On 02/13/15 00:09, Seth wrote:
On Thu, 12 Feb 2015 21:48:02 -0800, Josh Kunz <[email protected]> wrote:
Thanks for your reply. I hadn't thought of using OpenSMTPd as the
MDA, I kept trying to get the usernames to work of LMTP to dovecot.
Since I need the sieve support from dovecot, I'll probably modify
this solution to use the dovecot lda, but it's definitely put me on
the right track.
I haven't messed with the Dovecot LDA or SMTP myself so sorry can't be
of more help there.
Under this setup though, users would still have to use a "bare"
username, and wouldn't be able to sign-in using something like
<name>@<domain> as their username which isn't ideal. Is there any way
to make OpenSMTPd match the user against the entire address rather
than just the user part?
I thought about this issue right after hitting 'send'. You could setup
a separate OpenSMPTD credentials table file, but from what I
understand OpenSMTPD strips the @domain.tld portion of the username
when performing SMTPAUTH. If you have two users, [email protected] and
[email protected] then they would be forced to use the same password
to send email.
The 'Credentials tables' section of the TABLE(5) man page does not
explicitly say so, but according to this mailing list post "When doing
a login the username is always stripped from its domain part" [1].
Interestingly, there is an open Github issue [2] where the submitter
appears to be using the full email address as the username in the
credentials table. There's a line in smptd.conf 'table local_user_list
passwd:/usr/local/etc/mail/passwd'.
Then he posts contents of /usr/local/etc/mail/passwd as:
--------------------------------------------------------
[email protected]:$6$aoiuasdfhalsdfiu$2K1Ck/C/FKHeU5wqftVRuuQralARHm2EhAAxc1N3cOFfR4cggSGunhuWnJ3.SxB28h1B4b8oI6vXBxnPirJgB1:1001:1001::/vmail:/bin/nologin
[email protected]:$6$aoiuasdfhalsdfiu$dsAcqmmDZl9CAcn78GrS6vck19iNx7aRE3UNkxrZWy/lDgQg0KDh.MgmJxxpfSTLWgSYpRC1RhGgTqubb8QM/1:1001:1001::/vmail:/bin/nologin
[email protected]:$6$aoiuasdfhalsdfiu$wUDPF8uwDCPzw4HpcxlQTOI8JarPNVSFSG.p112Qi8ysBVrxLHYTcrGx1xZSM3ayEp1/8sAY0nX.OhMVubFH31:1001:1001::/vmail:/bin/nologin
So maybe the full email address can in fact be used as the login name
for SMTPAUTH and a virtual mail user setup?
Someone more knowledgeable than me is going to have to weigh in on
this one.
[1] http://www.mail-archive.com/misc%40opensmtpd.org/msg01302.html
[2] https://github.com/OpenSMTPD/OpenSMTPD/issues/530
I think my setup is similar to what you're looking for my userdb/passdb
for dovecot is as follows:
# cat userdb
edgar:{BLF-CRYPT}"password hash":5000:5000::/var/vmail/%d/%n
# cat /etc/mail/creds
[email protected] "password hash"
Just be sure to use doveadm for your dovecot password and smtpctl for
the smtpd password. Unfortunantly they were not compatible for me at least.
# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.6 amd64 ffs
auth_mechanisms = plain login
default_client_limit = 400
disable_plaintext_auth = no
first_valid_uid = 1000
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
mail_location = maildir:/var/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=BLF-CRYPT username_format=%n /var/vmail/%d/etc/userdb
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster@%d
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = _postfix
mode = 0660
user = _postfix
}
unix_listener auth-userdb {
group = _smtpd
mode = 0666
user = _smtpd
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </etc/ssl/mailserver.pem
ssl_key = </etc/ssl/private/mailserver.pem
userdb {
args = username_format=%n /var/vmail/%d/etc/userdb
default_fields = quota_rule=*:storage=1G
driver = passwd-file
}
protocol lda {
mail_plugins =
}
protocol imap {
mail_max_userip_connections = 10
mail_plugins =
}
# cat /etc/mail/smtpd.conf
# $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases db:/etc/mail/aliases.db
table vdomains file:/etc/mail/vdomains
table vusers file:/etc/mail/vusers
table signme file:/etc/mail/signme
table creds file:/etc/mail/creds
pki smtp.pettijohn-web.com certificate "/etc/ssl/smtp.pettijohn-web.com.crt"
pki smtp.pettijohn-web.com key "/etc/ssl/private/smtp.pettijohn-web.com.key"
listen on lo0
listen on egress secure pki smtp.pettijohn-web.com hostname
smtp.pettijohn-web.com
listen on egress port submission tls pki smtp.pettijohn-web.com auth
<creds> \
hostname smtp.pettijohn-web.com
listen on lo0 port 10025 tag filtered
listen on lo0 port 10027 tag signed
accept tagged filtered for domain <vdomains> virtual <vusers> deliver to
mda \
"/usr/local/libexec/dovecot/dovecot-lda -f %{sender} -d %{rcpt}"
accept from any for domain <vdomains> relay via "smtp://127.0.0.1:10024"
accept for local alias <aliases> deliver to maildir
accept tagged signed for any relay source <signme>
accept from any for any relay via "smtp://127.0.0.1:10026"
# cat /etc/mail/vusers
@pettijohn-web.com _vmail
# cat /etc/mail/signme
127.0.0.1
Basically all mail is sent to the _vmail user and if there isn't a
mailbox for the specific user it is sent to then it gets rejected by
dovecot. I've been planning on messing around with it so it gets
rejected before dovecot gets involved, but its hard to devote time to
something that isn't broken.
Hope this helps.
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
