requiring a full fqdn for authentication
Hello,
I'm using dovecot to do postfix authentication. I'm trying to get dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue?
If I need to provide my sql password query let me know.
Thanks. Dave.
doveconf -n # 2.2.34 (874deae): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: FreeBSD 11.1-RELEASE-p4 amd64 # Hostname: localhost auth_cache_size = 10 M auth_default_realm = example.com auth_realms = example.com example2.com dict { acl = mysql:/usr/local/etc/dovecot/shared-folders.conf sqlquota = mysql:/usr/local/etc/dovecot/quota.conf } first_valid_gid = 999 first_valid_uid = 999 hostname = mail.example.com imap_idle_notify_interval = 10 mins last_valid_gid = 999 last_valid_uid = 999 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = 127.0.0.1 xxx.xxx.xxx.xxx lmtp_rcpt_check_quota = yes mail_access_groups = vmail mail_fsync = never mail_gid = vmail mail_home = /home/vmail/mailboxes/%d/%n mail_location = maildir:~/mail:LAYOUT=fs mail_plugins = acl mail_log notify quota quota_clone trash virtual welcome zlib mail_privileged_group = vmail mail_server_admin = mailto:postmaster@example.com mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify imapsieve vnd.dovecot.imapsieve namespace { list = children location = maildir:/home/vmail/public:LAYOUT=fs:INDEXPVT=~/mail/public mailbox TestFolder { auto = subscribe comment = Public Folder for message sharing } prefix = public/ separator = / subscriptions = no type = public } namespace { list = children location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = subscribe special_use = \Archive } mailbox "Deleted Messages" { auto = no autoexpunge = 30 days special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = no autoexpunge = 30 days special_use = \Junk } mailbox "Junk E-mail" { auto = no autoexpunge = 30 days special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Trash { auto = subscribe autoexpunge = 30 days special_use = \Trash } mailbox virtual/All { comment = All my messages special_use = \All } prefix = separator = / type = private } namespace virtual { location = virtual:/usr/local/etc/dovecot/virtual:INDEX=~/virtual:CONTROL=~/virtual prefix = virtual/ separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 acl_anyone = allow acl_globals_only = yes acl_shared_dict = proxy::acl fts = solr fts_autoindex = yes fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ imapsieve_mailbox1_before = file:/home/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/home/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = proxy::lastlogin last_login_key = last-login/%u mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_clone_dict = proxy::sqlquota quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_grace = 10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = true quota_warning = storage=100%% quota-exceeded 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u quota_warning5 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_before = /home/vmail/sieve/before.d sieve_default = /home/vmail/sieve/default.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /home/vmail/sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_max_redirects = 30 sieve_max_script_size = 1M sieve_pipe_bin_dir = /usr/local/bin sieve_plugins = sieve_imapsieve sieve_extprograms sieve_user_log = /home/vmail/sieve/sieve_error.log trash = /usr/local/etc/dovecot/trash.conf welcome_script = welcome %u welcome_wait = yes } postmaster_address = postmaster@example.com protocols = imap lmtp sieve sendmail_path = /usr/local/sbin/sendmail service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { address = xxx.xxx.xxx.xxx port = 993 ssl = yes } } service imap { executable = imap } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/dovecot-quota { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/etc/dovecot/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } service welcome { executable = script /usr/local/etc/dovecot/welcome.sh unix_listener welcome { user = vmail } user = vmail } ssl = required ssl_cert =
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 2 Mar 2018, David Mehler wrote:
dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue?
If I need to provide my sql password query let me know.
your SQL query in passdb allows both usernames.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -----END PGP SIGNATURE-----
Hi,
Thanks. Can you elaborate?
Thanks. Dave.
On 3/6/18, Steffen Kaiser skdovecot@inf.h-brs.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 2 Mar 2018, David Mehler wrote:
dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue?
If I need to provide my sql password query let me know.
your SQL query in passdb allows both usernames.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -----END PGP SIGNATURE-----
You need to match against both %n (username) and %d (domain) in your SQL query.
Good luck! Reio
On 06.03.18 16:42, David Mehler wrote:
Hi,
Thanks. Can you elaborate?
Thanks. Dave.
On 3/6/18, Steffen Kaiser skdovecot@inf.h-brs.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 2 Mar 2018, David Mehler wrote:
dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue? If I need to provide my sql password query let me know. your SQL query in passdb allows both usernames.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -----END PGP SIGNATURE-----
-- Tervitades Reio Remma
MR Stuudio 25 aastat
*MR Stuudio OÜ* Tondi 17b, 11316, Tallinn Tel +372 650 4808 Mob +372 56 22 00 33 reio@mrstuudio.ee www.mrstuudio.ee
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 6 Mar 2018, David Mehler wrote:
Thanks. Can you elaborate?
post your sql config of Dovecot.
On 3/6/18, Steffen Kaiser skdovecot@inf.h-brs.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 2 Mar 2018, David Mehler wrote:
dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue?
If I need to provide my sql password query let me know.
your SQL query in passdb allows both usernames.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWp+YQsQnQQNheMxiAQJTmwf9GMcFCQT0wZmBjJom7Ni3UHTz0eHyYEHS aCQ0aJ0VFz7WRxuHjlyfCaTkcwtMNQ3chos/wcLpNZ6gsSb4LIMLTXFkO6ibioWS f1IUVlcQ1EefekyZh/AC8DvH3pw+mejLsG7eUzUwNerbQ7bhh49q2lDZNjaBVlPu O48t8HV4Jt2X84GTo8vNkNmTc0PCs0ul+Y2Hg9H7WjTl8HMGH+YR/P1cTC6yk8dU JfQ1jhvBpdvXG8lccSehHrpJ7f76yuB9i7QUDVHy+193ECwkFHOfhFVwsm54Edpb nPJrygwyciDz57ItMABbDsaek66tZyVmUNEnLyaeKbkCw1XH3B7tuw== =3UkM -----END PGP SIGNATURE-----
participants (3)
-
David Mehler
-
Reio Remma
-
Steffen Kaiser