BDAT to DATA translation on submission service when checkpassword is involved
Aki Tuomi
aki.tuomi at open-xchange.com
Fri Jul 23 08:50:37 EEST 2021
> On 23/07/2021 01:22 Dan Conway <darkc0de at archnix6.net> wrote:
>
>
> Hello,
>
> I'm having issues with Dovecot translating "BDAT" commands (CHUNKING)
> into "DATA" commands when the backend does not support it in the
> submission service. I use "checkpassword" to authenticate users and
> judging by older mailing list entries the presence of "submission_*"
> directives must be in place for Dovecot to translate. Even with these
> directives set, the translation doesn't seem to occur.
>
> checkpassword returns "director_tag=remote_smtp" (along with other
> fields such as nopassword=y proxy=y) which in turn sets the backend host
> to relay the connection to. I have a feeling the use of checkpassword
> has something to do with this lack of translation.
>
> If the "submission_*" directives must be in place for this translation
> to occur, which ones are they? Can I return these fields from checkpassword?
>
>
> Output of doveconf -n:
>
> # 2.3.15 (0503334ab1): /etc/dovecot/dovecot.conf
> # OS: Linux 4.15.0-147-generic x86_64 Ubuntu 18.04.5 LTS
> # Hostname: xyz
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> director_mail_servers = x.x.x.x at remote_smtp
> director_servers = x.x.x.x
> disable_plaintext_auth = no
> mail_log_prefix = "%Us(%u) [%r]: "
> passdb {
> args = /usr/local/bin/checkpassword
> driver = checkpassword
> }
> protocols = " imap pop3 submission"
> service anvil {
> client_limit = 3553
> }
> service auth {
> client_limit = 3550
> }
> service director {
> fifo_listener login/proxy-notify {
> mode = 0600
> user = $default_login_user
> }
> inet_listener {
> address = x.x.x.x
> port = 9090
> }
> unix_listener director-admin {
> mode = 0600
> }
> unix_listener login/director {
> mode = 0666
> }
> }
> service imap-login {
> executable = imap-login director
> inet_listener imap {
> address = x.x.x.x
> port = 143
> }
> inet_listener imaps {
> address = x.x.x.x
> port = 993
> ssl = yes
> }
> process_limit = 1000
> process_min_avail = 0
> service_count = 1
> }
> service imap {
> process_limit = 2048
> process_min_avail = 0
> service_count = 1
> vsz_limit = 384 M
> }
> service pop3-login {
> executable = pop3-login director
> inet_listener pop3 {
> address = x.x.x.x
> port = 110
> }
> inet_listener pop3s {
> address = x.x.x.x
> port = 995
> ssl = yes
> }
> process_limit = 450
> }
> service pop3 {
> process_limit = 190
> process_min_avail = 0
> service_count = 1
> }
> service submission-login {
> executable = submission-login director
> inet_listener smtp {
> address = x.x.x.x
> port = 25
> }
> inet_listener smtps {
> address = x.x.x.x
> port = 465
> ssl = yes
> }
> inet_listener submission {
> address = x.x.x.x
> port = 587
> }
> process_limit = 2000
> }
> ssl_cert = </etc/...
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.1
> submission_backend_capabilities =
> submission_host = x.x.x.x
> submission_relay_host = x.x.x.x
> submission_relay_port = 465
> submission_relay_ssl = smtps
> submission_relay_trusted = yes
> userdb {
> args = /etc/dovecot/userdb.conf
> driver = ldap
> }
> protocol imap {
> imap_logout_format = bytes=%i/%o, del=%e
> mail_max_userip_connections = 20
> }
> protocol pop3 {
> mail_max_userip_connections = 20
> pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
> }
> protocol submission {
> mail_max_userip_connections = 10
> }
> local_name *.domain.com {
> ssl_cert = </etc/...
> ssl_key = # hidden, use -P to show it
> }
Hi!
Submission service works from backend, not proxy.
Aki
More information about the dovecot
mailing list