Postfix user@domain ?

Discussion in 'Tips/Tricks/Mods' started by cryptic, Apr 24, 2007.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    The dovecot hcak will not cause any problems with ISPConfig updates, as the dovecot configuration files are not altered.

    The hack requires that you use "[DOMAIN]_" as user prefix. But you might be able to use the hack without username prefix if you change the auth_username_format line.
     
  2. ibrahimak

    ibrahimak New Member

    Hi i have Mandriva 2008 Perfect Server Setup and ISPConfig.But i couldnt find /etc/courier or /etc/dovecot .. So i cant setup user@domain thing. :( help please.
     
  3. falko

    falko Super Moderator Howtoforge Staff

    Did you install Courier or Dovecot?
     
  4. Rockdrala

    Rockdrala New Member

    I got this working with two things that are problems

    It makes the FTP login name really long.

    and if the domain name is long it leaves hardly any room to create a user name in ISPconfig for the email address.

    Is there a way to raise the character amount? and make the FTP login name more conventional?
     
  5. Rockdrala

    Rockdrala New Member

    .

    I dont think spam checker is working anymore using this hack.

    Is there a modification that needs to be made?

    Peace and <3
     
  6. nachiketa

    nachiketa New Member

    Many thanks to Torfinn Nome for this nice and much needed hack. I have only recently started using ISPConfig and just have few doubts before making the changes live.

    1> Does it really effects spam checking as the earlier post reports?

    2> Does this effect in any way for Mailuser login option of ISPConfig?

    Help is much appreciated.
     
  7. Rockdrala

    Rockdrala New Member

    This hack cuased the spam filter to not work. were getting hit with 1000+ spam emails a day and the spam filter is not catching them.

    Before the hack it was working great. Now were getting a crapload of spam.

    wtb instructions on how to revert.
     
  8. nachiketa

    nachiketa New Member

    Rockdrala, in my opinion you can any time revert to old setup by restoring original postfix main.cf and dovecot.conf and have everything working as before.
     
  9. Rockdrala

    Rockdrala New Member

    I didnt back it up.

    If i knew the spam catcher wouldnt have worked i would have.
     
  10. nachiketa

    nachiketa New Member

    you can comment out
    auth_username_format="%Ld_%Ln"
    as well whole
    socket listen section in dovecot.conf

    +
    comment out
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    in main.cf of postfix and you get your original setup back.
     
  11. Rockdrala

    Rockdrala New Member

    Whats the prefix webID something.

    Hopefully we can get this implemented with all the functions working with it. it would be nice.
     
  12. Rockdrala

    Rockdrala New Member

    Ive grabbed the dovecot.conf off my ns2 server with its installation all is back to normal now.

    Thanks for the advice ^^.
     
  13. digerati

    digerati New Member

    I cant get this to work for anything.

    Why is it so difficut to simply want username@domain for web and for clients and have it that way for several domains.

    (sigh)
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    This is not difficult. Just change the dovecot and postfix configuration as described in the posts, thats all. Then setup the user name prefix.

    You can not use @ signs in normal usernames as linux usernames may not conztin a @ sign.
     
  15. digerati

    digerati New Member

    Ok I will give it a better try when I am back at the office tomorrow.

    Thanks.
     
  16. digerati

    digerati New Member

    I followed the "perfect fedora 7 setup" as well and added ispconfig to the system.

    My conf files appear a bit differant than the ones posts and I am unsure what to do at the moment to get this into action.

    Server is fedora 7
    domain is waco-eng.com and the domains added inside ispconfig are www.waco-eng.com and www.profabusa.com

    Apache version 2.2.8
    ProFTPd version 1.31
    Dovecot Version 1.0.13
    Postfix Version 2.4.5
    ISPConfig Version: 2.2.21

    My Dovecot conf

    Code:
    protocol imap {
    
    }
    
    protocol pop3 {
    
    }
    
    protocol lda {
    
    }
    
    auth default {
      mechanisms = plain
      passdb pam {
        
      }
    
      userdb passwd {
    
      }
      
      user = root
    
    }
    
    dict {
      #quota = mysql:/etc/dovecot-dict-quota.conf 
    }
    
    plugin {
      
    }

    My Main.cf from postfix
    Code:
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debug_peer_list = some.domain
    debugger_command =
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.4.5/samples
    readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
    smtpd_sasl_local_domain = 
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    mynetworks = 127.0.0.0/8
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_sasl_authenticated_header = yes
    myhostname = waco-eng.com
    home_mailbox = Maildir/
    mailbox_command = 
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    I excluded all the Commented out statments in each file.
     
  17. digerati

    digerati New Member

    I looked back through this forum and just made the changes to the best of my ability, restarted the services and I still cant get it to work.

    I edited my dovecot to look like this.
    Code:
    protocols = imap imaps pop3 pop3s
    
    protocol pop3 {
    }
    
    protocol lda {
    # Address to use when sending rejection mails.
    postmaster_address = [email protected]
    }
    auth default {
    # Space separated list of wanted authentication mechanisms:
    # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }
    }
    
    dict {
    }
    
    plugin {
    }
    Then my main.cf to look like this.
    Code:
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debug_peer_list = some.domain
    debugger_command =
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.4.5/samples
    readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
    #added next two lines (digerati)
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_local_domain = 
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    mynetworks = 127.0.0.0/8
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_sasl_authenticated_header = yes
    myhostname = waco-eng.com
    home_mailbox = Maildir/
    mailbox_command = 
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names

    Then changed my user prefix in ispconfig to [DOMAIN]_

    Restarted services
    Code:
    [root@waco-eng ~]# /etc/init.d/dovecot restart
    Stopping Dovecot Imap:                                     [  OK  ]
    Starting Dovecot Imap:                                     [  OK  ]
    [root@waco-eng ~]# /etc/init.d/postfix restart
    Shutting down postfix:                                     [  OK  ]
    Starting postfix:                                          [  OK  ]
    [root@waco-eng ~]# /etc/init.d/ispconfig_server restart
    Shutting down ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl stop: httpd stopped
    ISPConfig system stopped!
    Starting ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl startssl: httpd started
    ISPConfig system is now up and running!

    I created a testone account
    Code:
    [root@waco-eng ~]# cat /etc/postfix/virtusertable
    ###################################
    #
    # ISPConfig virtusertable Configuration File
    #         Version 1.0
    #
    ###################################
    [email protected]    waco-eng.com_testone
    [email protected]    waco-eng.com_testone
    [email protected]    waco-eng.com_testone
    [email protected]    waco-eng.com_testone
    [email protected]    profabadmin
    [email protected]    profabadmin
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    In Outlook E I added the user using just the username and password.
    It will not check mail. IT chokes
    Apr 11 08:46:26 waco-eng dovecot: pop3-login: Disconnected: user=<testone>, method=PLAIN, rip=::ffff:192.168.1.100, lip=::ffff:192.168.1.14

    This is what OE had to say about it.
    "There was a problem logging onto your mail server. Your Password was rejected. Account: 'testone', Server: 'waco-eng.com', Protocol: POP3, Server Response: '-ERR Authentication failed.', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC92"

    Then I tried to login via roundcube, again chokes.

    Apr 11 08:47:12 waco-eng dovecot: imap-login: Disconnected: user=<testone>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
     
    Last edited: Apr 11, 2008
  18. critter

    critter New Member

    works great! many thanks! :))
     
  19. radim_h

    radim_h Member

    Two main problems when using Dovecot

    There are two main problems with [DOMAN_] hack

    1. you must always use identical
    Email Address: and Username:
    when creating new user
    or you will not be able to log into mail

    2. You have only 31 charecters for domain.tld_user.name
    which is causing troubles

    (anyway, why the forms are cut to 31 when max usename lenght is 32 ?)

    There is no way to use different checking in dovecot then
    auth_username_format ="%Ld_%Ln"
    as the Email Adresses arent saved anywhere in the MySQL database , just in /etc/postfix/virtusertable

    Of course you can comment out lines
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    but then is comming main trouble, SMTP will expect domain.tld_username format when checking against Cyrus SASL :((
     
    Last edited: Aug 11, 2008
  20. pcxtra

    pcxtra New Member

    I finally got it working to login e-mail with [email protected] (both outlook client and webmail)!

    I've ispconfig on fedora 9 with postfix / dovecot and squirrelmail.

    In ISPconfig I use the username prefix [DOMAIN]_ (available via ISPconfig interface in the manage menu)

    When making a username ALWAYS keep it equel to the email name. So e-mail test@domain.ltd then username should be domain.ltd_test
    This is important! Because in dovecot you can configure that an e-mail address having the format test@domain.ltd will be transposed to domain.ltd_test before it authenticates.

    To do this edit the /etc/dovecot.conf file to have:
    auth_username_format="%Ld_%Ln"

    I used the normal squirrelmail installation (yum install) and NOT the addon of ISPconfig. Reason is that I wanted to have webmail on the normal http port 80 and not 81 (not possible behind proxy). Additional the dovecot trick didn't work with the plugin version as it's customized too much.

    So far no new things which I couldn't find on this forum. However I ran unto trouble by the limitation of 32 characters for the username. So [email protected] failed to work as the user name in the passwd file was limited to verylongdomainname.ltd_verylonge! My fedora 9 could easily work with more than 32 characters for the username (not sure what is the limit) however ISPConfig limits the username in the database. In the table isp_isp_user I've modified the size of the user_username field from 32 to 64 and all worked fine also for longer usernames.

    So the results is that customers can use nicely [email protected] in their e-mail client and also on their webmail to login.

    To keep username consistent with the e-mail I did modify the user form in ISPconfig and about 4 lines in a script, however this is not really needed as long as you keep both the same manually. Actually I don't understand why ISPCOnfig differentiates this and askes this input. It's much too difficult for the average customer. For this I still prefer ravencore which really simplifies for the customers and would appreciate if ISPconfig can simplify this as well. So only one input box for the username which automatically becomes the e-mail address.
     
    Last edited: Nov 10, 2008

Share This Page