Have sendmail authenticate users against dovecot (or passwd-style files)

0

I have set up a Debian 10 mail server with sendmail and dovecot+virtual users in preparation of a migration (the old server is also running sendmail + dovecot, but older versions and with "real" users).

On the dovecot side, everything is peachy. I set up a passwd-file auth for testing, and I can log in, save drafts, and see locally delivered mail in my IMAP client.

However, when sending, sendmail is set up to require authentication, and I am looking for a way to let sendmail use the same auth database as dovecot, ideally even authenticate against dovecot (via SASL?).

Searching the web has not yielded any useful results, apparently the sendmail + dovecot combination is relatively rare. While I don't intend to stay on this forever, I am looking for a quick solution now to buy me time for migrating to a new stack.

moeffju

Posted 2020-02-13T20:35:39.650

Reputation: 123

Answers

0

Try using dovecot-msa on port msa(587) with "local sendmail like" relaying to 127.0.0.1:25.
IMHO it is a simple way to use dovecot maintained passwords for IMAP, POP3 and SMTP.

Use FEATURE(no_default_msa) in sendmail.mc to disable sendmail listening on port 587.

Warning: making sendmail know list of valid virtual email addresses handled by dovecot is a separate issue [back-scatter prevention].

AnFi

Posted 2020-02-13T20:35:39.650

Reputation: 771

I’ll try this tomorrow! – moeffju – 2020-02-13T21:59:29.273

So, after installing and configuring dovecot-submission, it accepts connections on :587 and authenticates correctly, but when passing them to the local sendmail, that says it does not know any users. I have configured sendmail with a mailertable but it does not seem to apply it. Down the rabbit hole… – moeffju – 2020-02-15T13:27:04.260

Have you made any changes in sendmail config to integrate it with dovecot? [mailers, relays, local_mailer, …]. There are two obvious ways: a) periodically export list of valid email addresses from dovecot to format sendmail likes b) for SMALL installations make sendmail read TEXT files in dovecot config. Accepting every email in domains handled by dovecot is not a good choice in "spam era". – AnFi – 2020-02-15T14:19:22.700

Yes, I had set up dovecot-lmtp and local delivery works, I have tried both mailertable and virtusertable to have sendmail pass mail to dovecot-lmtp, but failed. I was close to giving up and just reproducing the old setup with system users, but then decided to just go with postfix, see if I can make that work, first. – moeffju – 2020-02-15T14:27:04.230

I’m going to accept the answer as it’s absolutely right but sendmail is annoying. Another option would be to have sendmail authenticate against dovecot-sasl, but I couldn’t figure that out either. – moeffju – 2020-02-15T14:27:32.520

@moeffju In sendmail config try FEATURE(local_lmtp) or FEATURE(local_procmail) [Both require additional parameters]. local_procmail will allow you to execute dovecot-lda program as local mailer substitute. – AnFi – 2020-02-15T14:55:51.620

@moeffju Sorry, both above methods without extra tricks will deal with "domain less" email addresses. – AnFi – 2020-02-15T19:23:43.443

Asked: 2020-02-13T20:35:39.650

Viewed: 25 times

Active: 2020-02-15T14:53:23.113