0

I have set up a Debian 10 mail server with sendmail and dovecot+virtual users in preparation of a migration (the old server is also running sendmail + dovecot, but older versions and with "real" users).

On the dovecot side, everything is peachy. I set up a passwd-file auth for testing, and I can log in, save drafts, and see locally delivered mail in my IMAP client.

However, when sending, sendmail is set up to require authentication, and I am looking for a way to let sendmail use the same auth database as dovecot, ideally even authenticate against dovecot (via SASL?).

Searching the web has not yielded any useful results, apparently the sendmail + dovecot combination is relatively rare. While I don't intend to stay on this forever, I am looking for a quick solution now to buy me time for migrating to a new stack.

moeffju
  • 123
  • 5

2 Answers2

1

You can configure cyrus-sasl to auth against dovecot using remote imap capability.

For example in CentOS (auth against local IMAP/Dovecot):

/etc/sysconfig/saslauthd

MECH=rimap
FLAGS=" -O 127.0.0.1"

However, this might be problematic, because you are going to do much more connections to IMAP server and in logs, you will see login attempts from localhost so bear that in mind.

Michal Žila
  • 11
  • 1
0

Try using dovecot-msa on port msa(587) with "local sendmail like" relaying to 127.0.0.1:25.
IMHO it is a simple way to use dovecot maintained passwords for IMAP, POP3 and SMTP.

Use FEATURE(no_default_msa) in sendmail.mc to disable sendmail listening on port 587.

Warning: making sendmail know list of valid virtual email addresses handled by dovecot is a separate issue [back-scatter prevention].

Community
  • 1
AnFi
  • 886
  • 4
  • 10
  • I’ll try this tomorrow! – moeffju Feb 13 '20 at 21:59
  • So, after installing and configuring dovecot-submission, it accepts connections on :587 and authenticates correctly, but when passing them to the local sendmail, that says it does not know any users. I have configured sendmail with a mailertable but it does not seem to apply it. Down the rabbit hole… – moeffju Feb 15 '20 at 13:27
  • Have you made any changes in sendmail config to integrate it with dovecot? [mailers, relays, local_mailer, …]. There are two obvious ways: a) periodically export list of valid email addresses from dovecot to format sendmail likes b) for SMALL installations make sendmail read TEXT files in dovecot config. Accepting every email in domains handled by dovecot is not a good choice in "spam era". – AnFi Feb 15 '20 at 14:19
  • Yes, I had set up dovecot-lmtp and local delivery works, I have tried both `mailertable` and `virtusertable` to have sendmail pass mail to dovecot-lmtp, but failed. I was close to giving up and just reproducing the old setup with system users, but then decided to just go with postfix, see if I can make that work, first. – moeffju Feb 15 '20 at 14:27
  • I’m going to accept the answer as it’s absolutely right but sendmail is annoying. Another option would be to have sendmail authenticate against dovecot-sasl, but I couldn’t figure that out either. – moeffju Feb 15 '20 at 14:27
  • @moeffju In sendmail config try `FEATURE(local_lmtp)` or `FEATURE(local_procmail)` [Both require additional parameters]. `local_procmail` will allow you to execute dovecot-lda program as local mailer substitute. – AnFi Feb 15 '20 at 14:55
  • @moeffju Sorry, both above methods without extra tricks will deal with "domain less" email addresses. – AnFi Feb 15 '20 at 19:23