On 2022-10-22 18:00, Christos Chatzaras wrote:
Hello,
Question #1:
For version 2.3.19.1 these commands use BLF-CRYPT, right?
doveadm pw
doveadm pw -s CRYPT
Question #2:
I want to change password schema for current users.
For users using POP3 or IMAP I can do it using a post-login script.
I have some accounts used only to send e-mails using Postfix, so no
POP3/IMAP logins for these accounts.
Is any way to change password schema for these accounts?
My config:
# 2.3.19.1 (9b53102964): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: FreeBSD 13.1-RELEASE-p2 amd64 zfs
# Hostname: server2.example.com
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
default_process_limit = 225
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 1001
mail_location =
maildir:/home/mail/%d/%n:INDEX=/tmpfs/dovecot_%u:CONTROL=/var/mail/%d/%n
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/passwd.master
driver = passwd-file
master = yes
result_success = continue
}
passdb {
args = /usr/local/etc/dovecot/passwd.suspended
deny = yes
driver = passwd-file
}
passdb {
args = /usr/local/etc/dovecot/passwd
driver = passwd-file
}
plugin {
imapsieve_mailbox1_before =
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before =
file:/usr/local/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = maildir:User quota
quota_max_mail_size = 100M
quota_rule = *:storage=2048M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/sieve.active
sieve_before = /usr/local/lib/dovecot/sieve/antispam.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3 lmtp sieve
service auth {
client_limit = 1125
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /root/cretapanel/quota-warning.sh
unix_listener quota-warning {
mode = 0666
user = dovecot
}
}
ssl_cert = </etc/ssl/certs/mail.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
userdb {
args = /usr/local/etc/dovecot/passwd
driver = passwd-file
}
verbose_proctitle = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 20
mail_plugins = quota imap_quota imap_sieve imap_zlib
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
postmaster_address = [email protected]
sendmail_path = /usr/sbin/sendmail
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = [email protected]
}
Hi there,
If I understood you correctly, yes you can. There is auth fallback in
dovecot and you can specify it for user as well as auth queries, e.g. to
full accounts including sending, you can query from the main auth and
user source and remove sender only entries in such source and add in the
fallback source with a tweak, thats setting a different password schema.
Refer to for more info:-
https://doc.dovecot.org/configuration_manual/authentication/multiple_authentication_databases/
Also, notice that it doesnt have to be database fallback, you can set
file based one, refer to:-
https://doc.dovecot.org/configuration_manual/authentication/passwd_file/
Good luck.
Zakaria.
