Dovecot Submission Proxy Auth

Jacky jacky at jesstech.com
Wed Jan 9 11:15:15 EET 2019 

Hi,

Anyone know how to enable this SMTP AUTH feature with Postfix?

Regards,

Jacky


On 7/4/2018 3:40 AM, Paul Hecker wrote:
> Hi,
>
>> On 6. Apr 2018, at 18:58, Odhiambo Washington <odhiambo at gmail.com> wrote:
>>
>> Hi Paul,
>>
>> Care to share your config (even OFFLIST) that has successfully integrated Dovecot Submission service with Exim??
> here the steps I have done to integrate Dovecot submission in Exim:
>
> - Create and set the acl_smtp_mailauth ACL:
>
> acl_smtp_mailauth = acl_check_mailauth
>
> acl_check_mailauth:
>    accept
>      hosts          = <; 127.0.0.1 ; ::1
>      condition      = ${if eq{$interface_port}{10025}}
>      log_message    = Will accept MAIL AUTH parameter for $authenticated_sender
>      
>    deny
>
>
> - add a deny fo all connections to 10025 without MAIL AUTH parameter in acl_smtp_mail ACL:
>
>    deny
>      condition      = ${if eq{$interface_port}{10025}}
>      condition      = ${if eq{$authenticated_sender}{}}
>      message        = All connections on port $interface_port need MAIL AUTH sender
>
> - in Dovecot, add the following submission parameters
>
> submission_relay_port = 10025
> submission_relay_ssl = starttls
> submission_relay_ssl_verify = no
>
> All the remaining parts of the Dovecot config is the default for submission protocol/service, copied either from the sources (default config) or from here:
>
> https://wiki.dovecot.org/Submission
>
> Feel free is you have any further questions.
>
> Regards,
> Paul
>
>
>> I use Exim+Dovecot (Exim4U) and wouldn't mind exploring this.
>>
>> Thanks in advance.
>>
>>
>> On 6 April 2018 at 19:15, Paul Hecker <paul at iwascoding.com> wrote:
>> Hi,
>>
>> Thanks you very much. This did the trick!
>>
>>> On 6. Apr 2018, at 15:56, Stephan Bosch <stephan at rename-it.nl> wrote:
>>>
>>>
>>>
>>> Op 6-4-2018 om 13:52 schreef Paul Hecker:
>>>> Hi,
>>>>
>>>> Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain) authentication to the SMTP server using submission. Reason why I need it is sender spoofing (do not want my employees to send messages in behalf of me).
>>>>
>>>> In exim I can disable sender spoofing with the authenticated user. When sending through dovecot, exim either does not accept the email (need auth) or relay every sender address (because relaying from localhost).
>>>>
>>>> Am I missing a setting or do I need any additional field in the (MySQL) user_query/password_query to forward the password?
>>>>
>>>> You can find my config here:
>>>>
>>>> https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8
>>> That would be possible using the following SMTP AUTH feature:
>>>
>>> https://tools.ietf.org/html/rfc4954#section-5
>>>
>>> Which is apparently supported by Exim: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail
>>> This requires explicit configuration, so it will not work out of the box.
>> Here is what I did:
>>
>> I had to add the acl_smtp_mailauth to only allow this on a certain port. Then I had to duplicate my code for sender spoofing for authenticated users and change the $authenticated_id -> $authenticated_sender.
>>
>> Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually sends the MAIL AUTH parameter.
>>
>>> The Dovecot Submission service should support this too. It sends an AUTH parameter with the MAIL command (currently only then the username is a valid SMTP address). However, I must say, I haven't tested this recently.
>> I can confirm that it works (only with TLS with my current configuration, see above).
>>
>>> I can try this in a few days. Feel free to experiment with this yourself.
>>>
>>> Regards,
>>>
>>> Stephan.
>> Thanks again,
>> Paul
>>
>>
>>
>>
>> -- 
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254 7 3200 0004/+254 7 2274 3223
>> "Oh, the cruft."

More information about the dovecot mailing list