Detect port number of SASL AUTH request?
Stephan Bosch
s.bosch at ox.io
Thu Nov 30 15:56:37 EET 2017
Op 16-11-2017 om 2:07 schreef MRob:
> Hi, this is partly Postfix related, but I want to know if there could
> be way to distinguish port of the SASL AUTH request to segregate user
> services.
>
> Currently I use unix listener for dovecot sasl auth, but could change
> to inet_listener.
>
> Only way I can think is to have different SASL AUTH services for each
> master.cf entry where its needed. But is it possible for Dovecot to
> have more than one SASL AUTH services with different configuration
> setup? It would be nicer if there was a way for Postfix to tell
> Dovecot about the port the client connected on.
>
> Or maybe it can be done with a SASL realm? I'm not sure how? Any help
> please?
I am not sure I understand the question completely.
The Dovecot SASL auth protocol allows setting various auxiliary fields:
https://github.com/dovecot/core/blob/release-2.2.33/src/auth/auth-request.c#L370
(Which, apparently, aren't all documented:
https://wiki2.dovecot.org/Design/AuthProtocol)
The service connection ports are among those fields. So, at least an
authentication client (e.g. Postfix) could pass the ip:port to Dovecot.
I don't know whether Postfix sets one of these port values at this time.
And even then, there's the question of whether the port value can be
used as a selector in some dynamic configuration. The local {...}
configuration sections can as far as I know only be used with IPs and
not with ports or IP:ports. Maybe you could do some magic in variable
substitutions, e.g. use it in the passdb/userdb database lookup.
Regards,
Stephan.
More information about the dovecot
mailing list