Hi,
On 6. Apr 2018, at 18:58, Odhiambo Washington odhiambo@gmail.com wrote:
Hi Paul,
Care to share your config (even OFFLIST) that has successfully integrated Dovecot Submission service with Exim??
here the steps I have done to integrate Dovecot submission in Exim:
- Create and set the acl_smtp_mailauth ACL:
acl_smtp_mailauth = acl_check_mailauth
acl_check_mailauth: accept hosts = <; 127.0.0.1 ; ::1 condition = ${if eq{$interface_port}{10025}} log_message = Will accept MAIL AUTH parameter for $authenticated_sender
deny
add a deny fo all connections to 10025 without MAIL AUTH parameter in acl_smtp_mail ACL:
deny condition = ${if eq{$interface_port}{10025}} condition = ${if eq{$authenticated_sender}{}} message = All connections on port $interface_port need MAIL AUTH sender
in Dovecot, add the following submission parameters
submission_relay_port = 10025 submission_relay_ssl = starttls submission_relay_ssl_verify = no
All the remaining parts of the Dovecot config is the default for submission protocol/service, copied either from the sources (default config) or from here:
https://wiki.dovecot.org/Submission
Feel free is you have any further questions.
Regards, Paul
I use Exim+Dovecot (Exim4U) and wouldn't mind exploring this.
Thanks in advance.
On 6 April 2018 at 19:15, Paul Hecker paul@iwascoding.com wrote: Hi,
Thanks you very much. This did the trick!
On 6. Apr 2018, at 15:56, Stephan Bosch stephan@rename-it.nl wrote:
Op 6-4-2018 om 13:52 schreef Paul Hecker:
Hi,
Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me).
In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost).
Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password?
You can find my config here:
https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8
That would be possible using the following SMTP AUTH feature:
https://tools.ietf.org/html/rfc4954#section-5
Which is apparently supported by Exim: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentica... This requires explicit configuration, so it will not work out of the box.
Here is what I did:
I had to add the acl_smtp_mailauth to only allow this on a certain port. Then I had to duplicate my code for sender spoofing for authenticated users and change the $authenticated_id -> $authenticated_sender.
Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually sends the MAIL AUTH parameter.
The Dovecot Submission service should support this too. It sends an AUTH parameter with the MAIL command (currently only then the username is a valid SMTP address). However, I must say, I haven't tested this recently.
I can confirm that it works (only with TLS with my current configuration, see above).
I can try this in a few days. Feel free to experiment with this yourself.
Regards,
Stephan.
Thanks again, Paul
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."