can dovecot run as a general sasl service for other apps? such as webdav. Thanks.
On Wednesday, December 7, 2022 7:53:43 PM AKST, Henry R wrote:> can dovecot run as a general sasl service for other apps? such as webdav. > > Thanks.For some reason I use cyrus-sasl with postfix, but I can't get it to work with dovecot. Ideas? Pointers to docs online?
On 12/7/22 21:53, Henry R wrote:> can dovecot run as a general sasl service for other apps? such as webdav.I am using dovecot to provide authentication for postfix submission.? This is the config in postfix: smtpd_sasl_type = dovecot # Referring to /var/spool/postfix/private/auth smtpd_sasl_path = private/auth In /etc/dovecot/conf.d/10-master.conf I have this: ? unix_listener /var/spool/postfix/private/auth { ??? mode = 0666 ??? user = postfix ??? group = postfix ? } If the application supports using a socket for sasl, then I would imagine that Dovecot should work. Postfix is using the same postfixadmin database for email addresses that Dovecot is, but for authentication, it's all Dovecot. I should probably look into Dovecot's submission support so I don't need to have postfix using that auth socket, just haven't found the time. Thanks, Shawn
Yes,
we are using dovecot, also, for SASL only as authentication provider.
Here some relevants parts of the configuration:
# probably not necessary but dovecot requires it so i set it to /tmp/
mail_location = maildir:/tmp/%u/Maildir:INDEX=memory
# setup a mysql database with your users and password
passdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
userdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
# here is the most important part, with this you can query SASL via port
"12345" or via socket
service auth {
? inet_listener {
??? port = 12345
? }
? unix_listener /var/spool/postfix/private/auth {
??? group = postfix
??? mode = 0660
??? user = postfix
? }
}
# SASL don't support SSL
ssl = no
Ciao
Il 08/12/22 05:53, Henry R ha scritto:> can dovecot run as a general sasl service for other apps? such as webdav.
>
> Thanks.
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
On 2022-12-07 20:53, Henry R wrote:> can dovecot run as a general sasl service for other apps? such as webdav. > > Thanks.Almost anything can use dovecot (or any other system) as an authentication SASL service, but it is the 'gotchas' that you have to think about. * Does this open your SASL mechanism to new brute force attacks? * How do you pass additional information to the SASL, eg country of origin, IP Address * How do you pass 2FA through? * Rate Limiting? * What about policies such as the use of TOR Proxies? * Will this create excessive demand on dovecot? On the surface, the authentication part is the most simple. However, you might want to consider connecting directly to the underlying mechanism that your dovecot is using. With a middle layer of course, that addresses all of the other issues. -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
good to know. thanks a lot.> > Yes, > > we are using dovecot, also, for SASL only as authentication provider. > > Here some relevants parts of the configuration: > > # probably not necessary but dovecot requires it so i set it to /tmp/ > > mail_location = maildir:/tmp/%u/Maildir:INDEX=memory > > # setup a mysql database with your users and password > passdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > > userdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > > # here is the most important part, with this you can query SASL via port "12345" or via socket > service auth { > ? inet_listener { > ??? port = 12345 > ? } > ? unix_listener /var/spool/postfix/private/auth { > ??? group = postfix > ??? mode = 0660 > ??? user = postfix > ? } > } > > # SASL don't support SSL > ssl = no > > Ciao > > Il 08/12/22 05:53, Henry R ha scritto: > > > > > can dovecot run as a general sasl service for other apps? such as webdav. > > > > Thanks. > > > > -- Alessio Cecchi > Postmaster @ http://www.qboxmail.it/ > https://www.linkedin.com/in/alessice >