Nobody said you should go away from postfix/dbmail :-) Dovecot can work as proxy which is also good for security
For relay you need SASL and dovecot can do this with
much more features as dbmail/postfix alone
Here a working configuration which shows how it works
But you can not use all of the features with sucking dbma because most of them
based on self developed webui/tables while there is no useable one existing
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=dbmail user=proxy password=****
password_query = SELECT passwd as password, '127.0.0.1' as host, userid as
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/dovecot.conf
# Provided services
protocols = imap imaps pop3 pop3s
# Allow plaintext-auth and do not restart while software-updates are running,
manually restart for security-updates!
disable_plaintext_auth = no
shutdown_clients = no
# SSL - Enable SSL/TLS and path to certificate-files
ssl_disable = no
ssl_cert_file = /etc/postfix/certs/dbmail.pem
ssl_key_file = /etc/postfix/certs/dbmail.net.pem
# Configure ports and network-interfaces we listen
protocol imap {
listen = public-ip:143
ssl_listen = public-ip:993
}
protocol pop3 {
listen = public-ip:110
ssl_listen = public-ip:995
}
# Logging
info_log_path = /var/log/maillog
syslog_facility = mail
# Login processes
login_greeting = Mail-Service
login_dir = /var/run/dovecot/login
login_process_per_connection = no
login_processes_count = 4
login_max_processes_count = 250
# capability - make sure that this are the same as the proxied-service
login_greeting_capability = yes
imap_capability = IMAP4 IMAP4rev1 ACL NAMESPACE CHILDREN SORT
QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
# Authentication process
auth_cache_size = 8192
auth_cache_ttl = 1800
auth_username_chars =
abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz01234567890...@%
auth_username_translation = %@
# Debug-Options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# Set limit for MySQL lookup processes
auth_worker_max_count = 45
# Configure authentciation and socket for postfix-sasl-auth
auth default {
mechanisms = CRAM-MD5 DIGEST-MD5 APOP PLAIN LOGIN
user = root
count = 1
userdb static {
args = static uid=5000 gid=5000 home=/dev/null
}
passdb sql {
args = /etc/dovecot-sql.conf
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/main.cf
myhostname = dbmail
smtpd_banner = Mail-Gateway with ESMTP
mynetworks = 127.0.0.0/8,
proxy:mysql:/etc/postfix/mysql-mynetworks.cf
inet_protocols = ipv4
inet_interfaces = all
double_bounce_sender = postmas...@dbmail
address_verify_sender = postmas...@dbmail
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_pipelining
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_non_fqdn_sender, reject_non_fqdn_recipient
smtpd_recipient_restrictions = permit_mynetworks,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_destination, reject_invalid_hostname,
reject_unauth_pipelining,
check_policy_service unix:/var/spool/postfix/postgrey/socket,
check_recipient_access
mysql:/etc/postfix/mysql-spamfilter.cf
mydestination =
mysql:/etc/postfix/mysql-mydestination.cf
local_recipient_maps =
mysql:/etc/postfix/mysql-recipients.cf
recipient_canonical_maps =
mysql:/etc/postfix/mysql-rewritedomains.cf
sender_canonical_maps =
mysql:/etc/postfix/mysql-rewritesenders.cf
transport_maps =
mysql:/etc/postfix/mysql-transport.cf
sender_dependent_relayhost_maps =
mysql:/etc/postfix/mysql-sender_relay_hosts.cf
smtp_sasl_password_maps =
mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql-senderaccess.cf
unknown_local_recipient_reject_code = 550
bounce_template_file = /etc/postfix/bounce.cf
body_checks_size_limit = 65535
queue_run_delay = 300
minimal_backoff_time = 900
maximal_backoff_time = 3600
message_size_limit = 36700160
initial_destination_concurrency = 5
smtp_destination_concurrency_limit = 5
default_destination_recipient_limit = 15
transport_retry_time = 30
max_idle = 60
lmtp_max_idle = 180
dbmail-lmtp_destination_concurrency_limit = 30
in_flow_delay = ${stress?3}${stress:1}s
smtpd_error_sleep_time = ${stress?1}${stress:2}s
smtpd_soft_error_limit = ${stress?2}${stress:5}
smtpd_hard_error_limit = ${stress?5}${stress:10}
smtp_connect_timeout = ${stress?5}${stress:15}s
smtp_helo_timeout = ${stress?10}${stress:30}s
smtp_mail_timeout = ${stress?10}${stress:30}s
smtpd_tls_cert_file = /etc/postfix/certs/dbmail.pem
smtpd_tls_key_file = /etc/postfix/certs/dbmail.pem
smtpd_tls_CAfile = /etc/postfix/certs/dbmail.pem
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
readme_directory =
/usr/share/doc/postfix-2.6.2/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.2/samples
manpage_directory = /usr/share/man
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-aliases.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select target from dbma_aliases where source like '%s'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-mydestination.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select transport from dbma_mta where mydestination like '%s'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-recipients.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select alias from dbma_recipients where alias like '%s'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-rewritedomains.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select target from dbma_rewrite_domains where source like '%d'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-rewritesenders.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select target from dbma_rewrite_senders where source like '%s'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-spamfilter.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select filter from dbma_spamfilter where domain like '%d'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-transport.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select transport from dbma_transports where mydestination like
'%d' or mydestination like '%s'
_____________________________
[r...@mail:/etc/postfix]$ cat mysql-sender_relay_hosts.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select transport from dbma_sender_relay where email like '%s'
_____________________________
[r...@mail:/etc/postfix]$ cat mysql-sender_relay_hosts_auth.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select concat(username, ':', password) from dbma_sender_relay
where email like '%s'
_____________________________
[r...@dbmail:/etc/postfix]$ cat /etc/postfix/mysql-senderaccess.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = localhost
query = select userid from dbmail_users where ((select count(*) from
dbma_mta where mydestination like '%d')
> 0 or (select count(*) from dbma_sender_relay where email like '%s') > 0) and
> user_idnr>3;
Am 05.02.2010 17:19, schrieb lelandj:
>
> Hello Reindl Harald-2. I would rather remain with the Postfix MTA and
> DBbmail server, rather than switching to something else like Cyrus or
> Dovecot mail servers, as Postfix and DBmail are working fine. I can relay
> emails from within my local network, once I have enter the user's local IP
> address in "/etc/mail/access", eg (192.168.1.45 RELAY), and built the
> "access.db" file, but Postfix will not relay email coming from my IPhones
> out in the internet.
>
> Before switching to Postfix and DBmail, I used sendmail MTA, and the Cyrus
> email server. I had local IP addresses entered in the sendmail
> /etc/mail/access file, which I used to build the access.db file as follows:
>
> portmap hash /etc/mail/access.db < /etc/mail/access
>
> Postfix seems to be using Sendmail's access.db; because, when I add a new
> user, I must include their local ip address in the /etc/mail/access file and
> build the /etc/mail/access.db before the new local user can sent out emails..
> I though that was kind of strange, but that how it works for local users.
>
> However, Postfix is refusing to relay emails from the iPhones that connect
> to my mail server from outside networks. This is a good thing, as I don't
> want to be an open relay. I just need some way to let Postfix know that the
> iPhones should be trusted for relaying emails.
>
> That where sasl comes in. Postfix will recgonize emails coming from my
> roaming iPhone users, who connects from an outside networks, if the iPhone
> connect using sasl. Thanks for your information, though.
>
> Regards,
>
> LelandJ
>
>
> Reindl Harald-2 wrote:
>>
>> We are using dovecot as imap/pop3-proxy which solves CRAM-MD5, NTLM,
>> POP3S, IMAPS, TLS and other nice things and can also be used for
>> postfix-sasl-auth.
>>
>> But passwords should be plaintext in the userdb if you want
>> MD5-Authentication because dovecot takes the password from
>> the databases and calculates himself the hash to verify
>> with the one from the client
>>
>> http://www.postfix.org/SASL_README.html#server_dovecot
>>
>> So you have ONE software for all authentications which can also
>> replace chars in usernames as we need for % to @
>>
>> Am 05.02.2010 15:42, schrieb lelandj:
>>>
>>> Whoops, here is the email again without HTML stripping line feeds and
>>> carriage returns:
>>>
>>> I need to configure sasl for dbmail to allow postfix fo relay emails sent
>>> from a couple of roaming users via their iphones. The Iphones connect to
>>> different networks wirelessly, as the users roam about. The iPones
>>> receive
>>> a dynamic IP address from the network to which they connect. It is my
>>> understanding that postfix will allow relaying of emails from remote
>>> users
>>> that can connect to the mail server using sasl.
>>>
>>> I used Cyrus with sasl four or five years ago and had sasl configured to
>>> work with it using the sasldb file, which stored users names and
>>> passwords,
>>> but I'm currently using Dbmail Administrator to add/delete users using
>>> MD5
>>> authentication.
>>>
>>> Below is the /etc/imapd.conf file on my Fedora 6 mail server:
>>>
>>> allowplaintext: yes
>>> hashimapspool: 1
>>> sasl_mech_list: PLAIN
>>> sharedprefix: shared
>>> virtdomains: 0
>>> maxmessagesize: 5000000
>>> sievedir: /var/lib/imap/sieve
>>> admins: cyrus root
>>> sasl_pwcheck_method: saslauthd
>>> configdirectory: /var/lib/imap
>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>> altnamespace: 1
>>> autocreatequota_units: 1
>>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>> sendmail: /usr/sbin/sendmail
>>> unixhierarchysep: 1
>>> partition-default: /var/spool/imap
>>> sieve_maxscriptsize: 320
>>> userprefix: user
>>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>>
>>> Regards,
>>>
>>> LelandJ
>>>
>>
>> --
>>
>> Mit besten Grüßen, Reindl Harald
>> the lounge interactive design GmbH
>> A-1060 Vienna, Hofmühlgasse 17
>> software-development / cms-solutions
>> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
>> icq: 154546673, http://www.thelounge.net/
>>
>>
>>
>> _______________________________________________
>> DBmail mailing list
>> [email protected]
>> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
>>
>>
>
--
Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
