[BlueOnyx:26550] Re: Dovecot Aliases for email username?

Michael Stauber mstauber at blueonyx.it
Sat Oct 21 01:26:43 -05 2023 

Hi Greg,

> Hmm. Not happy with Microsoft on this one.

Yeah, it's a stupid change. They break something and we have to bend 
over backwards? Not really.

> At the very least, it should be opt in… Just saying.

Indeed. And it's even pretty complicated. Sure, I can write something 
that (if the feature is enabled) dumps out a dovecot alias file and 
keeps it updated whenever email server aliases, user email aliases or 
users and vsites in general change.

But that doesn't solve another problem: Saslauth will also then need a 
similar change to be able to accept logins with username or email 
address. And that's where it gets a little tricky.

Either way: This is somewhat complicated and invasive and it's not some 
code I can crank out and properly test in a day or three.

There is a half-assed half-measure, though:

In /etc/dovecot/conf.d/10-auth.conf one can set this:

auth_username_format = %Ln

And in Postfix's /etc/postfix/main.cf the following settings are needed:

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
auth_username_format = %n

At least according to what I could just dig up. Some of these settings 
are already present. But essentially it switches Postfix from using 
"cyrus" to using Dovecot for auth-checks.

And the ...

auth_username_format = %Ln

... in /etc/dovecot/conf.d/10-auth.conf will then allow both ...

<username>@<vsite-FQDN>
... as well as ...
<username>

The caveat of this is: It won't allow:

<email-alias>@<vsite-FQDN>
... or ...
<email-alias>@<vsite-email-server-alias>

In ordert to cover these as well we'd need to write out and maintain a 
complete alias file for Dovecot as linked in the first message of this 
topic.

And that's just the Postfix side of things and Sendmail is an entirely 
different topic. If I do this, then probably only for Dovecot and 
Postfix anyway.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list