Am 05.09.2013 16:39, schrieb Pascal Longrais: > I am a long time user of dbmail as an imapd service for webmail clients. > > I would like now to setup a complete mail system with SMTP service and common > SASL auth for all. > > Reading this discussion, I am wondering why using dovecot as proxy and not > postfix which is there for SMTP relay > service?
because Postfix is not a IMAP/POP3 nor any proxy
postfix is an MTA
> Because : 1) POP over TLS isnt supported by postfix?
you are mixing POP3/IMAP/SMTP
postfix is SMTP only
2) Dovecat has more spam filtering features ?
not relevant in my case -> MX is a Barracuda Networks appliance
dovecot simply offered TLS and non-plaintext auth-mechs while
dbmail2 did not and since it greatly handles SASAL and makes
the whole setup in doubt more secure because before successful
authentication on the dovecot-proxy happened which is done
directly with the mysql-database the client machine has
no connection to the dbmail-backend behind dovecot
some of this reasons are no longer true for dbmail3 but
never change a running system
oh - and dbmail here logs only real errors and OP3/IMAp
logging is done from dovecot alone - makes it easier
to grep through mailllog by processnames
> Regarding SASL auth mechanisums, why prefering postfix over dovecot, as I
> understood both have capabilities to
> identify users through a sql driver?
the other drirection if you look at my config below
prefer dovecot over postfix while both is technically incorrect
postfix is using SASL offered by dovecot, the advantage is
simply that you have exactly the same auth-mechs on IMAP/PO3/SMTP
and in my case also the same username translations treat % and @
identical (historical reasons of no longer existing environoment
but only god knows how many clients still using the %)
>> # configure backend for postfix sasl-auth
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>> }
configures dovecot to offer SASL for postfix
while "smtpd_sasl_type = dovecot" in main.cf is
using dovecot SASL instead cyrus
> Le 03/09/2013 04:39, Reindl Harald a écrit :
>>
>> Am 03.09.2013 04:21, schrieb Regan Yelcich:
>>> Can anyone point me in the direction of a detailed how-to for setting up a
>>> postfix and dovecot (proxy) node with dbmail?
>>>
>>> In particular I'm looking for a how-to which shows dovecot authenticating
>>> against the dbmail database directly.
>>>
>>> The only example I've found is this one which requires a duplication of the
>>> user database.
>>> http://content.fens.org/index.php?q=admin-howto/mail/dovecot2dbmail-proxy
>> ___________________________________________________
>>
>> [root@testserver:~]$ cat /etc/dovecot/sql.conf
>> driver = mysql
>> connect = host=/var/lib/mysql/mysqld.sock dbname=dbmail
>> user=dbmail password=***********
>> password_query = SELECT passwd as password, '127.0.0.1' as host, userid
>> as destuser, passwd AS pass, 'Y' AS
>> nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
>> default_pass_scheme = plain
>> ___________________________________________________
>>
>> [root@testserver:~]$ cat /etc/dovecot/dovecot.conf
>> # provided services
>> protocols = imap pop3
>>
>> # configure ssl
>> ssl = yes
>> ssl_cert = </etc/postfix/certs/localhost.pem
>> ssl_key = </etc/postfix/certs/localhost.pem
>> ssl_cipher_list =
>> EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2
>>
>> # configure imap-proxy
>> service imap-login {
>> inet_listener imap {
>> address = <public-ip>
>> port = 143
>> }
>> inet_listener imaps {
>> address = <public-ip>
>> port = 993
>> }
>> vsz_limit = 256M
>> service_count = 0
>> process_min_avail = 1
>> process_limit = 1
>> client_limit = 200
>> }
>>
>> # configure pop3-proxy
>> service pop3-login {
>> inet_listener pop3 {
>> address = <public-ip>
>> port = 110
>> }
>> inet_listener pop3s {
>> address = <public-ip>
>> port = 995
>> }
>> vsz_limit = 256M
>> service_count = 0
>> process_min_avail = 1
>> process_limit = 1
>> client_limit = 200
>> }
>>
>> # default settings
>> imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
>> CHILDREN SORT QUOTA
>> THREAD=ORDEREDSUBJECT UNSELECT IDLE
>> login_greeting =
>> login_log_format_elements = %u %r %m %c
>> login_log_format = %$: %s
>> mail_max_userip_connections = 100
>> auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
>> disable_plaintext_auth = no
>> shutdown_clients = no
>> version_ignore = yes
>>
>> # Logging
>> syslog_facility = mail
>>
>> # authentication process
>> auth_worker_max_count = 50
>> auth_cache_size = 1024
>> auth_cache_ttl = 600
>> auth_cache_negative_ttl = 600
>> auth_username_chars =
>> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
>> auth_username_translation =
>> %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
>>
>> # debug options
>> auth_debug = no
>> auth_debug_passwords = no
>> auth_verbose = no
>> mail_debug = no
>> verbose_ssl = no
>>
>> # configure proxy-database
>> passdb {
>> driver = sql
>> args = /etc/dovecot/sql.conf
>> }
>>
>> # we are not using local users
>> userdb {
>> driver = static
>> args = static uid=10000 gid=10000 home=/dev/null
>> }
>>
>> # configure backend for postfix sasl-auth
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>> }
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> DBmail mailing list
>> [email protected]
>> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
>
>
>
> _______________________________________________
> DBmail mailing list
> [email protected]
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
>
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
