Hi List, I just updated an old sendmail installation to a modern postfix/dovecot system with mysql backend. Everything works fine but SMTP-AUTH fails with some clients. The problem is, that with PLAIN (old) clients send the base64 coded form: USERNAME\0USERNAME\0PASSWORD which, as i understand dovecot interprets as MASTERUSER\0USERNAME\PASSWORD. New clients send \0USERNAME\0PASSWORD which works fine. I don`t like to use masterusers, because then everyone would be able to log in as someone else. When i don`t have a passdb with master=yes in my dovecot.conf, Dovecot complains auth(default): passdb(XXXX at YYY.TLD,master): Attempted master login with no master passdbs If i create a passdb with contains everyone, everyone may look into other mailboxes. No good idea. I can`t change the old clients, but for now, i don`t know, what i am doing wrong or how to correct it. No real HowTo for my setup on the net, it seems that everyone uses cyrus-sasl. May anybody help, because i don`t like to switch my setup or use 2 auth daemons. My System: Debian Etch, postfix (2.3.7-3), dovecot (1.0.rc15-2) Best wishes, Ingo Reimann System Manager -------------------------------------------------------------------- ICSmedia GmbH in M?nster: Soester Stra?e 13, 48155 M?nster in Dortmund: M?nchenwordt 5, 44137 Dortmund im Internet: http://www.icsmedia.de Telefon: (0251) 60 60-403 Telefax: (0251) 60 60-190 E-Mail: ingo.reimann at icsmedia.de -------------------------------------------------------------------- Gesch?ftsf?hrung: Frank Wulf Sitz der Gesellschaft: M?nster Amtsgericht: M?nster HRB: 46 97
Justin McAleer
2007-Mar-02 13:06 UTC
[Dovecot] Struggle with Postfix/Dovecot-auth and SASL
Ingo Reimann wrote:> Hi List, > > I just updated an old sendmail installation to a modern postfix/dovecot system with mysql backend. Everything works fine but SMTP-AUTH fails with some clients. > > The problem is, that with PLAIN (old) clients send the base64 coded form: USERNAME\0USERNAME\0PASSWORD which, as i understand dovecot interprets as MASTERUSER\0USERNAME\PASSWORD. New clients send \0USERNAME\0PASSWORD which works fine. I don`t like to use masterusers, because then everyone would be able to log in as someone else. > >What clients have you found that show this behavior? I'm setting up a Postfix server in this manner myself. Although, since this server is outbound only (dovecot does nothing but auth for smtp), I guess I could work around it by setting up the master user stuff.> When i don`t have a passdb with master=yes in my dovecot.conf, Dovecot complains > auth(default): passdb(XXXX at YYY.TLD,master): Attempted master login with no master passdbs > > If i create a passdb with contains everyone, everyone may look into other mailboxes. No good idea. > > I can`t change the old clients, but for now, i don`t know, what i am doing wrong or how to correct it. No real HowTo for my setup on the net, it seems that everyone uses cyrus-sasl. > > May anybody help, because i don`t like to switch my setup or use 2 auth daemons. > > My System: > Debian Etch, postfix (2.3.7-3), dovecot (1.0.rc15-2) > > Best wishes, > > Ingo Reimann > System Manager > > -------------------------------------------------------------------- > ICSmedia GmbH > in M?nster: Soester Stra?e 13, 48155 M?nster > in Dortmund: M?nchenwordt 5, 44137 Dortmund > im Internet: http://www.icsmedia.de > > Telefon: (0251) 60 60-403 > Telefax: (0251) 60 60-190 > E-Mail: ingo.reimann at icsmedia.de > -------------------------------------------------------------------- > Gesch?ftsf?hrung: Frank Wulf > Sitz der Gesellschaft: M?nster > Amtsgericht: M?nster > HRB: 46 97 > >
On 1.3.2007, at 18.43, Ingo Reimann wrote:> The problem is, that with PLAIN (old) clients send the base64 coded > form: USERNAME\0USERNAME\0PASSWORD which, as i understand dovecot > interprets as MASTERUSER\0USERNAME\PASSWORD. New clients send > \0USERNAME\0PASSWORD which works fine. I don`t like to use > masterusers, because then everyone would be able to log in as > someone else...> Debian Etch, postfix (2.3.7-3), dovecot (1.0.rc15-2)This was fixed in rc23. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070303/75c95f2f/attachment.bin>