[BlueOnyx:26551] Re: Dovecot Aliases for email username?

Sun Oct 22 05:54:35 -05 2023

Hi Michael,

I believe part of the solution is also setting the zones for the e-mail domain up with specific SRV records, pointing to a web service that outputs an XML with e-mail server configuration.
I never looked into this very thoroughly, but maybe the XML file can also contain the right username (format).

I have created a plugin for Roundcube ages ago to have people login with their e-mail address.
I haven’t seen any abuse the last 10 years.

People should just have secure passwords :)

Kind regards,

Taco

Taco

> On 21 Oct 2023, at 08:26, Michael Stauber via Blueonyx <blueonyx at mail.blueonyx.it> wrote:
> 
> Hi Greg,
> 
>> Hmm. Not happy with Microsoft on this one.
> 
> Yeah, it's a stupid change. They break something and we have to bend over backwards? Not really.
> 
>> At the very least, it should be opt in… Just saying.
> 
> Indeed. And it's even pretty complicated. Sure, I can write something that (if the feature is enabled) dumps out a dovecot alias file and keeps it updated whenever email server aliases, user email aliases or users and vsites in general change.
> 
> But that doesn't solve another problem: Saslauth will also then need a similar change to be able to accept logins with username or email address. And that's where it gets a little tricky.
> 
> Either way: This is somewhat complicated and invasive and it's not some code I can crank out and properly test in a day or three.
> 
> There is a half-assed half-measure, though:
> 
> In /etc/dovecot/conf.d/10-auth.conf one can set this:
> 
> auth_username_format = %Ln
> 
> And in Postfix's /etc/postfix/main.cf the following settings are needed:
> 
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_exceptions_networks = $mynetworks
> auth_username_format = %n
> 
> At least according to what I could just dig up. Some of these settings are already present. But essentially it switches Postfix from using "cyrus" to using Dovecot for auth-checks.
> 
> And the ...
> 
> auth_username_format = %Ln
> 
> ... in /etc/dovecot/conf.d/10-auth.conf will then allow both ...
> 
> <username>@<vsite-FQDN>
> ... as well as ...
> <username>
> 
> The caveat of this is: It won't allow:
> 
> <email-alias>@<vsite-FQDN>
> ... or ...
> <email-alias>@<vsite-email-server-alias>
> 
> In ordert to cover these as well we'd need to write out and maintain a complete alias file for Dovecot as linked in the first message of this topic.
> 
> And that's just the Postfix side of things and Sendmail is an entirely different topic. If I do this, then probably only for Dovecot and Postfix anyway.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx