Outlook 2016 SSO with GSSAPI auth?
Hi folks, I've been sifting through various threads on GSSAPI and NTLM support, and I'm wondering if anyone out there can confirm or deny GSSAPI IMAP auth support in Microsoft Outlook 2016 (Windows)? Perhaps there's some magic registry key to change IMAP auth from PLAIN to GSSAPI? We're trying to do single sign-on + e-mail for Windows domain users; Thunderbird GSSAPI works fine, of course, but Outlook 2016 is the policy-mandated e-mail client for this particular environment (Windows 10 client desktop, Windows Server 2012 R2 AD, RHEL7 Dovecot). It seems that Outlook 2016 might also support NTLMv1 / GSS-SPNEGO out of the box for IMAP accounts, but NTLMv1 is - rightly - disabled in this environment (and I also see 'NT_STATUS_UNSUCCESSFUL' reported by /usr/bin/ntlm_auth back to the Dovecot auth worker). Thanks for any ideas out there! Robert smime.p7s Description: S/MIME Cryptographic Signature
Re: STAT command failure
On Tue, 24 Oct 2017 14:31:11 -0700 (PDT) Joseph Tamwrote: > Andrew Charnley writes: > > >>> Regarding STAT which appears to have an issue with Dovecot:- > >>> > >>> [23:50:46] POP< +OK Dovecot ready. > >>> [23:50:46] POP> USER x > >>> [23:50:46] POP< +OK > >>> [23:50:46] POP> PASS > >>> [23:50:46] POP< +OK Logged in. > >>> [23:50:46] POP> STAT > >>> [23:50:46] POP< -ERR Unknown command: > >> > >> user x > >> pass *** > >> stat > > > > I can confirm this works. > > > 2. Likely an issue with CLAWS email. > > If you can arrange a network capture of a non-SSL remote CLAWS > connection, try checking whether there's a hidden character (NULL, > .etc.) being sent. > > It's also telling that it works for some accounts, and not for others. > Try rebuilding the user's index cache by removing it (save a copy!) > and see if that makes it work. If it does, you can send the buggy > caches to the developer and see if they can figure it out. > > Joseph Tam Hi Joseph, Which user index file to you refer to? Regards, Andrew
Re: STAT command failure
Andrew Charnleywrites: Regarding STAT which appears to have an issue with Dovecot:- [23:50:46] POP< +OK Dovecot ready. [23:50:46] POP> USER x [23:50:46] POP< +OK [23:50:46] POP> PASS [23:50:46] POP< +OK Logged in. [23:50:46] POP> STAT [23:50:46] POP< -ERR Unknown command: user x pass *** stat I can confirm this works. 2. Likely an issue with CLAWS email. If you can arrange a network capture of a non-SSL remote CLAWS connection, try checking whether there's a hidden character (NULL, .etc.) being sent. It's also telling that it works for some accounts, and not for others. Try rebuilding the user's index cache by removing it (save a copy!) and see if that makes it work. If it does, you can send the buggy caches to the developer and see if they can figure it out. Joseph Tam
Fwd: master/master replications v. 2.2.32
doveconf -n # 2.2.32 (dfbe293d4): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-696.1.1.el6.x86_64 x86_64 CentOS release 6.9 (Final) ext3 auth_socket_path = /var/run/dovecot/auth-userdb doveadm_password = # hidden, use -P to show it doveadm_port = 61800 first_valid_uid = 150 last_valid_uid = 150 mail_location = maildir:/var/vmail/%d/%n mail_plugins = notify replication mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_replica = tcp:xxx.xxx.xxx.xxx } postmaster_address = postmas...@it911.mx service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service config { unix_listener config { user = vmail } } service doveadm { inet_listener { port = 61800 } user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = wrote: > Hi, here is doveconf -n > > # 2.2.32 (dfbe293d4): /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-696.1.1.el6.x86_64 x86_64 CentOS release 6.9 (Final) > ext3 > auth_socket_path = /var/run/dovecot/auth-userdb > first_valid_uid = 150 > last_valid_uid = 150 > mail_location = maildir:/var/vmail/%d/%n > mail_privileged_group = mail > mbox_write_locks = fcntl > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > postmaster_address = postmas...@it911.mx > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = mail > mode = 0600 > user = vmail > } > } > ssl = required > ssl_cert = ssl_key = # hidden, use -P to show it > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > > > Thank you > > Jorge C. > > On Mon, Oct 23, 2017 at 1:07 PM, Aki Tuomiwrote: > >> >> > On October 23, 2017 at 7:29 PM "Jorge Canto E." >> wrote: >> > >> > >> > Hi, in the past I set up a master/master replication through TCP using >> > dovecot 2.2.10 on both servers and everything is running fine, I filter >> the >> > users to replicate using the iterate_query on file dovecot-sql.con.ext; >> now >> > I want to set up a new replication between two new servers running >> dovecot >> > 2.2.32 but the replicator service tries to replicate every user on my >> > database even when the iterate_query is correctly set up and the command >> > "doveadm user '*' " shows only the users I want to replicate, I think >> I am >> > missing something but I do not know what. >> > >> > Thank you so much for your help. >> > >> > Jorge C. >> >> Please provide doveconf -n >> >> Aki >> > >
Re: Post-login scripting
In data sabato 21 ottobre 2017 15:44:52 CEST, Gedalya ha scritto: > Aha. Looks pretty cool, and it's really nice that it supports HTTP. > On the other hand if I'm rate limiting the number of messages sent = number > of times a client said RCPT TO, I guess it still has to be a postfix policy > server? Anyway, thanks for pointing this out, I'm sure I'll use it :-) > Very interesting indeed; now I'm using a post-login script to track the IP of the clients, but I'll evalutate the policy as it seems cleaner. For a simple policy server to use with postfix, you can check out my simple daemon: https://github.com/SimoneLazzaris/polka It's written in go, very simple, efficient but effective. We're using in production with zero issues. *Simone Lazzaris* *Qcom S.p.A.* simone.lazza...@qcom.it[1] | www.qcom.it[2] * LinkedIn[3]* | *Facebook[4]* [5] [1] mailto:simone.lazza...@qcom.it [2] https://www.qcom.it [3] https://www.linkedin.com/company/qcom-spa [4] http://www.facebook.com/qcomspa [5] https://www.qcom.it/includes/email-banner.gif
Re: STAT command failure
Hi, I can confirm this works. So two issues here; 1. Dovecot logging is useless - there is no logging or stderr output 2. Likely an issue with CLAWS email. I'm conversing with the CLAWS support group to see what they think. Regards, Andrew On Tue, 24 Oct 2017 07:28:00 +0200 (CEST) Steffen Kaiserwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, 23 Oct 2017, Andrew Charnley wrote: > > > Regarding STAT which appears to have an issue with Dovecot:- > > > > [23:50:46] POP< +OK Dovecot ready. > > [23:50:46] POP> USER x > > [23:50:46] POP< +OK > > [23:50:46] POP> PASS > > [23:50:46] POP< +OK Logged in. > > [23:50:46] POP> STAT > > [23:50:46] POP< -ERR Unknown command: > > This response usually has the offending command behind the colon - at > least in Dovecot v2.2 > > BTW: could you launch a secure connection, e.g. from the mail server > > telnet localhost 110 > > then type in the commands yourself: > > user x > pass *** > stat > > - -- > Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQEVAwUBWe7PYHz1H7kL/d9rAQKI4Af7Bn/6d5UQnINGPMSdkQgNyy5h0cWHvsmQ > U8guJnwtlEcLe0MdJD++vrM6jVeFBjgNqZrqD5Je9dei2GaNz8ti4iwr3WEi2k3I > rkBjznX2Z2bIxpXIFjA3T4I0xSnJ7ohv3qhk1ixebpiNzi9MoA53OYre3r/ghsq8 > px6L/vMpuyQ0hiztQKyMpNUBtCE4Y/epG0R5Qy5u1VqQY4giJvSWKWdT0dE4XTkZ > MNUt+d+/RlGTFHc6iiw+mDCUEzOnwIhuTEd25TJhh5Gm/8FS4zu1ayqHoRiRE0gB > uTE2C842BSEuN0yUVucWc35ZWra4yW59Ugf+9OYJbU5LjBwF4Bkrqw== > =H1JT > -END PGP SIGNATURE-