyncing mail in director setup
Hi All, I have a pair of dovecot director proxies and six dovecot backend mailstores using NFS v4.1 to access five filesystems on EMC VNX NFS storage. This is all working fine until I try and dsync new email mailboxes via one of the mailstores onto the NFS storage. I get major NFS lockups at random on one or more of the mailstores with none of the NFS mounts accessible on one or more of the mailstores. I am getting our storage guy to look into it to see if it is just a performance issue. I can understand there may be locking issues but I wouldn't have thought it would have this effect. I also wonderif there is a better way to run dsync so it handle writing to NFS? Maybe passing it some of the nfs related dovecot options? Thanks Murray
[Dovecot] Dovecot/Postfix Auth, howto not working ?
Hi Guys, I'm trying to auth Dovecot agains FreeIPA using this tut: http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On (and also Postfix using this: https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/(as it should be working with dovecot at the end I believe) I'm having some issues here and get the following errors no matter what I do: May 4 23:13:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:13:18 mail-01 postfix/smtpd[2949]: error: open database /etc/aliases.db: No such file or directory May 4 23:13:18 mail-01 postfix/smtpd[2949]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled May 4 23:13:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:13:18 mail-01 postfix/smtpd[2949]: connect from unknown[xxx.xxx.xxx.xxx] May 4 23:13:28 mail-01 dovecot: imap-login: Disconnected (no auth attempts): rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx May 4 23:13:28 mail-01 postfix/smtpd[2949]: fatal: no SASL authentication mechanisms May 4 23:13:29 mail-01 postfix/master[1627]: warning: process /usr/lib/postfix/smtpd pid 2949 exit status 1 May 4 23:13:29 mail-01 postfix/master[1627]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling May 4 23:14:18 mail-01 dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one May 4 23:14:18 mail-01 dovecot: master: Error: service(auth): command startup failed, throttling May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection rate 1/60s for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max connection count 1 for (smtp:xxx.xxx.xxx.xxx) at May 4 23:13:18 May 4 23:15:09 mail-01 postfix/anvil[2952]: statistics: max cache size 1 at May 4 23:13:18 Outside the issue that it cannot find the aliasses db, I'm kinda stuck here... the tut should be working "out of the box", but I have the feeling I'm missing something here. I hope someone can help me out! Thanks! Matt
[Dovecot] Unknown user when sending internal email
I use MySQL to store my virtual users, domains and aliases.
My database is setup as follows:
|CREATE| |TABLE| |`dovecot_passwords` (|
|||`username` ||varchar||(100) ||NOT| |NULL||,|
|||`appname` ||varchar||(50) ||NOT| |NULL||,|
|||`||password||` varbinary(256) ||NOT| |NULL||,|
|||PRIMARY| |KEY| |(`username`,`appname`)|
|)
I then add a users:
|
|INSERT| |INTO| |dovecot_passwords (username, appname, ||password||)
||VALUES||( ||'t...@domain.com'||, ||'desktop'||, MD5(||'password'||) );
My /usr/local/etc/dovecot/dovecot-sql.conf.ext has:
|
|driver = mysql |
|connect = host=127.0.0.1 dbname=mailserver user=mailuser password=blahblah|
|default_pass_scheme = PLAIN
password_query = SELECT NULL AS password,'Y' as nopassword, username AS
userFROM dovecot_passwordsWHERE username = '%u' AND
password=MD5(REPLACE('%w',' ',''))
Logging in works great and I can use a desktop email client or webmail
just fine to check email. The problem occurs when I try to email another
user in MY domain. When I send an email from us...@domain.com to
us...@domain.com I get the following error in the logs:
to=, relay=mail.domain.com[private/dovecot-lmtp],
delay=0.08, delays=0.05/0.01/0/0.02, dsn=5.1.1, status=bounced (host
mail.domain.com[private/dovecot-lmtp] said: 550 5.1.1
User doesn't exist: us...@domain.com (in reply to
RCPT TO command))
|
I thought it may have something to do with this:
http://wiki2.dovecot.org/DomainLost
To quote:
SQL
password_query gets often misconfigured to drop the domain if username
and domain are stored separately. For example:
# BROKEN:
password_query = SELECT username AS user, password FROM users WHERE username =
'%n' AND domain = '%d'
The "username AS user" changes the username permanently and the domain
is dropped. You can instead use:
# MySQL:
password_query = SELECT concat(username, '@', domain) AS user, password FROM
users WHERE username = '%n' AND domain = '%d'
Despite the above I didn't have any luck. From what I can tell in the
logs it is using the username AND domain for the user (and not dropping
off the domain).
Does anyone know how I can get local mail delivery to work again? I have
changed the way my users are stored in MySQL so that I can make use of
"Application Specific Passwords". If I revert back to using the previous
user database internal mail works fine again. I can't seem to figure
this out so appreciate any help! Any questions please ask.
The details:
Dovecot version: |2.2.12
# OS: FreeBSD 10.0-STABLE amd64 zfs
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
imap_id_log = *
imap_id_send = *
log_path = /var/log/dovecot.log
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Junk {
auto = subscribe
special_use = \Junk
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
sieve = /var/mail/dovecotsieve/%d/%n/.dovecot.sieve
sieve_default = /var/mail/sieve/default.sieve
sieve_dir = /var/mail/dovecotsieve/%d/%n/sieve
sieve_global_dir = /var/mail/sieve/
}
protocols = imap lmtp sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
ssl = required
ssl_cert =
ssl_cipher_list =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED:+AES256-SHA
ssl_key =
