Will Dovecot support the Cyrus SASL library rimap mechanism? If so, is there anything I need to enable/verify for it to work?
And is there another tool to verify proper behaviour besides trying to log in with a client?
Daniel
Timo Sirainen wrote:
Waaah.
Is it useful feature?
Maybe - I haven't used it yet!
Why not just use sql/ldap/whatever?
I may do so. I'm trying to setup our mail environment with as little overhead as possible. At the moment, Postfix and Dovecot are retrieving user information from the passwd file. I wanted to add TLS/SASL access for remote clients to send via our Postfix server - and I didn't want to have to maintain a parallel user database just for that. But I may look at setting up an SQL/LDAP backend for these services - I didn't see the need with our small user pool.
Daniel
On Tue, 21 Sep 2004, Daniel L. Miller wrote:
You can set up postfix so that it's SMTP-AUTH mechanism checks against the passwd/shadow files over TLS. I just did it, in fact.
You can see my rough, unfinished notes (I don't even have the server fully in production yet. It's intended to replace the one I'm now using, but so far testing with Thunderbird seems to work) here:
http://www.benjamin.weiss.name/www-birdvet-org.html
I give no explanations, as this was mainly a way for me to keep notes as I set up the box, and I was *very* tired near the end and may have missed some steps that I took. Use at your own risk.
Basically, I'm setting up a mail server that uses TLS for both the SMTP-AUTH (which allows me to send email from anywhere in the world and not have to worry about being an open relay) and imap (so I can get and read my email similarly). I'm not worried about the CRAM-MD5 or anything and use plain authentication for two reasons:
Since the communication is encrypted in TLS, nobody can read my password anyways, and
plain authentication allows both postfix and dovecot to authenticate against my passwd/shadow files, so I don't have to maintain a separate SASL database. Since I only have 6 users, this is the way I prefer to do it. :)
Good luck!
Ben
Timo Sirainen wrote:
Apparently it either doesn't work - or I'm not doing it right.
To be a little clearer:
- I have a Internet relayhost running Postfix. This is where the TLS/SASL is needed.
- On an internal server, I have a Postfix server for internal mail delivery with Dovecot for IMAP access.
As I type this - I guess I do have two list of valid e-mail users - one in the relayhost's passwd file, and one in the internal host's passwd file. Well - not entirely - the aliases are placed on the relayhost's alias file.
So the actual "accounts" are listed in the internal host's passwd file - which the relayhost should NOT be able to access! rimap seemed like a simple plug-n-pray solution - and I'd still like to know (just 'cuz!) if it will work.
From my mail log - Sep 22 22:21:57 foxy saslauthd[10353]: auth_rimap: unexpected response to auth request: Sep 22 22:21:57 foxy saslauthd[10353]: do_auth : auth failure: [user=dmiller] [service=smtp] [realm=amfeslan.local] [mech=rimap] [reason=[ALERT] Unexpected response from remote authentication server] Sep 22 22:21:57 foxy saslauthd[10354]: auth_rimap: unexpected response to auth request: Sep 22 22:21:57 foxy saslauthd[10354]: do_auth : auth failure: [user=dmiller] [service=smtp] [realm=amfeslan.local] [mech=rimap] [reason=[ALERT] Unexpected response from remote authentication server]
Daniel
participants (3)
-
Benjamin J. Weiss
-
Daniel L. Miller
-
Timo Sirainen