Authentication proxy

Miecio miecio45 at gmail.com
Fri Feb 5 10:31:13 UTC 2016


Hello everyone!

I need to set up kind of gateway for submission and imap request, in
order to do that i need to find out solution for verifying user
password against multiple IMAP backends. Everything for IMAP proxy
works perfectly. But i have a problem with authenticating postfix
against dovecot SASL.

I wonder if there is any option in dovecot to authenticate SASL
requests (from postfix) against remote IMAP server or remote SASL
instance. Problem is that this server has to be chosen dynamically on
the user name basis, so i have to overwrite somehow host parameter in
passdb imap definition.

I was thinking about using two separate password databasases, first
configured as normal sql lookup with proxy flag and host field and
second as imap database with host changed to some parameter matching
host from previous lookup. Problem is that i don't see any variable
matching host filed from passwd sql lookup.

With this approach other problem appears, because I want user to be
always authenticated against remote IMAP/SASL so i have to somehow
return PASSWORD_MISMATCH from my sql lookup. I tried setting up deny
parameter to my sql lookup but it causes to reject whole
authentication request without even asking remote imap.

Thanks a lot

---
Regards Miecio


More information about the dovecot mailing list