Hi, Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me). In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost). Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password? You can find my config here: https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8 Thanks, Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4107 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180406/473ee9a1/attachment-0001.p7s>
Op 6-4-2018 om 13:52 schreef Paul Hecker:> Hi, > > Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me). > > In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost). > > Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password? > > You can find my config here: > > https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8That would be possible using the following SMTP AUTH feature: https://tools.ietf.org/html/rfc4954#section-5 Which is apparently supported by Exim: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail This requires explicit configuration, so it will not work out of the box. The Dovecot Submission service should support this too. It sends an AUTH parameter with the MAIL command (currently only then the username is a valid SMTP address). However, I must say, I haven't tested this recently. I can try this in a few days. Feel free to experiment with this yourself. Regards, Stephan.
Hi, Thanks you very much. This did the trick!> On 6. Apr 2018, at 15:56, Stephan Bosch <stephan at rename-it.nl> wrote: > > > > Op 6-4-2018 om 13:52 schreef Paul Hecker: >> Hi, >> >> Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me). >> >> In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost). >> >> Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password? >> >> You can find my config here: >> >> https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8 > > That would be possible using the following SMTP AUTH feature: > > https://tools.ietf.org/html/rfc4954#section-5 > > Which is apparently supported by Exim: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail > This requires explicit configuration, so it will not work out of the box.Here is what I did: I had to add the acl_smtp_mailauth to only allow this on a certain port. Then I had to duplicate my code for sender spoofing for authenticated users and change the $authenticated_id -> $authenticated_sender. Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually sends the MAIL AUTH parameter.> > The Dovecot Submission service should support this too. It sends an AUTH parameter with the MAIL command (currently only then the username is a valid SMTP address). However, I must say, I haven't tested this recently.I can confirm that it works (only with TLS with my current configuration, see above).> > I can try this in a few days. Feel free to experiment with this yourself. > > Regards, > > Stephan.Thanks again, Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4107 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180406/0b64404b/attachment.p7s>