Dovecot Master User: Access user's mailbox without owner's password
John Stoffel
john at stoffel.org
Tue Nov 19 17:59:12 EET 2019
>>>>> "Marcio" == Marcio Merlone via dovecot <dovecot at dovecot.org> writes:
Marcio> Sounds a lot like my problem, which I described some days ago
Marcio> here on the list, but no luck. Please report to the list if
Marcio> you make any progress.
Marcio,
Looking at your passdb { } block, you don't have the "result_sucess =
continue" option. Have you tried adding that to make it work?
Marcio> Em 14/11/2019 10:41, Dav Rdrz via dovecot escreveu:
Marcio> Hi, I hope you're all right. I describe below the scenario where the
Marcio> problem occurs.
Marcio> I'm trying to activate a master user [1] to be able to access all the
Marcio> boxes of all users by imap.
Marcio> I have configured the dovecot-master-users [2] file with the
Marcio> appropriate permissions.
Marcio> When I try to access, for example with roundcube, through
Marcio> user at mydomain.com*my_master_user at not-exist.com
Marcio> I see in the log, that it seems to ignore the master-user (*) and
Marcio> tries to authenticate the Active Directory but with the master user's
Marcio> password. Then it shows in the log the messages
Marcio> auth: Info: ldap(user at mydomain.com,127.0.0.1,<6sFGXE6XLwB/AAAB> )
Marcio> invalid credentials
Marcio> auth: Debug: client passdb out: FAIL 1 user=user at mydomain.com
Marcio> I have other test cases, but I need to validate the master user login that way.
Marcio> I would appreciate any comments you can make and I am waiting to
Marcio> answer any questions.
Marcio> Regards,
Marcio> [1] https://doc.dovecot.org/configuration_manual/authentication/master_users/
Marcio> [2] https://docs.iredmail.org/dovecot.master.user.html
Marcio> ---------------------------------------------------------------------------------------
Marcio> root at mail-01:/etc/dovecot# cat /etc/issue
Marcio> Ubuntu 14.04.5 LTS \n \l
Marcio> root at mail-01:/etc/dovecot# dpkg -l | grep dovecot | awk {'print $2" "$3'}
Marcio> dovecot-core 1:2.2.9-1ubuntu2.6
Marcio> dovecot-imapd 1:2.2.9-1ubuntu2.6
Marcio> dovecot-ldap 1:2.2.9-1ubuntu2.6
Marcio> dovecot-lmtpd 1:2.2.9-1ubuntu2.6
Marcio> dovecot-managesieved 1:2.2.9-1ubuntu2.6
Marcio> dovecot-mysql 1:2.2.9-1ubuntu2.6
Marcio> dovecot-pop3d 1:2.2.9-1ubuntu2.6
Marcio> dovecot-sieve 1:2.2.9-1ubuntu2.6
Marcio> root at mail-01:/etc/dovecot# cat dovecot.conf | grep -v '#' | grep -v -e
Marcio> '^$' | sed "s/REALDOMAIN/mydomain/g"
Marcio> listen = * [::]
Marcio> mail_plugins = quota mailbox_alias acl
Marcio> protocols = pop3 imap sieve lmtp
Marcio> mail_uid = 2000
Marcio> mail_gid = 2000
Marcio> first_valid_uid = 2000
Marcio> last_valid_uid = 2000
Marcio> log_path = /var/log/dovecot.log
Marcio> auth_verbose = yes
Marcio> auth_debug = yes
Marcio> ssl_protocols = !SSLv2 !SSLv3
Marcio> ssl = required
Marcio> verbose_ssl = no
Marcio> ssl_ca = </etc/ssl/certs/mydomain.com.ca-bundle
Marcio> ssl_cert = </etc/ssl/certs/mydomain.com.crt
Marcio> ssl_key = </etc/ssl/private/mydomain.com.key
Marcio> ssl_cipher_list =
Marcio> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Marcio> ssl_dh_parameters_length = 2048
Marcio> ssl_prefer_server_ciphers = yes
Marcio> disable_plaintext_auth = no
Marcio> mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
Marcio> auth_default_realm = mydomain.com
Marcio> auth_mechanisms = PLAIN LOGIN
Marcio> service auth {
Marcio> unix_listener /var/spool/postfix/private/dovecot-auth {
Marcio> user = postfix
Marcio> group = postfix
Marcio> mode = 0666
Marcio> }
Marcio> unix_listener auth-master {
Marcio> user = vmail
Marcio> group = vmail
Marcio> mode = 0666
Marcio> }
Marcio> unix_listener auth-userdb {
Marcio> user = vmail
Marcio> group = vmail
Marcio> mode = 0660
Marcio> }
Marcio> }
Marcio> service lmtp {
Marcio> user = vmail
Marcio> process_min_avail = 5
Marcio> executable = lmtp -L
Marcio> unix_listener /var/spool/postfix/private/dovecot-lmtp {
Marcio> user = postfix
Marcio> group = postfix
Marcio> mode = 0600
Marcio> }
Marcio> inet_listener lmtp {
Marcio> address = 127.0.0.1
Marcio> port = 24
Marcio> }
Marcio> }
Marcio> auth_master_user_separator = *
Marcio> passdb {
Marcio> driver = passwd-file
Marcio> args = /etc/dovecot/dovecot-master-users
Marcio> master = yes
Marcio> }
Marcio> userdb {
Marcio> args = /etc/dovecot/dovecot-ldap.conf
Marcio> driver = ldap
Marcio> }
Marcio> passdb {
Marcio> args = /etc/dovecot/dovecot-ldap.conf
Marcio> driver = ldap
Marcio> }
Marcio> plugin {
Marcio> auth_socket_path = /var/run/dovecot/auth-master
Marcio> quota = dict:user::proxy::quotadict
Marcio> quota_rule = *:storage=3G
Marcio> quota_warning = storage=100%% quota-warning 100 %u
Marcio> quota_warning2 = storage=95%% quota-warning 95 %u
Marcio> quota_warning3 = storage=90%% quota-warning 90 %u
Marcio> quota_warning4 = storage=85%% quota-warning 85 %u
Marcio> quota_grace = 10%%
Marcio> acl = vfile
Marcio> acl_shared_dict = proxy::acl
Marcio> sieve_dir = %Lh/sieve
Marcio> sieve = %Lh/sieve/dovecot.sieve
Marcio> sieve_global_dir = /var/vmail/sieve
Marcio> sieve_before = /var/vmail/sieve/dovecot.sieve
Marcio> mailbox_alias_old = Sent
Marcio> mailbox_alias_new = Sent Messages
Marcio> mailbox_alias_old2 = Sent
Marcio> mailbox_alias_new2 = Sent Items
Marcio> }
Marcio> service quota-warning {
Marcio> executable = script /usr/local/bin/dovecot-quota-warning.sh
Marcio> unix_listener quota-warning {
Marcio> user = vmail
Marcio> group = vmail
Marcio> mode = 0660
Marcio> }
Marcio> }
Marcio> service dict {
Marcio> unix_listener dict {
Marcio> mode = 0660
Marcio> user = vmail
Marcio> group = vmail
Marcio> }
Marcio> }
Marcio> dict {
Marcio> quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
Marcio> acl = mysql:/etc/dovecot/dovecot-share-folder.conf
Marcio> }
Marcio> protocol lda {
Marcio> mail_plugins = $mail_plugins sieve
Marcio> auth_socket_path = /var/run/dovecot/auth-master
Marcio> log_path = /var/log/dovecot-sieve.log
Marcio> lda_mailbox_autocreate = yes
Marcio> lda_mailbox_autosubscribe = yes
Marcio> postmaster_address = it at mydomain.com
Marcio> }
Marcio> protocol lmtp {
Marcio> info_log_path = /var/log/dovecot-lmtp.log
Marcio> mail_plugins = quota sieve
Marcio> postmaster_address = postmaster
Marcio> lmtp_save_to_detail_mailbox = yes
Marcio> recipient_delimiter = +
Marcio> }
Marcio> protocol imap {
Marcio> mail_plugins = $mail_plugins imap_quota imap_acl
Marcio> imap_client_workarounds = tb-extra-mailbox-sep
Marcio> mail_max_userip_connections = 30
Marcio> }
Marcio> protocol pop3 {
Marcio> mail_plugins = $mail_plugins
Marcio> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
Marcio> pop3_uidl_format = %08Xu%08Xv
Marcio> mail_max_userip_connections = 30
Marcio> }
Marcio> service imap-login {
Marcio> service_count = 1
Marcio> process_limit = 500
Marcio> }
Marcio> service pop3-login {
Marcio> service_count = 1
Marcio> }
Marcio> service managesieve-login {
Marcio> inet_listener sieve {
Marcio> address = 127.0.0.1
Marcio> port = 4190
Marcio> }
Marcio> }
Marcio> namespace {
Marcio> type = private
Marcio> separator = /
Marcio> prefix =
Marcio> inbox = yes
Marcio> mailbox Sent {
Marcio> auto = subscribe
Marcio> special_use = \Sent
Marcio> }
Marcio> mailbox "Sent Messages" {
Marcio> auto = no
Marcio> special_use = \Sent
Marcio> }
Marcio> mailbox "Sent Items" {
Marcio> auto = no
Marcio> special_use = \Sent
Marcio> }
Marcio> mailbox Drafts {
Marcio> auto = subscribe
Marcio> special_use = \Drafts
Marcio> }
Marcio> mailbox Trash {
Marcio> auto = subscribe
Marcio> special_use = \Trash
Marcio> }
Marcio> mailbox "Deleted Messages" {
Marcio> auto = no
Marcio> special_use = \Trash
Marcio> }
Marcio> mailbox Junk {
Marcio> auto = subscribe
Marcio> special_use = \Junk
Marcio> }
Marcio> mailbox Spam {
Marcio> auto = no
Marcio> special_use = \Junk
Marcio> }
Marcio> mailbox "Junk E-mail" {
Marcio> auto = no
Marcio> special_use = \Junk
Marcio> }
Marcio> mailbox Archive {
Marcio> auto = subscribe
Marcio> special_use = \Archive
Marcio> }
Marcio> mailbox Archives {
Marcio> auto = no
Marcio> special_use = \Archive
Marcio> }
Marcio> }
Marcio> namespace {
Marcio> type = shared
Marcio> separator = /
Marcio> prefix = Shared/%%u/
Marcio> location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%u
Marcio> subscriptions = yes
Marcio> list = children
Marcio> }
Marcio> root at mail-01:/etc/dovecot# cat dovecot-ldap.conf | sed
Marcio> "s/realdomain/mydomain/g"
Marcio> hosts = active-directory:389
Marcio> ldap_version = 3
Marcio> auth_bind = yes
Marcio> dn = domain\vmail
Marcio> dnpass = Str0ngP4ssw0rd
Marcio> base = ou=Organizational Unit,dc=domain,dc=com
Marcio> scope = subtree
Marcio> deref = never
Marcio> user_filter =
Marcio> (&(userPrincipalName=%n at domain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Marcio> pass_filter =
Marcio> (&(userPrincipalName=%n at domain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Marcio> #user_filter =
Marcio> (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Marcio> #pass_filter =
Marcio> (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Marcio> pass_attrs = userPassword=password
Marcio> default_pass_scheme = CRYPT
Marcio> user_attrs = \
Marcio> #=mail=master_user, \
Marcio> #mail=user, \
Marcio> =user=%Ln at mydomain.com, \
Marcio> =home=/var/vmail/vmail1/mydomain.com/%Ln/Maildir/, \
Marcio> =mail=maildir:/var/vmail/vmail1/mydomain.com/%Ln/Maildir/, \
Marcio> maxStorage=quota_rule=*:bytes=%$
Marcio> root at mail-01:/etc/dovecot# ls -al dovecot-master-users
Marcio> -r-x------ 1 dovecot dovecot 120 Nov 13 14:45 dovecot-master-users
Marcio> --
Marcio> Marcio Merlone
Marcio> TI - Administrador de redes
Marcio> A1 Engenharia - Unidade Corporativa
Marcio> Fone: +55 41 3616-3797
Marcio> Cel: +55 41 99689-0036
Marcio> https://a1.ind.br/
More information about the dovecot
mailing list