I've been using dovecot using system usernames (my unix uname as my IMAP username). But today I tried New Outlook which requires the imap username match my email address.
Is there some way to tell dovecot that username@host is the same as uname? (where username@host is an email address and uname is a unix login which might be completely different).
Michael Grant
On 9/19/23 15:51, Michael Grant via dovecot wrote:
I've been using dovecot using system usernames (my unix uname as my IMAP username). But today I tried New Outlook which requires the imap username match my email address.
Is there some way to tell dovecot that username@host is the same as uname? (where username@host is an email address and uname is a unix login which might be completely different).
Heya mgrant, been a long time!
If you're using a database for authentication, you can do this sort of translation past using stored functions in MySQL. Queries look something like this:
password_query = SELECT userid AS username, domain, password FROM mail_users WHERE userid = addr_to_uname('%u') AND domain = addr_to_domain_or_default('%u', 'domain.com')
One of the functions is something like this:
DELIMITER ? CREATE FUNCTION addr_to_domain_or_default (userid VARCHAR(255), default_domain VARCHAR(255)) RETURNS VARCHAR(255) DETERMINISTIC BEGIN DECLARE at_pos INT; DECLARE addr_out VARCHAR(255);
SELECT LOCATE('@', userid) INTO at_pos; IF at_pos = 0 THEN CASE userid WHEN 'user1' THEN SET addr_out = 'domain1.com'; WHEN 'user2' THEN SET addr_out = 'domain2.com'; ELSE SET addr_out = default_domain; END CASE; ELSE SELECT SUBSTRING(userid, at_pos + 1) INTO addr_out; END IF;
RETURN addr_out;
END ? DELIMITER ;
This isn't exactly the functionality you want, but it illustrates the kinds of translations that can easy be done on the database side. I've been using a scheme like this for many years with great results.
-Dave-- Dave McGuire, AK4HZ New Kensington, PA
Heya mgrant, been a long time!
Very! Will hit you off-list.
If you're using a database for authentication, you can do this sort of translation past using stored functions in MySQL. Queries look something like this:
password_query = SELECT userid AS username, domain, password FROM mail_users WHERE userid = addr_to_uname('%u') AND domain = addr_to_domain_or_default('%u', 'domain.com') ...
Thanks, I was hoping for something less complicated. I found auth_username_format %n which drops the domain if supplied. Unfortunately my imap username isn't 'mgrant'. Probably i could make this work if there was no other way. This forces me to have my IMAP password the same as my unix password.
I probably should move to virtual users for everyone on my box but that's not so easy. I was hoping there was some way i could translate individual users which would make this transition easier.
On 9/19/23 16:34, Michael Grant wrote:
Heya mgrant, been a long time!
Very! Will hit you off-list.
:-)
If you're using a database for authentication, you can do this sort of translation past using stored functions in MySQL. Queries look something like this:
password_query = SELECT userid AS username, domain, password FROM mail_users WHERE userid = addr_to_uname('%u') AND domain = addr_to_domain_or_default('%u', 'domain.com') ...
Thanks, I was hoping for something less complicated. I found auth_username_format %n which drops the domain if supplied. Unfortunately my imap username isn't 'mgrant'. Probably i could make this work if there was no other way. This forces me to have my IMAP password the same as my unix password.
I probably should move to virtual users for everyone on my box but that's not so easy. I was hoping there was some way i could translate individual users which would make this transition easier.
You can use that technique, though, to implement any sort of translation table that you could build into an SQL query. Just a suggestion.
-Dave-- Dave McGuire, AK4HZ New Kensington, PA
On 19-09-2023 22:36, Dave McGuire wrote:
On 9/19/23 16:34, Michael Grant wrote:
Thanks, I was hoping for something less complicated. I found auth_username_format %n which drops the domain if supplied. Unfortunately my imap username isn't 'mgrant'. Probably i could make this work if there was no other way. This forces me to have my IMAP password the same as my unix password.
I probably should move to virtual users for everyone on my box but that's not so easy. I was hoping there was some way i could translate individual users which would make this transition easier.
You could have virtual users with any username (matching the required format for 'New Outlook') and password in an SQL passdb + userdb, and a second backend for the system users (PAM probably) as a fallback.
The docs describe this precise scenario at: https://doc.dovecot.org/configuration_manual/authentication/multiple_authent...
Regards, Tom
On 19-09-2023 22:36, Dave McGuire wrote:
On 9/19/23 16:34, Michael Grant wrote:
Thanks, I was hoping for something less complicated. I found auth_username_format %n which drops the domain if supplied. Unfortunately my imap username isn't 'mgrant'. Probably i could make this work if there was no other way. This forces me to have my IMAP password the same as my unix password.
I probably should move to virtual users for everyone on my box but that's not so easy. I was hoping there was some way i could translate individual users which would make this transition easier.
You could have virtual users with any username (matching the required format for 'New Outlook') and password in an SQL passdb + userdb, and a second backend for the system users (PAM probably) as a fallback.
The docs describe this precise scenario at: https://doc.dovecot.org/configuration_manual/authentication/multiple_authent...
Regards, Tom
You could have virtual users with any username (matching the required format for 'New Outlook') and password in an SQL passdb + userdb, and a second backend for the system users (PAM probably) as a fallback.
The docs describe this precise scenario at: https://doc.dovecot.org/configuration_manual/authentication/multiple_authent...
Ok I have tried this and I'm having trouble. I set up 2 accounts both accessing the same mailbox and here's what I see in the logs:
Error: Mailbox INBOX: Sync failed for mbox: UID inserted in the middle of mailbox (7323 > 6645, seq=1, idx_msgs=1)
Some searching indicates this is caused when dovecot doesn't expect a second process (itself in this case!) to be modifying a mailbox.
Here's what I did:
In conf.d/10-auth.conf I enabled system and passwdfile auth: !include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext !include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-static.conf.ext
In /etc/passwd, I have my imap login (mb1234) and my shell login which I never use via imap.
/etc/passwd looks like this:
mgrant:x:1234:1234:Michael Grant:/home/mgrant:/bin/bash mb1234:x:1234:1234:Michael Grant:/home/mgrant:/bin/false
(note, this has worked for more than a decade maybe two like this!)
In auth-passwefile.conf.ext I have: passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users }
userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users
# Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G default_fields = uid=dovecot-virtual gid=dovecot-virtual home=/home/dovecot-virtual/%u
# Override fields from passwd-file #override_fields = home=/home/virtual/%u }
mgrant@grant.org:{CRYPT}blablablabla:1234:1234::/home/mgrant:Michael Grant:userdb_mail=mbox:~/mail:INBOX=/var/mail/%n
This is an example right out of: https://doc.dovecot.org/configuration_manual/mail_location/#passwd-file
I'm sure it's using the mgrant@grant.org in /etc/dovecot/users because the mail app accepts the username mgrant@grant.org and password which is not my shell login password. I also see the successful auths in the mail log:
imap-login: Login: user=mgrant@grant.org imap-login: Login: user=<mb1234>
I get mail in mb1234 but nothing in the mgrant@grant.org imap mailbox.
I get the feeling that instead of 2 separate auths like this, I think I need to use %n in the username format and not use the passdb auth at all and move everything into userdb and move away from using mb1234. I can do this.
Before I set out on this mission, is there some way to make this work with 2 separate logins for the same mailbox?
Michael Grant
On 2023-09-19 3:51 p.m., Michael Grant via dovecot wrote:
I've been using dovecot using system usernames (my unix uname as my IMAP username). But today I tried New Outlook which requires the imap username match my email address.
I'm not sure about "New Outlook" but other versions of Outlook (e.g. M365) allows setting up different username by using Windows Control Panel - Mail... instead of using Outlook's Account Settings.
participants (5)
-
Dave McGuire
-
Michael Grant
-
Oscar del Rio
-
Tom Hendrikx
-
Tom Hendrikx