similar to: Dovecot proxy: authentication best practices

I'm having trouble setting up submission with Dovecot proxy. The submission config seems to be getting ignored, but I'm probably doing something wrong. Expected behaviour: have messages sent to submission ports (25, 465) relayed to `submission_relay_host`. -- root at imapproxy1:~# cat /etc/dovecot/conf.d/20-submission.conf submission_logout_format = in=%i out=%o submission_relay_host =

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 27/12/2019 16:02 William Edwards <wedwards@cyberfusion.nl> wrote: </div> <div> <br> </div> <div> <br>

Hi, I was unclear in my question. The spam filter is only able to deliver mail over SMTP, not over LMTP.. So I would still need some kind of daemon that listens for SMTP and then offers incoming email to Dovecot's LMTP socket. Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwards at cyberfusion.nl ? ----- Original Message ----- From: Marc Roos (M.Roos at

I ended up 'hacking' LMTP support into the external spam filter. Someone else already contributed 'real' patches to implement LMTP support, so once I go live with this mail platform it should be stable. Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwards at cyberfusion.nl ? ----- Original Message ----- From: Marc Roos (M.Roos at f1-outsourcing.eu) Date:

Hi, My situation is as follows. -An internet-facing spam filter relays email to destination mail server (Dovecot) with SMTP. - Dovecot should take email and deliver it to user's mailboxes. I guess I'd need LMTP for this. - An external SMTP relay is already in place. I am thinking of using Dovecot submission to relay to the external relaying cluster. So, both relaying and routing are done

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 12/12/2019 00:10 William Edwards <wedwards@cyberfusion.nl> wrote: </div> <div> <br> </div> <div> <br>

Hi, I try to configure a proxy accepting GSSAPI and PLAIN authentication. When authenticating with Kerberos, Dovecot uses master user and password to authenticate to backends (backends can be Cyrus or Exchange servers too) When authenticating with PLAIN passwords, Dovecot sends user's login and password to the backend. For GSSAPI, I use extrafields : k5principals=principal at REALM proxy=Y

Hello. I am not subscribed and new here, so first of all i want to thank you for dovecot. I personally do not use it in "production" (yet), but it is my sole point of interaction for testing the little MUA i maintain for quite some years. I also have used its code for affirmation purposes. (Interesting that OAUTHBEARER treats hostname and port as optional. I currently do

A secure macro It’s like static but well optimized. Any ideas how I can implement it universally? I thought about a secure application to help with compiling and security. It’s like sudo but more secure and can chain. I don’t know much about pipes and streams, but I’m pretty sure I can write it into llvm with enough time and help. Another thing, and I got trolled off gcc’s mailing list for this,

On Thursday 17 of November 2016, Aki Tuomi wrote: > On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > >

Hi, We are trying to implement a highly secure mail server with user authentication restricted to SSL certificates only (not using passwords at all). Still, user information is stored in a LDAP directory. In this configuration LDAP is used to check whether the user is registered (and probably supply quota and other info), and actual authentication is done by SSL layer. According to wiki, a

Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password

I'm in a fairly standard cluster environment: shared storage, bunch of servers each acting as both proxies and backends. We do /bin/checkpassword authentication, allowing a great deal of flexibility...protection against brute force, billing mechanisms, but relevant to this issue, I have it set up to allow users to login with either their username (if they are in one of our default

Hi Recently enabled support for encrypted passwords on my proxies - CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most users are working perfectly though every so often I see this happening in the logs: Jul 09 06:32:51 auth: Error: ldap(user at domain.com,192.168.10.90,<mOWiFi431eDKOsBS>): Multiple password values not supported Jul 09 06:32:51 auth: Panic: file

As a way to try and avoid using "prefix = INBOX." ad infinitum for the inbox namespace, I'm looking for ways to move on to "prefix =" for new mail accounts, and grandfather the existing ones. Previously running Courier-IMAP, now Dovecot, I looked at https://wiki.dovecot.org/Namespaces#Backwards_Compatibility:_Courier_IMAP and decided it's too risky to go down that

On 30 Jan 2019, at 10:57 am, Stephan Bosch <stephan at rename-it.nl <mailto:stephan at rename-it.nl>> wrote: > > Op 30/01/2019 om 00:06 schreef James Brown via dovecot: >> >>> On 30 Jan 2019, at 9:24 am, Stephan Bosch <stephan at rename-it.nl <mailto:stephan at rename-it.nl>> wrote: >>> >>> >>> >>> Op 29/01/2019

Hi all, I'm trying to setup a Dovecot proxy that authenticates the user against two backend servers. If login server1 fails, server2 should be tried. The problem: Only the first server seems to be tried, even if the login fails. Config snippet: protocol imap { passdb { driver = static args = proxy=y nopassword=y host=oldserver1.example.com port=993 ssl=y }

Hi all, i have some troubles in the implementation of my proxyconfiguration. i have two kind of users, the first will be proxied to a dovecot backend with masteruser-login, the other one will be proxied to another non-dovecot imapserver with nopassword. Everything looks to work if i use passwd-file like this: user1:{PLAIN}pass1:::::::proxy=y host=192.168.1.1 destuser=user1*masteruser

Hi List, I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails. My attempt was to alter the query to include

Hi all, We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells