[Dovecot] [Postfix] SASL Auth. using Dovecot with password forwarding proxy configuration

Adi Pircalabu adi at ddns.com.au
Mon Sep 3 02:41:14 EEST 2012 

On Fri, 31 Aug 2012 17:11:07 +0300
Timo Sirainen <tss at iki.fi> wrote:

> > The POP/IMAP part is working fine. What I'm trying to do is to use
> > Dovecot SASL implementation in Postfix to do SMTP authentication in
> > a similar manner. The problem I have with my current configuration
> > is that SMTP authentication succeeds if only the username matches,
> > because password forwarding works if the authentication succeeds
> > with any given password, as documented at
> > http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy  
> 
> Dovecot has no SMTP proxy (currently). And anyway Postfix doesn't use
> SMTP to do authentication, Postfix authenticates using Dovecot's
> internal protocol, which replies that Postfix should do the proxying,
> which it of course doesn't do.

Yes, I know and that's exactly what I was trying to do: use Dovecot
authentication method in Postfix to authenticate the user. Because of
the fact that Dovecot doesn't do SMTP authentication, I was thinking of
a way of using its authentication service by getting the SMTP login
credentials from the backend POP/IMAP server. The request may sound a
bit unusual, but in our case it makes sense. For our setup we currently
run:
- a farm of backend SMTP/POP/IMAP servers that are hosting the
  mailboxes and where the user credentials are managed. They are running
  Courier IMAP.
- a group of SMTP/POP/IMAP proxies. These proxies are currently
  replicating the login credentials from the backend servers and the
  routing to the backends using a local database. Perdition is currently
  the POP/IMAP proxy, but having it replaced with Dovecot would help us
  in getting the password forwarding to the backends running, which
  means we wouldn't need to store the credentials on the proxy, only
  the user->host routing entries.
Are there any plans to have Dovecot authentication service to do SMTP
authentication against IMAP or POP3 proxy provided information? This,
of course, means we'd have the authentication result tied to the
response of the backend IMAP/pop3 server.

> > My question is, given the above: is there a way to get SMTP
> > authentication properly in this scenario?  
> 
> Make Postfix authenticate against the backend Dovecot server. You'll
> need to setup service auth { inet_listener } to some port for it.

The POP/IMAP backends are running Courier IMAP, as I've just mentioned
and due to the existing hosting environment it's very unlikely to
replace it with something else.

-- 
Adi Pircalabu, System Administrator
Discount Domain Name Services Pty Ltd, a Total Internet Company
PO Box 887, Hawthorn Vic 3122, Australia, T +61 3 9815 6868
Ask me about cloud hosting services

More information about the dovecot mailing list