Catch all for dovecot authentication?

Joseph Tam jtam.home at gmail.com
Fri May 24 00:35:57 EEST 2019


> as stated by Aki
> 
> > passdb {
> >  driver = static
> >  args = nopassword
> >}
> 
> works fine and does what I want: accept any SMTP AUTH :-)

(Brings back memories of good fun I had with patched Qpopper snare
feeding custom messages to the hacker.)

Another alternative is to use the checkpassword hook that will accept
any username/password.  The advantage is you can do post-analysis of
credentials as the script has access to them.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list