IRedMail/FAQ/Dovecot.Master.User

From iRedMail
Revision as of 08:55, 24 July 2013 by ZhangHuangbin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents



NOTE: Unfortunately, Dovecot Master User doesn't work with iRedMail OpenLDAP backend.


Summary

This tutorial describes how to enable Dovecot Master User in Dovecot-1.2 or Dovecot-2.x.

With Dovecot Master User:

  • it's able to log in as other mail users.
  • It's also possible to directly log in as any user using a master password, although this isn't recommended.
  • You can also use Dovecot Master User to sync mailboxes with "imapsync" between two servers which both running Dovecot as IMAP server.

Please visit Dovecot wiki page for more details about Master User:

Important notes:

  • With below settings, Dovecot Master User works with Dovecot-2.0 with or without ACL plugin enabled.
  • Dovecot Master User works with Dovecot-1.2 without ACL plugin enabled.

WARNING:

  • Please make sure accessing other's mailbox is legal under the law in your country.

Steps for Dovecot-2

  • Please append below lines in your Dovecot config file: dovecot.conf. it should be /etc/dovecot/dovecot.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot.conf (FreeBSD).
File: dovecot.conf
# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
passdb {
    driver = passwd-file
    args = /etc/dovecot/dovecot-master-user-password
    master = yes
}
  • For different backends:
    • If you're running OpenLDAP backend, please update /etc/dovecot/dovecot-ldap.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-ldap.conf, add mail=master_user, in user_query like below:
File: dovecot-ldap.conf
user_query = mail=master_user,...
    • If you're running MySQL backend, please update /etc/dovecot/dovecot-mysql.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-mysql.conf, add '%u' AS master_user in user_query like below:
File: dovecot-mysql.conf
user_query = SELECT \
    '%u' AS master_user, \          # <-- Add this line
    ...
    • If you're running PostgreSQL backend, please update /etc/dovecot/dovecot-pgsql.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-pgsql.conf, add '%u' AS master_user in user_query like below:
File: dovecot-mysql.conf
user_query = SELECT \
    '%u' AS master_user, \          # <-- Add this line
    ...
  • Create password file and add a master user master_user with password master_password.
Terminal:
# touch /etc/dovecot/dovecot-master-user-password
# chown dovecot:dovecot /etc/dovecot/dovecot-master-user-password
# chmod 0500 /etc/dovecot/dovecot-master-user-password

# htpasswd -b /etc/dovecot/dovecot-master-user-password master_user master_password

WARNING:

  • If you have auth_default_realm = domain.com in dovecot.conf, the master user name will be rewritten to master_user@domain.com if it's not a valid email address, and authentication will fail. Please either use a full email address as master user, or disable auth_default_realm setting.
  • User name master_user and password master_password is just an example, please always choose a different name and password. Using random strings is a good choice. You can get random string with below command (replace '15' by a larger integer if you want longer string):
Terminal:
$ eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 15)
86S09THpo2jFJAb
  • It's now ok to restart Dovecot service to enable Master User.

Steps for Dovecot-1

  • Please append below line in your Dovecot config file: dovecot.conf. it should be /etc/dovecot.conf or /usr/local/etc/dovecot.conf (FreeBSD).
File: dovecot.conf
# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki1.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
  • Now append below lines in section auth default {}:
File: dovecot.conf
auth default {

    # Add below lines
    passdb passwd-file {
        args = /etc/dovecot-master-user-password
        master = yes
    }

    [...omit others...]
  • Create password file and add a master user master_user with password master_password.
Terminal:
# touch /etc/dovecot-master-user-password
# chown vmail:vmail /etc/dovecot-master-user-password
# chmod 0500 /etc/dovecot-master-user-password

# htpasswd -b /etc/dovecot-master-user-password master_user master_password

WARNING:

  • If you have auth_default_realm = domain.com in dovecot.conf, the master user name will be rewritten to master_user@domain.com if it's not a valid email address, and authentication will fail. Please either use a full email address as master user, or disable auth_default_realm setting.
  • User name master_user and password master_password is just an example, please always choose a different name and password. Using random strings is a good choice. You can get random string with below command (replace '15' by a larger integer if you want longer string):
Terminal:
$ eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 15)
86S09THpo2jFJAb
  • It's now ok to restart Dovecot service to enable Master User.

Test Master User

You can now login to webmail by specifying both the master username and the login username in the same username field. For example, login to user "my_user@domain.com" with username my_user@domain.com*master_user and password master_password.

If it doesn't work for you, please enable debug mode in Dovecot and paste related log in our support forum: http://www.iredmail.org/forum/

File: dovecot.conf
mail_debug = yes
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
Personal tools