Re: dovecot/postfix fconfiguration

To: Steve Blinkhorn <steve%prd.co.uk@localhost>
Subject: Re: dovecot/postfix fconfiguration
From: Rhialto <rhialto%falu.nl@localhost>
Date: Tue, 1 Oct 2013 20:38:00 +0200

On Tue 01 Oct 2013 at 18:22:06 +0100, Steve Blinkhorn wrote:
> The basic aim, as before, is to graft dovecot on to an existing email
> server to allow remote mail access from smartphones.   I'm trying to
> get dovecot running, but when I start it up I get:

I've done pretty much the same thing a while ago. I can't promise that I
remember everything that I did.

I wanted the mobile users to have passwords different from the login
passwords, since I don't trust smartphones to keep them secret properly.
For that purpose I made a file /usr/pkg/etc/dovecot/users in which I
filled in passwords as created with the help of "doveadm pw -s cram-md5
-p PASSWORD". The result from that is something like

{CRAM-MD5}9cba200812bdf46b285702f499f32b5729ead2809a24b50618eeb9d3fd278149

which should be put in the users file as

username:{CRAM-MD5}9cba200812bdf46b285702f499f32b5729ead2809a24b50618eeb9d3fd278149

To test plaintext passwords, use

username:{PLAIN}PASSWORD

That password file is referenced from this file (which I probably made
myself from other parts) which should be included from 10-auth.conf.

# Authentication for system users. Included from auth.conf.
#
# <doc/wiki/PasswordDatabase.txt>
# <doc/wiki/UserDatabase.txt>

passdb {
  driver = passwd-file
  args = scheme=PLAIN username_format=%u /usr/pkg/etc/dovecot/users
  # Passwords are created with 'doveadm pw -s cram-md5'
}

##
## User databases
##

# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
  # <doc/wiki/AuthDatabase.Passwd.txt>
  driver = passwd
}

To allow users to send their mail via your mailer daemon, you need to
tell it about some authentication scheme too. I use sendmail and needed
to install security/cy2-crammd5. CRAM-MD5 is one of several possible
authorization schemes for cyrus-sasl (which will also be installed as a
dependency). [[note: perhaps this was needed for dovecot already; It has
been a while and I've forgotten]]

In my sendmail .mc file I just needed to add

TRUST_AUTH_MECH(`EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')

and in my mk.conf

PKG_OPTIONS.sendmail += sasl

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- The Doctor: No, 'eureka' is Greek for
\X/ rhialto/at/xs4all.nl    -- 'this bath is too hot.'

Attachment: pgpbqIOo5oVmy.pgp
Description: PGP signature

References:
- dovecot/postfix fconfiguration
  - From: Steve Blinkhorn

Prev by Date: dovecot/postfix fconfiguration
Next by Date: Re: dovecot/postfix fconfiguration
Previous by Thread: dovecot/postfix fconfiguration
Next by Thread: Re: dovecot/postfix fconfiguration
Indexes:

Home | Main Index | Thread Index | Old Index