Dovecot Submission Proxy Auth

Paul Hecker paul at iwascoding.com
Fri Apr 6 19:15:25 EEST 2018 

Hi,

Thanks you very much. This did the trick!

> On 6. Apr 2018, at 15:56, Stephan Bosch <stephan at rename-it.nl> wrote:
> 
> 
> 
> Op 6-4-2018 om 13:52 schreef Paul Hecker:
>> Hi,
>> 
>> Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me).
>> 
>> In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost).
>> 
>> Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password?
>> 
>> You can find my config here:
>> 
>> https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8
> 
> That would be possible using the following SMTP AUTH feature:
> 
> https://tools.ietf.org/html/rfc4954#section-5
> 
> Which is apparently supported by Exim: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail
> This requires explicit configuration, so it will not work out of the box.

Here is what I did:

I had to add the acl_smtp_mailauth to only allow this on a certain port. Then I had to duplicate my code for sender spoofing for authenticated users and change the $authenticated_id -> $authenticated_sender.

Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually sends the MAIL AUTH parameter.

> 
> The Dovecot Submission service should support this too. It sends an AUTH parameter with the MAIL command (currently only then the username is a valid SMTP address). However, I must say, I haven't tested this recently.

I can confirm that it works (only with TLS with my current configuration, see above).

> 
> I can try this in a few days. Feel free to experiment with this yourself.
> 
> Regards,
> 
> Stephan.

Thanks again,
Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4107 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180406/0b64404b/attachment.p7s>

More information about the dovecot mailing list