[Dovecot] Master user creds for proxy stored statically/locally?

Edward Carraro ednitido at gmail.com
Mon Mar 14 04:35:57 EET 2011 

Thanks for the reply Dennis

On Sun, Mar 13, 2011 at 7:19 PM, Dennis Guhl <dg at dguhl.org> wrote:

>
> You should not save the master users credentials with the mail user
> credentials. Instead you should use a dedicated userdb and passdb.
>
> For further reference have a look at
> http://wiki2.dovecot.org/Authentication/MasterUsers.
>

I created the htpasswd file on the destination server already. Does it also
need to be done on the proxy?


> I don't undestand your question. You can either forward plaintext
> credentials to your backend or authenticate on your proxy and go with
> the proxys master user to your backend
> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy).
>
> Dennis
>

I'm trying to authenticate on the proxy and use the master user to connect
to the backend, just not sure how thats done.
The link for ExtraFields says I need to return: master=s and pass=s

How do I state the user/pass for the master?

I've compiled my proxy with ldap support and created the same master user on
the proxy that exists on the destination server.

I can telnet on the proxy still, but now its just creating user home
directories on the proxy, and not going to the backend at all.

My proxy config

# 2.0.11: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-openvz-amd64 i686 Debian 5.0.8
auth_debug = yes
auth_debug_passwords = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_socket_path = /usr/local/var/run/dovecot/auth-master
auth_verbose = yes
debug_log_path = /var/log/dovecot-debug.log
director_doveadm_port = 542
director_mail_servers = mailstore.domain.com
director_servers = proxy.domain.com
disable_plaintext_auth = no
info_log_path = /var/log/dovecot-info.log
listen = *
lmtp_proxy = yes
log_path = /var/log/dovecot-err.log
mail_debug = yes
mail_gid = vmail
mail_location = maildir:%h/Maildir
mail_plugins = " quota"
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date
passdb {
  args = /usr/local/etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin/acl = vfile
plugin/acl_shared_dict = file:/home/%d/shared-mailboxes
plugin/quota = maildir:User quota
plugin/quota_rule = *:storage=1G
plugin/sieve = %h/.dovecot.sieve
plugin/sieve_dir = ~/sieve
plugin/sieve_max_actions = 32
plugin/sieve_max_redirects = 4
plugin/sieve_max_script_size = 1M
plugin/sieve_quota_max_scripts = 0
plugin/sieve_quota_max_storage = 0
postmaster_address = postmaster at domain.com
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = dovecot
  }
}
service director {
  fifo_listener login/proxy-notify {
    mode = 0666
  }
  inet_listener {
    port = 541
  }
  inet_listener {
    port = 542
  }
  unix_listener director-userdb {
    mode = 0600
  }
  unix_listener login/director {
    mode = 0666
  }
}
service imap-login {
  executable = imap-login director
  inet_listener imap {
    port = 143
  }
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
  }
}
service managesieve-login {
  executable = managesieve-login director
  inet_listener sieve {
    port = 4190
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
service pop3-login {
  executable = pop3-login director
  inet_listener pop3 {
    port = 110
  }
}
ssl_cert = </usr/local/etc/dovecot/dovecot.pem
ssl_key = </usr/local/etc/dovecot/dovecot.key
userdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  auth_socket_path = /usr/local/var/run/dovecot/director-userdb
  mail_plugins = " quota quota sieve"
  passdb {
    args = proxy=y nopassword=y port=24
    driver = static
  }
}
protocol lda {
  info_log_path = /var/log/dovecot-lda.log
  log_path = /var/log/dovecot-lda-errors.log
  mail_plugins = " quota sieve"
}
protocol imap {
  mail_plugins = " quota imap_quota imap_acl acl"
}
protocol sieve {
  mail_max_userip_connections = 10
  mail_plugins =
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
  managesieve_max_compile_errors = 5
  managesieve_max_line_length = 65536
  managesieve_notify_capability =
  managesieve_sieve_capability =
}
protocol pop3 {
  mail_plugins = " quota quota"
  pop3_fast_size_lookups = no
  pop3_uidl_format = %08Xu%08Xv
}

More information about the dovecot mailing list