On 23/07/2021 01:22 Dan Conway <darkc0de@archnix6.net> wrote:
Hello,
I'm having issues with Dovecot translating "BDAT" commands (CHUNKING) into "DATA" commands when the backend does not support it in the submission service. I use "checkpassword" to authenticate users and judging by older mailing list entries the presence of "submission_*" directives must be in place for Dovecot to translate. Even with these directives set, the translation doesn't seem to occur.
checkpassword returns "director_tag=remote_smtp" (along with other fields such as nopassword=y proxy=y) which in turn sets the backend host to relay the connection to. I have a feeling the use of checkpassword has something to do with this lack of translation.
If the "submission_*" directives must be in place for this translation to occur, which ones are they? Can I return these fields from checkpassword?
Output of doveconf -n:
# 2.3.15 (0503334ab1): /etc/dovecot/dovecot.conf # OS: Linux 4.15.0-147-generic x86_64 Ubuntu 18.04.5 LTS # Hostname: xyz auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes director_mail_servers = x.x.x.x@remote_smtp director_servers = x.x.x.x disable_plaintext_auth = no mail_log_prefix = "%Us(%u) [%r]: " passdb { args = /usr/local/bin/checkpassword driver = checkpassword } protocols = " imap pop3 submission" service anvil { client_limit = 3553 } service auth { client_limit = 3550 } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { address = x.x.x.x port = 9090 } unix_listener director-admin { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director inet_listener imap { address = x.x.x.x port = 143 } inet_listener imaps { address = x.x.x.x port = 993 ssl = yes } process_limit = 1000 process_min_avail = 0 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 0 service_count = 1 vsz_limit = 384 M } service pop3-login { executable = pop3-login director inet_listener pop3 { address = x.x.x.x port = 110 } inet_listener pop3s { address = x.x.x.x port = 995 ssl = yes } process_limit = 450 } service pop3 { process_limit = 190 process_min_avail = 0 service_count = 1 } service submission-login { executable = submission-login director inet_listener smtp { address = x.x.x.x port = 25 } inet_listener smtps { address = x.x.x.x port = 465 ssl = yes } inet_listener submission { address = x.x.x.x port = 587 } process_limit = 2000 } ssl_cert = </etc/... ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.1 submission_backend_capabilities = submission_host = x.x.x.x submission_relay_host = x.x.x.x submission_relay_port = 465 submission_relay_ssl = smtps submission_relay_trusted = yes userdb { args = /etc/dovecot/userdb.conf driver = ldap } protocol imap { imap_logout_format = bytes=%i/%o, del=%e mail_max_userip_connections = 20 } protocol pop3 { mail_max_userip_connections = 20 pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol submission { mail_max_userip_connections = 10 } local_name *.domain.com { ssl_cert = </etc/... ssl_key = # hidden, use -P to show it }
Hi!
Submission service works from backend, not proxy.
Aki