Franco Rizzo
2011-May-12 21:02 UTC
[Dovecot] dovecot proxy with nopassword and postfix sasl
HI All I have setup a dovecot proxy with remote auth, value nopassword in the passdb to make the auth remotely. With pop3 and imap the authentication is made on the remote server and this work perfectly. I have tested with wrong and correct password. Then I have added the postfix sasl and this also works fine, the request is made to dovecot. My problem is that with this method I can give any password to postfix and mail is sent. In the debug it seams that a request is made to the remote server for auth. The smtp sasl auth is only refused when I put no password. Is it allowed to use postfix sasl auth with dovecot proxy auth on remote server ? Thank you Franco Rizzo -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2186 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20110512/77d3c714/attachment-0002.bin>
Simone Caruso
2011-May-13 12:24 UTC
[Dovecot] dovecot proxy with nopassword and postfix sasl
You should explain better your environment and post your configurations... but this seems more a 'postfix' problem than a dovecot one. Regards -- Simone Caruso IT Consultant p.iva: 03045250838
Franco Rizzo
2011-May-13 13:07 UTC
[Dovecot] dovecot proxy with nopassword and postfix sasl
Hello thank you for your answer
when I have this user in my passdb file
franco at ozzir.ch:{plain}password::::::proxy host=xx.xx.xx.xx
postfix sasl accept only the password => password
When I have this user in my passdb file
franco at ozzir.ch:::::::nopassword proxy host=xx.xx.xx.xx
postfix sasl accept any password
as I said imap and pop3 refuse always a bad password
this is my postfix config
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# and the common settings to enable SASL:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-smtpd_sender_login_maps.cf
#for outlook 2003 and outlook express > v6
broken_sasl_auth_clients = yes
Franco Rizzo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2186 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20110513/7359879d/attachment-0002.bin>
Simone Caruso
2011-May-14 10:54 UTC
[Dovecot] dovecot proxy with nopassword and postfix sasl
Il 13/05/2011 15:07, Franco Rizzo ha scritto:> Hello thank you for your answer > > when I have this user in my passdb file > franco at ozzir.ch:{plain}password::::::proxy host=xx.xx.xx.xx > postfix sasl accept only the password => password > > When I have this user in my passdb file > franco at ozzir.ch:::::::nopassword proxy host=xx.xx.xx.xx > postfix sasl accept any password >And i think this is all normal... From: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy I don't think it is allowed behaviour for Postfix to authenticate on a dovecot proxy. I think u can solve the issue using the 2nd point of the Proxy tutorial: "Let Dovecot proxy perform the authentication and login to remote server using the proxy's master password" or moving to sql/ldap userbase. -- Simone Caruso IT Consultant p.iva: 03045250838