[Dovecot] imap and vpopmail: per-domain auth
Alessio Cecchi
alessio at skye.it
Tue Jul 8 14:03:23 EEST 2008
Il Monday 07 July 2008 17:31:00 Francesco Abeni ha scritto:
> Hi, i have qmail + vpopmail + dovecot + squirrelmail 0.99.14 on Fedora
> Core 4. Qmail includes its own pop3 server, and everybody is able to
> access it from outside. Dovecot is used only locally by SquirrelMail -
> so everybody can access via webmail.
>
> I'd like to make imap directly available from outside, but only for a
> few selected domains (NOT ip addresses!), while leaving everyone able to
> access with pop3 and/or via webmail.
>
> I don't know if this is possible, and if it is, i don't even know where
> to start. Is it a vpopmail or dovecot setting?
>
> Thank you for any suggestion and/or pointer to the right documentation.
Hi Francesco,
yes it is theoretically possible, but due to some problems this feature of
vpopmail is not fully compatible with dovecot.
vpopmail via ~vpopmail/bin/vmoduser can set some limit to single users,
example disble pop3, disable imap, disable imap except for webmail, etc ...
Dovect should move to vpopmail some parameters of the user who logged, as his
address and local port connection, but unfortunately these parameters are
not passed, or at least not be passed as would expect to receive vpopmail,
in particular for the connections made via imap from remote clients.
vpopmail is able to distinguish and restrict connections to users but to do so
must be able to know where it comes from their connection, there are 3 main
classifications that vpopmail knows:
POP3
webmail (imap from localhost)
IMAP
From log you can identify these connections:
POP3:
Jul 8 12:36:41 mail-server vpopmail[11560]: vchkpw-pop3: (PLAIN) login
success joe at domain.it:98.52.67.8
Webmail:
Jul 8 12:36:32 maill-server vpopmail[11456]: vchkpw-webmail: (PLAIN) login
success pippo at domain.it:127.0.0.1
IMAP:
Jul 8 12:37:45 mail-server vpopmail[11984]: vchkpw-imap: (PLAIN) login
success alessiotest at domain.it:217.127.131.153
But with dovecot when you log-in from IMAP client (like thunderbird) in the
log you can see:
Jul 8 12:37:45 mail-server vpopmail[11984]: vchkpw-0: .... [note the 0]
Investigating I discovered that this depends on whether dovecot vpopmail not
go to the parameters that it expects to receive.
Reading the source vchkpw.c, from the vpopmail package, we understand very
well how everything works:
See it from line 98 to line 195
http://vpopmail.cvs.sourceforge.net/vpopmail/vpopmail/vchkpw.c?view=markup
an extract:
98 #define POP_CONN 0
99 #define SMTP_CONN 1
100 #define IMAP_CONN 2
101 #define WEBMAIL_CONN 3
102
103 /* POP/IMAP connections from the following IPs will be classified as
104 * "web mail" instead of POP/IMAP. On single-server networks, this
105 * will typically be just 'localhost'. For clusters, add the IP
106 * addresses of all webmail servers.
107 */
108 char *webmailips[] = { "127.0.0.1" };
109
110 int ConnType = 0;
111
112 int main( int argc, char **argv)
113 {
114 char *tmpstr;
115
116 if ( (IpAddr = get_remote_ip()) == NULL) IpAddr="";
117 if ( (tmpstr = getenv("TCPLOCALPORT")) == NULL) LocalPort = 0;
118 else LocalPort = atoi(tmpstr);
119
120 /* Check which port they are coming in on and
121 * setup the log name and connection type
122 */
123 switch(LocalPort) {
124 case 25:
125 strcpy(VchkpwLogName, "vchkpw-smtp");
126 ConnType = SMTP_CONN;
127 break;
128 case 110:
129 strcpy(VchkpwLogName, "vchkpw-pop3");
130 ConnType = POP_CONN;
131 break;
132 case 143:
133 strcpy(VchkpwLogName, "vchkpw-imap");
134 ConnType = IMAP_CONN;
135 break;
I believe that if dovecot pass the parameter TCPLOCALPORT to vpopmail
everything would work as expected, instead of being classified in this case:
152 default:
153 sprintf(VchkpwLogName, "vchkpw-%u", LocalPort);
154 /*
155 * We're running on an unknown port, so it could be any one of
156 * the three protocols (SMTP, POP or IMAP). Try to guess the
157 * protocol based on argv[1]. For SMTP AUTH, argv[1] is usually
158 * /bin/true. For IMAP, it's usually imapd (or something like
159 * that). Keep the old default of POP.
160 * Note that the popular Courier-IMAP does not use vchkpw, it
161 * links libvpopmail directly into its server.
162 */
Timo could you give us a hand in solving this problem? This feature vpopmail
is very interesting and useful for us.
My dovecot config:
# dovecot -n
# 1.1.1: /etc/dovecot.conf
log_path: /var/log/dovecot/dovecot-err.log
info_log_path: /var/log/dovecot/dovecot.log
ssl_cert_file: /etc/apache2/ssl/server.crt
ssl_key_file: /etc/apache2/ssl/server.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
login_greeting: Ready
login_process_per_connection: no
first_valid_uid: 89
mail_drop_priv_before_exec: yes
mail_executable: /usr/local/bin/courier-dovecot-migrate
mail_plugins: quota imap_quota
namespace:
type: private
separator: .
prefix: INBOX.
inbox: yes
list: yes
subscriptions: yes
auth default:
passdb:
driver: checkpassword
args: /home/vpopmail/bin/vchkpw
userdb:
driver: prefetch
plugin:
quota: maildir
Thanks.
--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
@ LOLUG -> neo-Socio http://www.lolug.net
More information about the dovecot
mailing list