On Fri, 31 Aug 2012 17:11:07 +0300 Timo Sirainen tss@iki.fi wrote:
The POP/IMAP part is working fine. What I'm trying to do is to use Dovecot SASL implementation in Postfix to do SMTP authentication in a similar manner. The problem I have with my current configuration is that SMTP authentication succeeds if only the username matches, because password forwarding works if the authentication succeeds with any given password, as documented at http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
Dovecot has no SMTP proxy (currently). And anyway Postfix doesn't use SMTP to do authentication, Postfix authenticates using Dovecot's internal protocol, which replies that Postfix should do the proxying, which it of course doesn't do.
Yes, I know and that's exactly what I was trying to do: use Dovecot authentication method in Postfix to authenticate the user. Because of the fact that Dovecot doesn't do SMTP authentication, I was thinking of a way of using its authentication service by getting the SMTP login credentials from the backend POP/IMAP server. The request may sound a bit unusual, but in our case it makes sense. For our setup we currently run:
- a farm of backend SMTP/POP/IMAP servers that are hosting the mailboxes and where the user credentials are managed. They are running Courier IMAP.
- a group of SMTP/POP/IMAP proxies. These proxies are currently replicating the login credentials from the backend servers and the routing to the backends using a local database. Perdition is currently the POP/IMAP proxy, but having it replaced with Dovecot would help us in getting the password forwarding to the backends running, which means we wouldn't need to store the credentials on the proxy, only the user->host routing entries. Are there any plans to have Dovecot authentication service to do SMTP authentication against IMAP or POP3 proxy provided information? This, of course, means we'd have the authentication result tied to the response of the backend IMAP/pop3 server.
My question is, given the above: is there a way to get SMTP authentication properly in this scenario?
Make Postfix authenticate against the backend Dovecot server. You'll need to setup service auth { inet_listener } to some port for it.
The POP/IMAP backends are running Courier IMAP, as I've just mentioned and due to the existing hosting environment it's very unlikely to replace it with something else.
-- Adi Pircalabu, System Administrator Discount Domain Name Services Pty Ltd, a Total Internet Company PO Box 887, Hawthorn Vic 3122, Australia, T +61 3 9815 6868 Ask me about cloud hosting services