similar to: custom userdb server, Exim, and proxying

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so

I just committed a couple of features that will make life easier for some types of proxying setups: 1. IMAP proxying has already for a while supported sending local/remote IP/port to backend server, which can use it for logging and other purposes. I've now implemented this for POP3 as well, although only the remote IP/port is forwarded, not local IP/port. I implemented this also for LMTP in

I have a library I''ve developed that I believe is the most flexible and useful table sorting/striping/row-selecting library around. Big features: Single and multiple-level sort Arbitrary sort criteria (IP address, date, etc.) Works with table headers that are > 1 row or column large Stripe tables and/or enable row selecting Row selecting supports drag-select and SHIFT-click No extra

Hello, I'm using proxy_maybe and auth_default_realm. It seems that when a user logs in without the domain name, relying on auth_default_realm, and the "host" field points to the local server, I get the Proxying loops to itself error. It does work as expected - log on to the local server without proxying, if the user does include the domain name in the login. (IP's and

When using proxy_maybe CRAM-MD5 authentication fails when the connection is proxied. Is this expected behavior? Is proxy_maybe too simplified for this case? We're using SQL so I could rewrite the query with IFs to fake proxy_maybe and return the password as NULL and nologin as Y, but if it works that way couldn't it work with proxy_maybe? This works: password_query = \ SELECT NULL AS

Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I?m wondering if any MUAs will follow Google?s lead and insist on CT. Thank you! -Felipe Gasper

Hi Folks, I spent quite some time yesterday understanding how proxy works along with the director. I came to the conclusion that proxy_maybe and director cannot be used together, but this isn?t a true incompatibility so much as caused by the way things are handled and the order they are processed in. The way proxy_maybe works is that it is processed by the auth provider once it gets the

We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of

Hello, I?m sending doveadm ?kick? commands to doveadm-server via the doveadm protocol. When ?kick? sends back a NOTFOUND error, though, it?s sending back additional output. strace shows: write(3<UNIX:[3158354->3156665]>, "\t\tkick\tmyssltest\n", 17) = 17 ... read(3<UNIX:[3158354->3156665]>, "\n-NOTFOUND\n\n-\n", 8192) = 14 Going by the protocol

Hello. 1. I have two identically hosts 2. I have set up replication between two hosts 3. I have 'Y' AS proxy_maybe in password_query. 4. password_query returns one of this one hosts 5. I set this parameters in dovecot config: disable_plaintext_auth = yes ssl = yes auth_mechanisms = plain login for enforce use encrypted connections by client programs.

Hello, Is there a man page for this command? I don?t see one in the repository. Given its utility in, e.g., syncing mailboxes via SSH, it seems like documentation for this command would be useful? Thank you! -Felipe Gasper

Hi, I understand from earlier discussions that the reason dovecot doesn't support proxying of other SASL mechanisms than those which supply the plaintext password is that in general it would be possible to proxy any SASL mechanism since it might protect against man-in-the-middle attacks (which would prevent proxying). However, that has led to choice between letting users use PLAIN (or

Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible). I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect

Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM

Hello Timo, In order to plan a migration, I want to setup an IMAP proxy (proxy_maybe) with a dovecot server (I'm running the old dovecot-2.1.15 but I could upgrade or use a proxy only dovecot-2.2.x server)/LDAP pass et userdb's. I'm won't be in charge of the migration itself but I think the idea will be to migrate a chunk of users each night and then let the proxy send them to

I've recently set up a director proxy environment on my test servers, with the intention of deploying on our cluster soon. One thing I found confusing in the proxying documentation [1] was the first bit about their being two ways to do the authentication...either you have the proxy forward the auth to the real server for authentication, or you have the proxy authenticate it and then login

On 05/01/2018 09:08 AM, Aki Tuomi wrote: > >> On 01 May 2018 at 19:03 Felipe Gasper < felipe at felipegasper.com >> <mailto:felipe at felipegasper.com>> wrote: >> >> >> Hi, >> >> For CAs that do not include a signed certificate timestamp in their >> newly-issued certificates, does Dovecot support either OCSP stapling >> or the

I'm trying to configure my proxy/director server, which proxies imap/pop/managesieve correctly already, to proxy LMTP to my backend message store server (dovecot+postfix already configured there) This is what I have so far: 10-auth.conf using auth-static.conf.ext instead of auth-ldap.conf.ext (switching to this made proxying imap/pop/managesieve work) 10-director.conf protocol lmtp {