[Dovecot] Proxy using passd file
I'm trying to create a proxy using passwd files. Can I use the existing passwd files created by the system (ie passwd and shadow) or do I have to create new passwd files for the email proxy users? How would the passwd and shadow files for a proxy using passwd files look? I've tried the example on the wiki but I'm not getting anywhere, pop and imap requests are not getting sent to the other server.
Clayton Epp wrote:
I'm trying to create a proxy using passwd files. Can I use the existing passwd files created by the system (ie passwd and shadow) or do I have to create new passwd files for the email proxy users? How would the passwd and shadow files for a proxy using passwd files look? I've tried the example on the wiki but I'm not getting anywhere, pop and imap requests are not getting sent to the other server.
I don't think existing /etc/password would work as extra fields may confuse the system.
You could try something like
passdb passwd-file { args = /etc/dovecot/proxied-users.%Ls }
passdb pam { }
which would check the for the username in proxied-users.imap or proxied-users.pop3 (depending on the protocol) first, then authenticate as usual (via PAM, say) if it isn't there. Then have lines like
username:::::::host=123.234.345.567 port=143 nodelay=n nologin=y proxy=y
in the proxied-users.imap file and the same with port=110 in the .pop3 file.
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
I'm trying to create a proxy using passwd files. Can I use the existing passwd files created by the system (ie passwd and shadow) or do I have to create new passwd files for the email proxy users? How would the passwd and shadow files for a proxy using passwd files look? I've tried the example on the wiki but I'm not getting anywhere, pop and imap requests are not getting sent to the other server.
I don't think existing /etc/password would work as extra fields may confuse the system.
You could try something like
passdb passwd-file { args = /etc/dovecot/proxied-users.%Ls }
passdb pam { }
which would check the for the username in proxied-users.imap or proxied-users.pop3 (depending on the protocol) first, then authenticate as usual (via PAM, say) if it isn't there. Then have lines like
username:::::::host=123.234.345.567 port=143 nodelay=n nologin=y proxy=y
in the proxied-users.imap file and the same with port=110 in the .pop3 file.
Best Wishes, Chris
Thanks Chris this pointed me in the right direction, and the proxy is now working. I didn't realize that the order of the passdb declarations mattered. Thanks again for your reply!
On Mon, 2006-10-23 at 11:10 -0600, Clayton Epp wrote:
I'm trying to create a proxy using passwd files. Can I use the existing passwd files created by the system (ie passwd and shadow) or do I have to create new passwd files for the email proxy users? How would the passwd and shadow files for a proxy using passwd files look? I've tried the example on the wiki but I'm not getting anywhere, pop and imap requests are not getting sent to the other server.
I don't think existing /etc/password would work as extra fields may confuse the system.
You could try something like
passdb passwd-file { args = /etc/dovecot/proxied-users.%Ls }
passdb pam { }
which would check the for the username in proxied-users.imap or proxied-users.pop3 (depending on the protocol) first, then authenticate as usual (via PAM, say) if it isn't there. Then have lines like
username:::::::host=123.234.345.567 port=143 nodelay=n nologin=y proxy=y
in the proxied-users.imap file and the same with port=110 in the .pop3 file.
Best Wishes, Chris
Thanks Chris this pointed me in the right direction, and the proxy is now working. I didn't realize that the order of the passdb declarations mattered. Thanks again for your reply!
I don't think the PAM authentication is made though, but it probably doesn't matter since the remote server checks the password anyway?
On Mon, 2006-10-23 at 22:14 +0300, Timo Sirainen wrote:
which would check the for the username in proxied-users.imap or proxied-users.pop3 (depending on the protocol) first, then authenticate as usual (via PAM, say) if it isn't there. Then have lines like .. I don't think the PAM authentication is made though, but it probably doesn't matter since the remote server checks the password anyway?
Oh, that's what Chris said. Forget about this ;)
participants (3)
-
Chris Wakelin
-
Clayton Epp
-
Timo Sirainen