alternative solution for sasl is dovecot-auth "smtpd_sasl_type = dovecot" in main.cf is the only postfix-relevant chamge
we are using dovecot at all as imap/pop3 proxy in
front of dbmail which listens only on 127.0.0.1
but should be useable only for SASL-auth too somehow
the proxy solution is because we have one unified
configuration for SASL-methods (smtp, pop3, imap)
can do replacements in usernames for legacy compatibility
to the old mailsystems (% instead @ on many clients
configured) and in dbmail-2.x was no SSL/CRAM-MD5-support
IMHO a benefit that POP3/IMAP/SMTP are supporting the
same auth-methods and software - less points of mistakes
________________________________________________________
the relevant sections in dovecot.conf (= 2.0)
eblow also a complete configuration
maybe someone packs it in the wiki, i hate them to edit :-)
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=15000 gid=15000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
________________________________________________________
"proxy" is here a own mysql-user with only access to the userdb
cat /etc/dovecot/sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=dbmail user=proxy
password=*****
password_query = SELECT passwd as password, '127.0.0.1' as host, userid as
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
________________________________________________________
however, this is a complete "dovecot.conf" for proxy AND auth
you have in the best case only to change path to ssl-cert and
the ip-address because you can not use * in this configuration
since dbmail is listening on 127.0.0.1:110/143
corrently running dovecot 2.1.1, 2.1.3 is crashing randomly
the whole 2.0 serious was rock solid over the last time
this config is used since 2009 for some hundret domains
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert = </etc/postfix/certs/mailserver.pem
ssl_key = </etc/postfix/certs/mailserver.pem
ssl_cipher_list =
ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH
# configure imap-proxy
service imap-login {
inet_listener imap {
address = <MAIL-SERVER-IP>
port = 143
}
inet_listener imaps {
address = <MAIL-SERVER-IP>
port = 993
}
vsz_limit = 512M
service_count = 5000
process_min_avail = 1
process_limit = 15
client_limit = 300
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address = <MAIL-SERVER-IP>
port = 110
}
inet_listener pop3s {
address = <MAIL-SERVER-IP>
port = 995
}
vsz_limit = 512M
service_count = 5000
process_min_avail = 1
process_limit = 15
client_limit = 100
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
disable_plaintext_auth = no
shutdown_clients = no
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 100
auth_cache_size = 32768
auth_cache_ttl = 1800
auth_cache_negative_ttl = 1800
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=5000 gid=5000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Am 23.03.2012 17:33, schrieb Claas Kähler:
> Okay that solved a problem... thanks!!! But at least not the SASL one! ;)
>
> Am 23.03.2012 17:00, schrieb Reindl Harald:
>> we are using "mydestination", "local_recipient_maps" and dbmail-lmtpd for
>> years and my webinterface is simply maintaining a domain/transport
>> list in a table based on dbmail_aliases triggered in a php-function
>> after changes
>>
>> in other words: i see no reason for virtual_* at all the transport
>> table is much flexibler because you can define external transports
>> and with some lines of code prefer them even if dbmail is pre-configured
>> for a domain while you relay messages to the old server until all users
>> are configured for the new one (domain-transfers and so)
>>
>> mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf
>> [root@srv-rhsoft:~]$ cat /etc/postfix/mysql-mydestination.cf
>> user = dbmail
>> password = ****************
>> dbname = dbmail
>> hosts = unix:/var/lib/mysql/mysql.sock inet:127.0.0.1:3307
>> query = select transport from dbma_mta where mydestination='%s';
>>
>> mysql> select * from dbma_mta where mydestination like '%rhsoft%';
>> +-----------------------+--------------------------+
>> | mydestination | transport |
>> +-----------------------+--------------------------+
>> | arrakisvm.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> | local.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> | notebook.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> | rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> | srv-rhsoft.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> | testserver.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>> +-----------------------+--------------------------+
>> 6 rows in set (0.00 sec)
>>
>>
>> Am 23.03.2012 16:49, schrieb Claas Kähler:
>>> Your are right! But that isn't the problem. Postfix only checks if there is
>>> a result or not. Take a look at:
>>>
>>> http://dbmail.org/dokuwiki/doku.php/setup_postfix
>>>
>>> They used the same query.
>>>
>>> Am 23.03.2012 16:45, schrieb Reindl Harald:
>>>> what the hell should "SELECT DISTINCT 1" do?
>>>> this will result in "1" and never in any list
>>>>
>>>> mysql> SELECT DISTINCT 1 FROM dbmail_aliases;
>>>> +---+
>>>> | 1 |
>>>> +---+
>>>> | 1 |
>>>> +---+
>>>> 1 row in set (0.00 sec)
>>>>
>>>>
>>>> Am 23.03.2012 16:39, schrieb Claas Kähler:
>>>>> root@(none):/etc/postfix# grep virtual /etc/postfix/main.cf
>>>>> virtual_mailbox_domains =
>>>>> mysql:/etc/postfix/sql-virtual_mailbox_domains.cf
>>>>>
>>>>> root@(none):/etc/postfix# cat /etc/postfix/sql-virtual_mailbox_domains.cf
>>>>> user = dbmail
>>>>> password = changeMe
>>>>> hosts = 127.0.0.1
>>>>> dbname = dbmail
>>>>> query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE
>>>>> SUBSTRING_INDEX(alias, '@', -1) = '%s';
>>>>>
>>>>> Am 23.03.2012 16:29, schrieb Paul J Stevens:
>>>>>> On 03/23/2012 04:22 PM, Claas Kähler wrote:
>>>>>>> Okay i've got the following in my mail.log when my trying to sent a
>>>>>>> Email to an account:
>>>>>>>
>>>>>>> Mar 23 16:19:34 (none) postfix/virtual[8591]: fatal: bad string length 0
>>>>>>> < 1: virtual_mailbox_base
>>>>>>> Mar 23 16:19:35 (none) postfix/master[2737]: warning: process
>>>>>>> /usr/lib/postfix/virtual pid 8591 exi status 1
>>>>>>> Mar 23 16:19:35 (none) postfix/master[2737]: warning:
>>>>>>> /usr/lib/postfix/virtual: bad command startup-- throttling
>>>>>> That's not SASL related at all!
>>>>>>
>>>>>> what does
>>>>>>
>>>>>> grep virtual /etc/postfix/main.cf
>>>>>>
>>>>>> have to say?
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
