search for: director_username_hash

TL;DR: Can director_username_hash use %{userdb:...} or %{passdb:...} ? ==================================== This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully production, director-ized env, so assume everything is working correctly. Happy to post doveconf if it's relevant but wanted to ask a general question...

> On 12 April 2019 21:09 Mark Moseley via dovecot <dovecot at dovecot.org> wrote: > > > TL;DR: > > Can director_username_hash use %{userdb:...} or %{passdb:...} ? > > ==================================== > > This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully production, director-ized env, so assume everything is working correctly. Happy to post doveconf if it's relevant but wanted to ask...

Our directors hash by domain (director_username_hash = %d), as some of our users share folders with other users of the same domain. We now started using director tags to map domains to their backends. Unfortunately doveadm director map seems no to work with director_username_hash = %d user??? hash??? mail server ip expire time <unknown> 43...

Hi, the Dovecot Director determines the backend host in some way by hashing the username: http://wiki2.dovecot.org/Director For normal logins username at example.org, the director always gets the same hash for the same username and ensures that the login is always proxied to the same backend. But what about MasterUsers in combination with Dovecot Director?

...nding remote IP+port from proxy to backend server via Dovecot-specific XCLIENT extension. + Proxying: proxy_maybe=yes with host=<hostname> (instead of IP) works now properly. + Proxying: Added auth_proxy_self setting + Proxying: Added proxy_always extra field (see wiki docs) + Added director_username_hash setting to specify what part of the username is hashed. This can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain). + Added a "session ID" string for imap/pop3 connections, available in %{session} variable. The session ID...

...nding remote IP+port from proxy to backend server via Dovecot-specific XCLIENT extension. + Proxying: proxy_maybe=yes with host=<hostname> (instead of IP) works now properly. + Proxying: Added auth_proxy_self setting + Proxying: Added proxy_always extra field (see wiki docs) + Added director_username_hash setting to specify what part of the username is hashed. This can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain). + Added a "session ID" string for imap/pop3 connections, available in %{session} variable. The session ID...

...v2.2 and just forcing it enabled always. Thoughts? (I didn't want to change v2.1 behavior by doing this.) The most important changes since v2.1.8: * mail-log plugin: Log mailbox names with UTF-8 everywhere (instead of mUTF-7 in some places and UTF-8 in other places) * director: Changed director_username_hash setting's default from %u to %Lu (= lowercase usernames). This doesn't break any existing installations, but might fix some of them. + doveadm: Added "auth cache flush [<username>]" command. + Implemented dict passdb/userdb + Implemented Redis and memcached dict ba...

...v2.2 and just forcing it enabled always. Thoughts? (I didn't want to change v2.1 behavior by doing this.) The most important changes since v2.1.8: * mail-log plugin: Log mailbox names with UTF-8 everywhere (instead of mUTF-7 in some places and UTF-8 in other places) * director: Changed director_username_hash setting's default from %u to %Lu (= lowercase usernames). This doesn't break any existing installations, but might fix some of them. + doveadm: Added "auth cache flush [<username>]" command. + Implemented dict passdb/userdb + Implemented Redis and memcached dict ba...

...for hashing but actually send the original user at domain in the proxied request. I cannot seem to find a way. I can change the name used for hashing by just returning a different user from the db. but that user is also the one that is send in the proxied request. this is what I have so far: director_username_hash = %L{user} # relevant sql: password_query = SELECT \ ??? username as user, \ # -> this is used for hashing if destuser is not present. = OK ??? NULL as password, \ ??? 'y' as proxy, \ ??? 'y' as nopassword, \ ?? '%n@%d' as destuser \ # -> but as soon as I add t...

...frontend-machine $ dovecot -n # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 3.10.0-327.18.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_username_format = %Ln director_mail_servers = 10.1.11.82 10.1.11.83 director_servers = 10.1.11.81 director_username_hash = %Ln doveadm_port = 10993 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate m...

...ster_user_separator = * auth_worker_max_count = 1024 base_dir = /var/run/dovecot/ default_vsz_limit = 1 G director_mail_servers = 172.25.1.93 172.25.1.95 137.248.xxx.yyy at hrz 137.248.xxx.zzz at staff 137.248.aaa.bbb at students director_servers = 172.25.1.42:9090 172.25.1.41:9090 172.25.1.92:9090 director_username_hash = %Ln@%Ld doveadm_password = # hidden, use -P to show it doveadm_port = 12345 imap_max_line_length = 640 k lmtp_proxy = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational rege...

There seems to be a bug with RFC822 processing in ltmp proxying that doesn't quote local parts that, for example, contain spaces. director config: director_username_hash = %Ln lmtp_proxy = yes recipient_delimiter = + protocol lmtp { auth_socket_path = director-userdb auth_username_chars = auth_username_format = %Ln passdb { driver = sql args...

I'm in a fairly standard cluster environment: shared storage, bunch of servers each acting as both proxies and backends. We do /bin/checkpassword authentication, allowing a great deal of flexibility...protection against brute force, billing mechanisms, but relevant to this issue, I have it set up to allow users to login with either their username (if they are in one of our default

...x86_64 Ubuntu 12.04.1 LTS auth_cache_size = 20 M auth_cache_ttl = 1 days auth_debug = yes auth_master_user_separator = * auth_username_format = %n auth_verbose = yes default_process_limit = 1024 director_mail_servers = 155.54.211.161-155.54.211.164 director_servers = 155.54.211.185 155.54.211.186 director_username_hash = %n disable_plaintext_auth = no doveadm_proxy_port = 24245 lmtp_proxy = yes log_timestamp = %Y-%m-%d %H:%M:%S mail_debug = yes passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = proxy=y nopassword=y proxy_timeout=600 driver = static...

...3.2.0-24-generic x86_64 Ubuntu 12.04.2 LTS auth_cache_size = 20 M auth_cache_ttl = 1 days auth_master_user_separator = * auth_username_format = %Ln auth_verbose = yes default_process_limit = 1024 director_mail_servers = 155.54.211.161-155.54.211.164 director_servers = 155.54.211.185 155.54.211.186 director_username_hash = %Ln disable_plaintext_auth = no doveadm_proxy_port = 24245 lmtp_proxy = yes log_timestamp = %Y-%m-%d %H:%M:%S mail_plugins = quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relati...

...x86_64 Ubuntu 12.04.5 LTS auth_cache_negative_ttl = 0 auth_cache_size = 20 M auth_cache_ttl = 1 days auth_master_user_separator = * auth_socket_path = director-userdb default_process_limit = 1024 director_mail_servers = 155.54.211.161-155.54.211.164 director_servers = 155.54.211.185 155.54.211.186 director_username_hash = %Ln disable_plaintext_auth = no doveadm_proxy_port = 24245 lmtp_proxy = yes log_timestamp = %Y-%m-%d %H:%M:%S mail_plugins = quota stats managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric...

Hi, I've almost finished my new director based setup, but in the first test I discovered that imap and lmtp connections were not always being proxied to the same server. After some research now I think that the main problem is that in imap connections users connect as 'username' while lmtp connections are as 'username at mailserver'. In my current setup I receive mail via

Hi all, when hardening dovecot against the POODLE vulnerability, we followed the advise to disable SSL2 and SSL3 but this is giving problems with some email clients (claws-mail). ssl_protocols = !SSLv2 !SSLv3 results in the following error: dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL

...00 default_idle_kill = 1 mins default_internal_user = dovecot default_login_user = vpopmail default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 89 first...

...explanation either. Any ideas what's wrong? There is no duplicate namespace (and/or prefix) that I can see below. # 2.2.9: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.2-RELEASE amd64 auth_mechanisms = cram-md5 auth_verbose = yes base_dir = /var/run/dovecot/ default_client_limit = 120 director_username_hash = %Lu import_environment = TZ listen = *, [::] mail_debug = yes mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl namespace { disabled = no hidden = yes ignore_on_failure = no inbox = yes list = yes location = mbox:~/mail:INBOX=/var/mai...