similar to: proxy and master user

When using proxy_maybe CRAM-MD5 authentication fails when the connection is proxied. Is this expected behavior? Is proxy_maybe too simplified for this case? We're using SQL so I could rewrite the query with IFs to fake proxy_maybe and return the password as NULL and nologin as Y, but if it works that way couldn't it work with proxy_maybe? This works: password_query = \ SELECT NULL AS

Hello, I'm using proxy_maybe and auth_default_realm. It seems that when a user logs in without the domain name, relying on auth_default_realm, and the "host" field points to the local server, I get the Proxying loops to itself error. It does work as expected - log on to the local server without proxying, if the user does include the domain name in the login. (IP's and

Hi help is preciated, PROBLEM The dovecot-ldap.conf of "proxy server A" is working when the "host" attribute is the FQDN of other server: pass_attrs = uid=user,userPassword={SSHA}password,\ =proxy_maybe=,maildrop=host,=port=143,=destuser=%u,=starttls=any-cert pass_filter = (&(objectClass=posixAccount)(uid=%u)) CASES When the "host" attribute is the

Hi, Using dovecot 1.1.2 on a dual-stack server, with the 'proxy_maybe' attribute to forward some clients to another server, it seems that only clients connecting with the same protocol version as the one used by address in the 'host' attribute in the password db are recognized as local. If an IPv4 address is specified as 'host', a dovecot proxy is created for clients

I tried setting the "destuser" setting on the LMTP director as follows, to preserve the original envelope rcpt: protocol lmtp { auth_socket_path = director-userdb passdb { driver = ... override_fields = destuser=%{orig_user} } } The passdb driver would return the appropriate "user" for each alias. Suppose, for example, user1 has emails user1 at domain.tld,

Hi Folks, I spent quite some time yesterday understanding how proxy works along with the director. I came to the conclusion that proxy_maybe and director cannot be used together, but this isn?t a true incompatibility so much as caused by the way things are handled and the order they are processed in. The way proxy_maybe works is that it is processed by the auth provider once it gets the

Hi, I'm attempting to proxy lmtp using director to hash to the same backend as pop3/imap. My pop3/imap users are of the form: username and my lmtp users are of the form: <username at domain> Where domain is fairly redundant but does carry some useful information. Now, I can proxy lmtp using user=%{username} and destuser=%{orig_user}, and this all appears to work correctly.

We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of

Hello. 1. I have two identically hosts 2. I have set up replication between two hosts 3. I have 'Y' AS proxy_maybe in password_query. 4. password_query returns one of this one hosts 5. I set this parameters in dovecot config: disable_plaintext_auth = yes ssl = yes auth_mechanisms = plain login for enforce use encrypted connections by client programs.

Hi All My first post to the list, so "hello world"! Having searched the list archives and the wiki for an answer to this, I don't think it is possible. However, let me ask nonetheless... Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the "destuser", i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging?

i know dovecot can act as IMAP and POP3 proxy ..... but i'm having a hard time configuring it. Actually i'm using a simple dovecot configuration with virtual users stored on MySQL. My dovecot-sql.conf is pretty simple: [root at correio dovecot]# cat dovecot-sql.conf driver = mysql connect = host=localhost dbname=DATABASE user=USERNAME password=PASSWORD default_pass_scheme = PLAIN #

Hello list, Still need your help configuring proxy infrastructure. Today, I really struggle configuring master passwords forwarding. What I want: master user can connect to any other account, on proxy. Could please somebody help me, I read both articles about this on wiki, but still can't connect :( What I did: on proxy: auth_master_user_separator=* passdb sql { args =

Hi all, i have some troubles in the implementation of my proxyconfiguration. i have two kind of users, the first will be proxied to a dovecot backend with masteruser-login, the other one will be proxied to another non-dovecot imapserver with nopassword. Everything looks to work if i use passwd-file like this: user1:{PLAIN}pass1:::::::proxy=y host=192.168.1.1 destuser=user1*masteruser

Does anyone know if dovecot support regex lookups for proxy/proxy_maybe, rather than mysql/ldap etc? I've been comparing it with perdition to see which one might be better for us to do layer7 username switching. Perdition supports the ability to not have any auth/db looks, but rather just a regex file that parses the usernames as they come in and forwards to the particular machine on the

Hi all, We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells

Started implementing the MasterUser changes to my config files so I can finally offer SPA for pop3/imap. Things are working fine with the MasterUser (horray!), however one of my guys started using SPA with Outlook Express and started getting another users mailbox. Turns out to be related to NTLM. His Outlook express is configured for the username of 'johnsmith'. However, you'll see

Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible). I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect

I just committed a couple of features that will make life easier for some types of proxying setups: 1. IMAP proxying has already for a while supported sending local/remote IP/port to backend server, which can use it for logging and other purposes. I've now implemented this for POP3 as well, although only the remote IP/port is forwarded, not local IP/port. I implemented this also for LMTP in

Hi, I've been trying to build a password forwarding proxy to Gmail without success... The SSL connection to Dovecot is happening no problem (as far as I can tell), but for some reason the conversation between Dovecot and Gmail is getting timed out. I know this is supposed to be simple... :-( But could somebody please give me some help by pointing what I'm not doing right? No matter

Helo all, After enable auth_cache_size = 20480 and auth_cache_ttl = 0, dovecot stops working for users that are in cache. See the log bellow: 1 - POP3 session OK jan 22 14:02:59 mailserver--03 dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 lip=10.0.149.3 rip=10.0.2.2 resp=<hidden> Jan 22 14:02:59 mailserver--03 dovecot: auth(default): cache(teste2 at