Re: distuguish between different domains

2015-09-29 Thread Marco Fretz 
>> the dovecot service does not care about the server dns name. the dns
>> name resolves to the IP address on the client (roundcube) and the client
>> connects to the server. if the same dovecot instance listens to all /
>> both IP address, client will end up on this dovecot instance and all
>> valid user-password combinations are authorized. that's the way it has
>> to be, otherwise virtual / mass virtual domain hosting would not be
>> possible as you cannot spawn 1000 instances on the same machine (ok, in
>> theory you could do that :D)
> No, it's only impossible if you are using passdb or otherwise
> authenticating against real users of the system.  If you are using
> virtual users (SQL, LDAP, etc.), you can include the domain name in the
> auth lookups.
>
>
Andreas was asking about the fqdn where the imap client is connecting
to, not the user name / e-mail address.
you can use localpart and domain from the email address in passdb /
userdb lookups but dovecot (imap) is nothing like http where you send
the a hostname of the site you're conncting to in the header.

Re: distuguish between different domains

2015-09-28 Thread Phil Turmel 
On 09/28/2015 10:18 AM, Marco Fretz wrote:
> On 28.09.2015 10:48, Andreas Meyer wrote:

>> For my understanding it should not be possible to connect to server
>> server.aaa.de with an address line u...@bbb.de and dovecot serves
>> the mailbox of that user.
> the dovecot service does not care about the server dns name. the dns
> name resolves to the IP address on the client (roundcube) and the client
> connects to the server. if the same dovecot instance listens to all /
> both IP address, client will end up on this dovecot instance and all
> valid user-password combinations are authorized. that's the way it has
> to be, otherwise virtual / mass virtual domain hosting would not be
> possible as you cannot spawn 1000 instances on the same machine (ok, in
> theory you could do that :D)

No, it's only impossible if you are using passdb or otherwise
authenticating against real users of the system.  If you are using
virtual users (SQL, LDAP, etc.), you can include the domain name in the
auth lookups.

Phil

Re: distuguish between different domains

2015-09-28 Thread Marco Fretz 
On 28.09.2015 10:48, Andreas Meyer wrote:
> Hello!
>
> Marco Fretz  schrieb am 28.09.15 um 08:29:59 Uhr:
>
>> Hi Andreas,
>>
>> I'm not 100% sure what you're trying to accomplish.
>>
>> smtp_server in roundcube is the outgoing server (submission server, i.e.
>> postfix). Mailbox is IMAP (dovecot).
>> You can easily spawn 2 instances of dovecot, one serving aaa.de and one
>> serving bbb.de on different IPs.
> How do I do this?
http://wiki2.dovecot.org/RunningDovecot
I do this by creating a 2nd startup script / systemd service
you can then use another dovecot config file and specify different
listen IPs (and Ports). This is also useful for different SSL certs per
domain / ip, etc.
>
>> What exactly is the problem with 2 domains on one dovecot? I mean user
>> @aaa.de usually does not have the password for @bbb.de and vise versa.
> What is irritating me is that when there are two domains served by
> dovecot, in the client I can specify server.aaa.de although I have
> an email-address u...@bbb.de and connect as such.
>
> For my understanding it should not be possible to connect to server
> server.aaa.de with an address line u...@bbb.de and dovecot serves
> the mailbox of that user.
the dovecot service does not care about the server dns name. the dns
name resolves to the IP address on the client (roundcube) and the client
connects to the server. if the same dovecot instance listens to all /
both IP address, client will end up on this dovecot instance and all
valid user-password combinations are authorized. that's the way it has
to be, otherwise virtual / mass virtual domain hosting would not be
possible as you cannot spawn 1000 instances on the same machine (ok, in
theory you could do that :D)
>  
>> About the sending server in roundcube: I don't think there is a way to
>> have a different submission server for different sender domains in
>> roundcubde. But you could use the postfix configuration to map sender
>> domains to different outgoing connection IPs.
> Postfix is not the problem. It's the login into the IMAP-server that
> is irritating me. Or am I completely wrong?
>
> Regards
>
>   Andreas

Re: distuguish between different domains

2015-09-28 Thread Marco Fretz 
Hi Andreas,

I'm not 100% sure what you're trying to accomplish.

smtp_server in roundcube is the outgoing server (submission server, i.e.
postfix). Mailbox is IMAP (dovecot).
You can easily spawn 2 instances of dovecot, one serving aaa.de and one
serving bbb.de on different IPs.

What exactly is the problem with 2 domains on one dovecot? I mean user
@aaa.de usually does not have the password for @bbb.de and vise versa.

About the sending server in roundcube: I don't think there is a way to
have a different submission server for different sender domains in
roundcubde. But you could use the postfix configuration to map sender
domains to different outgoing connection IPs.

Does this help? If not, please tell us more about what you're trying to do.

regards
Marco

On 27.09.2015 19:53, Andreas Meyer wrote:
> Hello!
>
> I asked myself wether it is possible to distinguish between
> different doamins in dovecot so that a user only sees his
> mailbox when he is connecting with us...@aaa.de specifying
> the server with mail.aaa.de for example.
>
> So the server does not handout the mailbox for us...@bbb.de
> when the client connects to mail.aaa.de as us...@bbb.de
>
> I have this problem with roundcube. Dovecot is responisble
> for two domains. With roundcube I can login as us...@aaa.de
> altough the client is configured like so:
> $config['smtp_server'] = 'tls://mail.bbb.de';
> and I am landing in the mailbox of us...@aaa.de
>
> Is there a way to striktly differentiate between doamins?
> Both domains have their own IP-addresses.
>
> Regards
>
>   Andreas

Re: distuguish between different domains

2015-09-28 Thread A.L.E.C 
On 09/28/2015 10:48 AM, Andreas Meyer wrote:
> Postfix is not the problem. It's the login into the IMAP-server that
> is irritating me. Or am I completely wrong?

You are completely wrong ;) If the mailbox exist server handles it,
there's no difference from/to which "domain" was the connection. Besides
you can configure Roundcube to select server IP/host based on logon domain.

-- 
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer[http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl

Re: distuguish between different domains

2015-09-28 Thread Andreas Meyer 
Hello!

Marco Fretz  schrieb am 28.09.15 um 08:29:59 Uhr:

> Hi Andreas,
> 
> I'm not 100% sure what you're trying to accomplish.
> 
> smtp_server in roundcube is the outgoing server (submission server, i.e.
> postfix). Mailbox is IMAP (dovecot).
> You can easily spawn 2 instances of dovecot, one serving aaa.de and one
> serving bbb.de on different IPs.

How do I do this?

> What exactly is the problem with 2 domains on one dovecot? I mean user
> @aaa.de usually does not have the password for @bbb.de and vise versa.

What is irritating me is that when there are two domains served by
dovecot, in the client I can specify server.aaa.de although I have
an email-address u...@bbb.de and connect as such.

For my understanding it should not be possible to connect to server
server.aaa.de with an address line u...@bbb.de and dovecot serves
the mailbox of that user.
 
> About the sending server in roundcube: I don't think there is a way to
> have a different submission server for different sender domains in
> roundcubde. But you could use the postfix configuration to map sender
> domains to different outgoing connection IPs.

Postfix is not the problem. It's the login into the IMAP-server that
is irritating me. Or am I completely wrong?

Regards

  Andreas

Re: distuguish between different domains

2015-09-28 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 28 Sep 2015, Andreas Meyer wrote:


For my understanding it should not be possible to connect to server
server.aaa.de with an address line u...@bbb.de and dovecot serves
the mailbox of that user.


that's virtual hosting :-)

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBVgkB93z1H7kL/d9rAQLwRQf9EYit7l2ZSaSQQhojeoqNKXcZj1FP9SZY
Wm+w3mI/zL/5xlWhvZPmZgTGs6aLUqU1la0zl4Nd95gRiVuG5DQPruUfu9uvG8XV
t6u+mpf4wGkeDZlkrYMSKmOrE8eUV6Bdi0fuBZrDCihChGSb8NceMn7u58uTBDFr
Pj5AmU+71OrWHisvmCjsQAelOXNpHMf+hFHxb5xJatbDl9wqf443WyoUBaVGCb2q
1rbYz+TT/5BGfLwibefmuTkzWn8ca/RryJV2GaynIyp+WynlRh5w+1Q1EPZgS/Di
xOIk7+H/JKbnlQ6quxOn9sfjiiqKEDIJmxPSRGsEJvSz9+EYxnhL7w==
=xR/L
-END PGP SIGNATURE-

Re: distuguish between different domains

2015-09-28 Thread Andreas Meyer 
"A.L.E.C"  schrieb am 28.09.15 um 10:54:24 Uhr:

> On 09/28/2015 10:48 AM, Andreas Meyer wrote:
> > Postfix is not the problem. It's the login into the IMAP-server that
> > is irritating me. Or am I completely wrong?
> 
> You are completely wrong ;) If the mailbox exist server handles it,
> there's no difference from/to which "domain" was the connection. Besides
> you can configure Roundcube to select server IP/host based on logon domain.

It makes not difference when I define 
$rcmail_config['default_host'] = 'tls://mail.bbb.de';
in Roundcube. I guess the advantage of this setting
is to identify the server when the server are running
on different machines. But as long as the domains reside
on the same machine, it does not matter.

I can login as u...@aaa.de and the mailbox is served.
That's what is irritating me. But I can life with it.

Regards

  Andreas