Dovecot Submission Proxy Auth
Odhiambo Washington
odhiambo at gmail.com
Fri Apr 6 19:58:30 EEST 2018
Hi Paul,
Care to share your config (even OFFLIST) that has successfully integrated
Dovecot Submission service with Exim??
I use Exim+Dovecot (Exim4U) and wouldn't mind exploring this.
Thanks in advance.
On 6 April 2018 at 19:15, Paul Hecker <paul at iwascoding.com> wrote:
> Hi,
>
> Thanks you very much. This did the trick!
>
> > On 6. Apr 2018, at 15:56, Stephan Bosch <stephan at rename-it.nl> wrote:
> >
> >
> >
> > Op 6-4-2018 om 13:52 schreef Paul Hecker:
> >> Hi,
> >>
> >> Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain)
> authentication to the SMTP server using submission. Reason why I need it is
> sender spoofing (do not want my employees to send messages in behalf of me).
> >>
> >> In exim I can disable sender spoofing with the authenticated user. When
> sending through dovecot, exim either does not accept the email (need auth)
> or relay every sender address (because relaying from localhost).
> >>
> >> Am I missing a setting or do I need any additional field in the (MySQL)
> user_query/password_query to forward the password?
> >>
> >> You can find my config here:
> >>
> >> https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8
> >
> > That would be possible using the following SMTP AUTH feature:
> >
> > https://tools.ietf.org/html/rfc4954#section-5
> >
> > Which is apparently supported by Exim: https://www.exim.org/exim-
> html-current/doc/html/spec_html/ch-smtp_authentication.
> html#SECTauthparamail
> > This requires explicit configuration, so it will not work out of the box.
>
> Here is what I did:
>
> I had to add the acl_smtp_mailauth to only allow this on a certain port.
> Then I had to duplicate my code for sender spoofing for authenticated users
> and change the $authenticated_id -> $authenticated_sender.
>
> Besides that, I must use TLS (in my case STARTTLS) so that Dovecot
> actually sends the MAIL AUTH parameter.
>
> >
> > The Dovecot Submission service should support this too. It sends an AUTH
> parameter with the MAIL command (currently only then the username is a
> valid SMTP address). However, I must say, I haven't tested this recently.
>
> I can confirm that it works (only with TLS with my current configuration,
> see above).
>
> >
> > I can try this in a few days. Feel free to experiment with this yourself.
> >
> > Regards,
> >
> > Stephan.
>
> Thanks again,
> Paul
>
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180406/d97b84e7/attachment-0001.html>
More information about the dovecot
mailing list