IRedMail/FAQ/Dovecot.Master.User

From iRedMail
Jump to: navigation, search

Contents



IMPORTANT NOTES:

  • This tutorial is obsolete. iRedMail-0.8.6 and later releases have Dovecot Master User enabled for all backends (OpenLDAP, MySQL, PostgreSQL) by default, what you need to do is adding new master user with below command:
Terminal:
# htpasswd -b -s /etc/dovecot/dovecot-master-users-password master_user master_password

Then you can login via IMAP/POP3 to access user 'user@domain.ltd's mailbox as "user@domain.ltd*master_user" with password "master_password".

  • master_user must be in valid email address format. e.g. user@domain.com. It doesn't need to exist.
  • Not all encryptions work on different Linux/BSD distributions, so if you cannot login as master user, please try different password encryption first. For example: on Debian 7, crypt() encryption (htpasswd -d) and SHA encryption (htpasswd -s) work, but MD5 (-m) doesn't.

Summary

This tutorial describes how to enable Dovecot Master User in Dovecot-1.2 or Dovecot-2.x.

With Dovecot Master User:

  • it's able to log in as other mail users.
  • It's also possible to directly log in as any user using a master password, although this isn't recommended.
  • You can also use Dovecot Master User to sync mailboxes with "imapsync" between two servers which both running Dovecot as IMAP server.

Please visit Dovecot wiki page for more details about Master User:

Important notes:

  • With below settings, Dovecot Master User works with Dovecot-2.0 with or without ACL plugin enabled.
  • Dovecot Master User works with Dovecot-1.2 without ACL plugin enabled.

WARNING:

  • Please make sure accessing other's mailbox is legal under the law in your country.

Steps for Dovecot-2

  • Please append below lines in your Dovecot config file: dovecot.conf. it should be /etc/dovecot/dovecot.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot.conf (FreeBSD).
File: dovecot.conf
# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
passdb {
    driver = passwd-file
    args = /etc/dovecot/dovecot-master-user-password
    master = yes
}
  • For different backends:
    • If you're running OpenLDAP backend, please update /etc/dovecot/dovecot-ldap.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-ldap.conf, add mail=master_user, in user_query like below:
File: dovecot-ldap.conf
user_query = mail=master_user,...
    • If you're running MySQL backend, please update /etc/dovecot/dovecot-mysql.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-mysql.conf, add '%u' AS master_user in user_query like below:
File: dovecot-mysql.conf
user_query = SELECT \
    '%u' AS master_user, \          # <-- Add this line
    ...
    • If you're running PostgreSQL backend, please update /etc/dovecot/dovecot-pgsql.conf (Linux or OpenBSD) or /usr/local/etc/dovecot/dovecot-pgsql.conf, add '%u' AS master_user in user_query like below:
File: dovecot-mysql.conf
user_query = SELECT \
    '%u' AS master_user, \          # <-- Add this line
    ...
  • Create password file and add a master user master_user with password master_password.
Terminal:
# touch /etc/dovecot/dovecot-master-user-password
# chown dovecot:dovecot /etc/dovecot/dovecot-master-user-password
# chmod 0500 /etc/dovecot/dovecot-master-user-password

# htpasswd -b /etc/dovecot/dovecot-master-user-password master_user master_password

WARNING:

  • If you have auth_default_realm = domain.com in dovecot.conf, the master user name will be rewritten to master_user@domain.com if it's not a valid email address, and authentication will fail. Please either use a full email address as master user, or disable auth_default_realm setting.
  • User name master_user and password master_password is just an example, please always choose a different name and password. Using random strings is a good choice. You can get random string with below command (replace '15' by a larger integer if you want longer string):
Terminal:
$ eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 15)
86S09THpo2jFJAb
  • It's now ok to restart Dovecot service to enable Master User.

Steps for Dovecot-1

  • Please append below line in your Dovecot config file: dovecot.conf. it should be /etc/dovecot.conf or /usr/local/etc/dovecot.conf (FreeBSD).
File: dovecot.conf
# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki1.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
Personal tools