SASL AUTH with postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

SASL AUTH with postfix

Dovecot mailing list
Hi,

I just moved from Cyrus SASL to Dovecot SASL, with postfix.
Works great, and no issue with non-ascii chars, has i had with Cyrus.

With Cyrus i was getting the username/passwd via SQL, with this:

sql_select: select password from smtp_auth_users where username='%u@%r' and
status='true'

worked ok for users with email addresses, and i had some special users that
were just a name, like "user-1", and i was able to AUTH it.
Postfix had:
smtpd_sasl_local_domain = fastmail

and in the database i had the username in the format: user-1@fastmail
and worked ok.

How can i have the same with dovecot SASL?
Thanks in advanced,

Reply | Threaded
Open this post in threaded view
|

Re: SASL AUTH with postfix

Dovecot mailing list
Jorge Bastos via dovecot skrev den 2019-11-13 22:00:

> How can i have the same with dovecot SASL?
> Thanks in advanced,

https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
Reply | Threaded
Open this post in threaded view
|

RE: SASL AUTH with postfix

Dovecot mailing list
Jorge Bastos via dovecot skrev den 2019-11-13 22:00:

> How can i have the same with dovecot SASL?
> Thanks in advanced,

https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

Hi benny,
Thanks,
That's exactly what i have in postfix:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

plus:
smtpd_sasl_local_domain = fastmail

but the user that i have in the table, that worked with Cyrus, in the
format: "username@fastmail", it's not working with dovecot

meanwhile i was thinking, the auth is beeing made into the main table... i
just figured it out now!
How could i have the auth for dovecot SASL in a different table? I'd like to
keep having one sql table for imap/pop3 auth, and another for smtp,
This gives me the advantage of blocking only the outgoing emails for the
users, in case if a password is caught, which is very handy at least for me
as sysadm

Reply | Threaded
Open this post in threaded view
|

Re: SASL AUTH with postfix

Dovecot mailing list
Jorge Bastos via dovecot skrev den 2019-11-13 23:53:
> Jorge Bastos via dovecot skrev den 2019-11-13 22:00:

> plus:
> smtpd_sasl_local_domain = fastmail
>
> but the user that i have in the table, that worked with Cyrus, in the
> format: "username@fastmail", it's not working with dovecot

if that fails dovecot have no password for that non fqdn mail

solution dont add this to postfix

in dovecot is realm setup ?
Reply | Threaded
Open this post in threaded view
|

RE: SASL AUTH with postfix

Dovecot mailing list
Hi Benny,

I've tried to search for the realm part in dovecot but didn't found it,
Could you guide me to it?

-----Original Message-----
From: dovecot <[hidden email]> On Behalf Of Benny Pedersen via
dovecot
Sent: 13 de novembro de 2019 23:33
To: [hidden email]
Subject: Re: SASL AUTH with postfix

Jorge Bastos via dovecot skrev den 2019-11-13 23:53:
> Jorge Bastos via dovecot skrev den 2019-11-13 22:00:

> plus:
> smtpd_sasl_local_domain = fastmail
>
> but the user that i have in the table, that worked with Cyrus, in the
> format: "username@fastmail", it's not working with dovecot

if that fails dovecot have no password for that non fqdn mail

solution dont add this to postfix

in dovecot is realm setup ?

Reply | Threaded
Open this post in threaded view
|

Re: SASL AUTH with postfix

Dovecot mailing list
Jorge Bastos via dovecot skrev den 2019-11-14 16:25:

> I've tried to search for the realm part in dovecot but didn't found it,
> Could you guide me to it?

doveconf -d | grep realm

doveconf -n if more help is needed
Reply | Threaded
Open this post in threaded view
|

Re: SASL AUTH with postfix

Dovecot mailing list

On 2019-11-14 15:41, Benny Pedersen via dovecot wrote:

Jorge Bastos via dovecot skrev den 2019-11-14 16:25:

I've tried to search for the realm part in dovecot but didn't found it,
Could you guide me to it?

doveconf -d | grep realm

doveconf -n if more help is needed


Thanks Benny,

It was in my front and didn't saw it.
Now i need to go further, have the SASL auth being read from a diferrent table than the password_query for *sql.

In the below conf, would it be possible and how, to check an specific sql table for auth?

service auth {
  # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    # Assuming the default Postfix user and group
    user = postfix
    group = postfix
    }
}

Reply | Threaded
Open this post in threaded view
|

Re: SASL AUTH with postfix

Dovecot mailing list
On 2019-11-14 22:57, Jorge Bastos via dovecot wrote:

> It was in my front and didn't saw it.
> Now i need to go further, have the SASL auth being read from a
> diferrent table than the password_query for *sql.

https://doc.dovecot.org/configuration_manual/authentication/sql/

> In the below conf, would it be possible and how, to check an specific
> sql table for auth?

missguiding, the auth below is just the dovecot socket for dovecot-sasl
auth in postfix

for sql baackends you need to read above link, are you have solved the
realm problem or want to ditt it ?

> service auth {
>   # Postfix smtp-auth
>     unix_listener /var/spool/postfix/private/auth {
>     mode = 0660
>     # Assuming the default Postfix user and group
>     user = postfix
>     group = postfix
>     }
> }