Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On Oct 2, 2009, at 11:11 AM, Eric Jon Rostetter wrote: Quoting Timo Sirainen : So if you really want Dovecot to be there, you need to use either SQL (e.g. SQLite) or checkpassword passdb. Others can't just accept all users without explicitly listing all of them. With SQL you could do something like: Why not ldap authentication off the MS AD? I guess that'd work too if proxy has access to AD.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
Quoting Timo Sirainen : So if you really want Dovecot to be there, you need to use either SQL (e.g. SQLite) or checkpassword passdb. Others can't just accept all users without explicitly listing all of them. With SQL you could do something like: Why not ldap authentication off the MS AD? -- Eric Rostetter The Department of Physics The University of Texas at Austin This message is provided "AS IS" without warranty of any kind, either expressed or implied. Use this message at your own risk.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On Oct 2, 2009, at 8:47 AM, Vitaliy Vladimirovich wrote: That still doesn't answer my question. It doesn't sound like you need IMAP proxying. It sounds like you just need TCP connection forwarding. Your true. TCP connection forwarding I can do fith PF, but I think IMAP proxying more secure. The only thing that could make it more secure is if you trust that Dovecot is more secure before login than Exchange is. Could be true of course. :) So if you really want Dovecot to be there, you need to use either SQL (e.g. SQLite) or checkpassword passdb. Others can't just accept all users without explicitly listing all of them. With SQL you could do something like: password_query = select '%u' as user, 'y' as nopasword, 'y' as proxy, '1.2.3.4' as host
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
--- Original Message --- From: Timo Sirainen To: Vitaliy Vladimirovich Date: 2 october, 15:42:40 Subject: Re: [Dovecot] IMAP proxying for ALL users to internal mail server On Oct 2, 2009, at 8:39 AM, Vitaliy Vladimirovich wrote: >> How must I adjust Dovecot for proxying all users from the >> Internet to the internal Exchange Mail Server? > > To only a single Exchange server? Why would you need Dovecot proxy at > all there? Just use whatever dummy TCP proxy. > Yes, to only single. > I am trying to configure SMTP AUTH (Postfix+Dovecot SAS with > Active Directory users account) and IMAP proxying to Exchange. > So now my problem is in IMAP proxying. > SMTP auth separately works fine. That still doesn't answer my question. It doesn't sound like you need IMAP proxying. It sounds like you just need TCP connection forwarding. Your true. TCP connection forwarding I can do fith PF, but I think IMAP proxying more secure.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On 10/2/2009, Vitaliy Vladimirovich (artem...@ukr.net) wrote: >> Is this even a supported configuration? I've never heard of anyone doing >> this. > Why not? From dovecot WIKI: > > The destination servers don't need to be running Dovecot, I stand corrected... I've never used the proxy feature, so had never read the wiki on it... Good to know though... thx... -- Best regards, Charles
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On Oct 2, 2009, at 8:39 AM, Vitaliy Vladimirovich wrote: How must I adjust Dovecot for proxying all users from the Internet to the internal Exchange Mail Server? To only a single Exchange server? Why would you need Dovecot proxy at all there? Just use whatever dummy TCP proxy. Yes, to only single. I am trying to configure SMTP AUTH (Postfix+Dovecot SAS with Active Directory users account) and IMAP proxying to Exchange. So now my problem is in IMAP proxying. SMTP auth separately works fine. That still doesn't answer my question. It doesn't sound like you need IMAP proxying. It sounds like you just need TCP connection forwarding.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
--- Original Message --- From: Timo Sirainen To: "Vitaliy Vladimirovich" Date: 2 october, 15:25:19 Subject: Re: [Dovecot] IMAP proxying for ALL users to internal mail server On Oct 2, 2009, at 8:14 AM, Vitaliy Vladimirovich wrote: > How must I adjust Dovecot for proxying all users from the > Internet to the internal Exchange Mail Server? To only a single Exchange server? Why would you need Dovecot proxy at all there? Just use whatever dummy TCP proxy. Yes, to only single. I am trying to configure SMTP AUTH (Postfix+Dovecot SAS with Active Directory users account) and IMAP proxying to Exchange. So now my problem is in IMAP proxying. SMTP auth separately works fine.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On Oct 2, 2009, at 8:14 AM, Vitaliy Vladimirovich wrote: How must I adjust Dovecot for proxying all users from the Internet to the internal Exchange Mail Server? To only a single Exchange server? Why would you need Dovecot proxy at all there? Just use whatever dummy TCP proxy.
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
--- Original Message --- From: Charles Marcus To: Vitaliy Vladimirovich Date: 2 october, 15:20:18 Subject: Re: [Dovecot] IMAP proxying for ALL users to internal mail server On 10/2/2009 8:14 AM, Vitaliy Vladimirovich wrote: > How must I adjust Dovecot for proxying all users from the Internet to > the internal Exchange Mail Server? Is this even a supported configuration? I've never heard of anyone doing this. Why not? From dovecot WIKI: The destination servers don't need to be running Dovecot, but you should make sure that the Dovecot proxy doesn't advertise more capabilities than the destination server can handle. For IMAP you can do this by changing imap_capability setting. For POP3 you'll have to modify Dovecot's sources for now ( src/pop3/capability.h). v1.2.rc4+ automatically sends updated untagged CAPABILITY reply if it detects that the remote server has different capabilities than what it already advertised to the client. Note that some clients simply ignore the updated CAPABILITY reply. Dovecot proxy is intended to act as a proxy between multiple *dovecot* servers... But, I'll be interested to hear Timos response, if this might actually work... -- Best regards, Charles
Re: [Dovecot] IMAP proxying for ALL users to internal mail server
On 10/2/2009 8:14 AM, Vitaliy Vladimirovich wrote: > How must I adjust Dovecot for proxying all users from the Internet to > the internal Exchange Mail Server? Is this even a supported configuration? I've never heard of anyone doing this. Dovecot proxy is intended to act as a proxy between multiple *dovecot* servers... But, I'll be interested to hear Timos response, if this might actually work... -- Best regards, Charles
[Dovecot] IMAP proxying for ALL users to internal mail server
Hi! How must I adjust Dovecot for proxying all users from the Internet to the internal Exchange Mail Server? This is my config files (most important): dovecot.conf protocol imap { #listen = *:10143 ssl_listen = 194.0.148.10:993 auth default { mechanisms = plain login passdb passwd-file { args = /usr/local/etc/dovecot-%Ls.conf } } dovecot-imap.conf testma...@example.org::0:0proxy host=10.0.10.3 port=143 nopassword With this configurations all works fine, but if I trying change dovecot-imap.conf as below �...@%d::0:0proxy host=10.0.10.3 port=143 nopassword I get an error: Oct 2 15:10:58 relay dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=199.10.149.10 rip=199.10.149.3 lport=993 rport=28316 resp= Oct 2 15:10:58 relay dovecot: auth(default): passwd-file(testma...@example.org,199.10.149.3): lookup: user=testma...@example.org file=/usr/local/etc/dovecot-imap.conf Oct 2 15:10:58 relay dovecot: auth(default): passwd-file(testma...@example.org,199.10.149.3): unknown user Oct 2 15:10:59 relay dovecot: auth(default): new auth connection: pid=62532 Oct 2 15:11:00 relay dovecot: auth(default): client out: FAIL 1 user=testma...@example.org Any ideas??