BDAT to DATA translation on submission service when checkpassword is involved
Hello,
I'm having issues with Dovecot translating "BDAT" commands (CHUNKING) into "DATA" commands when the backend does not support it in the submission service. I use "checkpassword" to authenticate users and judging by older mailing list entries the presence of "submission_*" directives must be in place for Dovecot to translate. Even with these directives set, the translation doesn't seem to occur.
checkpassword returns "director_tag=remote_smtp" (along with other fields such as nopassword=y proxy=y) which in turn sets the backend host to relay the connection to. I have a feeling the use of checkpassword has something to do with this lack of translation.
If the "submission_*" directives must be in place for this translation to occur, which ones are they? Can I return these fields from checkpassword?
Output of doveconf -n:
# 2.3.15 (0503334ab1): /etc/dovecot/dovecot.conf # OS: Linux 4.15.0-147-generic x86_64 Ubuntu 18.04.5 LTS # Hostname: xyz auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes director_mail_servers = x.x.x.x@remote_smtp director_servers = x.x.x.x disable_plaintext_auth = no mail_log_prefix = "%Us(%u) [%r]: " passdb { args = /usr/local/bin/checkpassword driver = checkpassword } protocols = " imap pop3 submission" service anvil { client_limit = 3553 } service auth { client_limit = 3550 } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { address = x.x.x.x port = 9090 } unix_listener director-admin { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director inet_listener imap { address = x.x.x.x port = 143 } inet_listener imaps { address = x.x.x.x port = 993 ssl = yes } process_limit = 1000 process_min_avail = 0 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 0 service_count = 1 vsz_limit = 384 M } service pop3-login { executable = pop3-login director inet_listener pop3 { address = x.x.x.x port = 110 } inet_listener pop3s { address = x.x.x.x port = 995 ssl = yes } process_limit = 450 } service pop3 { process_limit = 190 process_min_avail = 0 service_count = 1 } service submission-login { executable = submission-login director inet_listener smtp { address = x.x.x.x port = 25 } inet_listener smtps { address = x.x.x.x port = 465 ssl = yes } inet_listener submission { address = x.x.x.x port = 587 } process_limit = 2000 } ssl_cert = </etc/... ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.1 submission_backend_capabilities = submission_host = x.x.x.x submission_relay_host = x.x.x.x submission_relay_port = 465 submission_relay_ssl = smtps submission_relay_trusted = yes userdb { args = /etc/dovecot/userdb.conf driver = ldap } protocol imap { imap_logout_format = bytes=%i/%o, del=%e mail_max_userip_connections = 20 } protocol pop3 { mail_max_userip_connections = 20 pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol submission { mail_max_userip_connections = 10 } local_name *.domain.com { ssl_cert = </etc/... ssl_key = # hidden, use -P to show it }
On 23/07/2021 01:22 Dan Conway <darkc0de@archnix6.net> wrote:
Hello,
I'm having issues with Dovecot translating "BDAT" commands (CHUNKING) into "DATA" commands when the backend does not support it in the submission service. I use "checkpassword" to authenticate users and judging by older mailing list entries the presence of "submission_*" directives must be in place for Dovecot to translate. Even with these directives set, the translation doesn't seem to occur.
checkpassword returns "director_tag=remote_smtp" (along with other fields such as nopassword=y proxy=y) which in turn sets the backend host to relay the connection to. I have a feeling the use of checkpassword has something to do with this lack of translation.
If the "submission_*" directives must be in place for this translation to occur, which ones are they? Can I return these fields from checkpassword?
Output of doveconf -n:
# 2.3.15 (0503334ab1): /etc/dovecot/dovecot.conf # OS: Linux 4.15.0-147-generic x86_64 Ubuntu 18.04.5 LTS # Hostname: xyz auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes director_mail_servers = x.x.x.x@remote_smtp director_servers = x.x.x.x disable_plaintext_auth = no mail_log_prefix = "%Us(%u) [%r]: " passdb { args = /usr/local/bin/checkpassword driver = checkpassword } protocols = " imap pop3 submission" service anvil { client_limit = 3553 } service auth { client_limit = 3550 } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { address = x.x.x.x port = 9090 } unix_listener director-admin { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director inet_listener imap { address = x.x.x.x port = 143 } inet_listener imaps { address = x.x.x.x port = 993 ssl = yes } process_limit = 1000 process_min_avail = 0 service_count = 1 } service imap { process_limit = 2048 process_min_avail = 0 service_count = 1 vsz_limit = 384 M } service pop3-login { executable = pop3-login director inet_listener pop3 { address = x.x.x.x port = 110 } inet_listener pop3s { address = x.x.x.x port = 995 ssl = yes } process_limit = 450 } service pop3 { process_limit = 190 process_min_avail = 0 service_count = 1 } service submission-login { executable = submission-login director inet_listener smtp { address = x.x.x.x port = 25 } inet_listener smtps { address = x.x.x.x port = 465 ssl = yes } inet_listener submission { address = x.x.x.x port = 587 } process_limit = 2000 } ssl_cert = </etc/... ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.1 submission_backend_capabilities = submission_host = x.x.x.x submission_relay_host = x.x.x.x submission_relay_port = 465 submission_relay_ssl = smtps submission_relay_trusted = yes userdb { args = /etc/dovecot/userdb.conf driver = ldap } protocol imap { imap_logout_format = bytes=%i/%o, del=%e mail_max_userip_connections = 20 } protocol pop3 { mail_max_userip_connections = 20 pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol submission { mail_max_userip_connections = 10 } local_name *.domain.com { ssl_cert = </etc/... ssl_key = # hidden, use -P to show it }
Hi!
Submission service works from backend, not proxy.
Aki
participants (2)
-
Aki Tuomi
-
Dan Conway