Hi Michael, I believe part of the solution is also setting the zones for the e-mail domain up with specific SRV records, pointing to a web service that outputs an XML with e-mail server configuration. I never looked into this very thoroughly, but maybe the XML file can also contain the right username (format).
I have created a plugin for Roundcube ages ago to have people login with their e-mail address. I haven’t seen any abuse the last 10 years. People should just have secure passwords :) Kind regards, Taco Taco > On 21 Oct 2023, at 08:26, Michael Stauber via Blueonyx > <blueonyx@mail.blueonyx.it> wrote: > > Hi Greg, > >> Hmm. Not happy with Microsoft on this one. > > Yeah, it's a stupid change. They break something and we have to bend over > backwards? Not really. > >> At the very least, it should be opt in… Just saying. > > Indeed. And it's even pretty complicated. Sure, I can write something that > (if the feature is enabled) dumps out a dovecot alias file and keeps it > updated whenever email server aliases, user email aliases or users and vsites > in general change. > > But that doesn't solve another problem: Saslauth will also then need a > similar change to be able to accept logins with username or email address. > And that's where it gets a little tricky. > > Either way: This is somewhat complicated and invasive and it's not some code > I can crank out and properly test in a day or three. > > There is a half-assed half-measure, though: > > In /etc/dovecot/conf.d/10-auth.conf one can set this: > > auth_username_format = %Ln > > And in Postfix's /etc/postfix/main.cf the following settings are needed: > > smtpd_sasl_auth_enable = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_authenticated_header = yes > smtpd_sasl_exceptions_networks = $mynetworks > auth_username_format = %n > > At least according to what I could just dig up. Some of these settings are > already present. But essentially it switches Postfix from using "cyrus" to > using Dovecot for auth-checks. > > And the ... > > auth_username_format = %Ln > > ... in /etc/dovecot/conf.d/10-auth.conf will then allow both ... > > <username>@<vsite-FQDN> > ... as well as ... > <username> > > The caveat of this is: It won't allow: > > <email-alias>@<vsite-FQDN> > ... or ... > <email-alias>@<vsite-email-server-alias> > > In ordert to cover these as well we'd need to write out and maintain a > complete alias file for Dovecot as linked in the first message of this topic. > > And that's just the Postfix side of things and Sendmail is an entirely > different topic. If I do this, then probably only for Dovecot and Postfix > anyway. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
