[Dovecot] Passwordless auth?

Ben Morrow ben at morrow.me.uk
Fri May 24 02:43:11 EEST 2013


At  4PM -0700 on 23/05/13 you (Dan Mahoney, System Admin) wrote:
> 
> I'm in the process of writing some scripts which I want to be able to take 
> actions on my local mailbox.  (For example, to move a subset of messages 
> to the trash over time, if unread for a week.  To act on messages in my 
> learn-spam folder and then delete them).

http://wiki2.dovecot.org/PreAuth

You can also use doveadm for quite a lot of this sort of administration;
this may be easier if you're scripting in shell rather than something
more sophisticated.

> I'd definitely consider something like an SSH key with a forced 
> command (I do see questions in the FAQ about making dovecot work over a 
> socket connection), but that forgoes using standard imap clients.

Well, I'm not sure what you consider 'standard' here, but there are both
Perl and Python IMAP libraries which will connect to a command rather
than a socket. If you're using a client which insists on connecting to
an (INET) socket, it's a little harder; while you can obviously connect
preauthed imap to a listening socket with netcat, that's not remotely
secure.

> I could also create a dovecot-only user with my UID and no other login 
> privileges, but I'd like this to "just work" for anyone.

I believe with the latest 2.2 you can also do this with Kerberos
principals, if you're running Kerberos; I haven't looked into this yet,
but I mean to (for much the same reason).

Ben



More information about the dovecot mailing list