Username login instead of [email protected] in dovecot/DA

ththomas

New member
Joined
Jan 24, 2013
Messages
1
Welcome.

Is there a possibility to allow user from one certain domain on server to log to dovecot via short form - just username (not [email protected]?)
We have to achieve such a setting for one domain on our server - i.e. xyz.com, to allow login [email protected] by webmail and directly by email client also using login 'user2'
Is this possible?
I know that system users could log to their default account using their login, but i want to achieve this also for other accounts.


We're trying to edit below section in (DA/dovecot 2.1.13) /etc/dovecot.conf

passdb {
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}

args = username_format=%u /etc/virtual/xyz.com/passwd
but it looks it doesn't work.

So we'd like to achive ability that users from domain xyz.com could log only with their username, (it will be also ok if all other e-mail accounts on server should use full login ([email protected]) but also setting for all accounts to use only username will be ok.

Any help in this matter will be much appreciated.
 
No that is how it works. All email accounts are virtual. Only full linux accounts can login only as user. Why is this such a problem? This is how it will work on any email system ever.
 
Note I have no idea how it's implented but one control panel I know of it does this:

They require that all username:password pairs be unique. In otherwords if one username has password password then another user can't have the same password. The username and a hash of the password are both stored.

They use a front end to respond on the POP port, and have the POP server check both the username and the hash of the password until they find one that matches.

I don't know if they still do it or not; it's ben at least ten years (probably more since I've seen it), I don't know which POP server they used. I don't know if they ever made it work with IMAP. I don't know anything else, except that I thought it quite elegant, but a bit hard to implement.

So try to implement it :). Or give the user their own VPS, and set up all email addresses as system addresses.

Jeff
 
Well there is another way.. a workaround let's say...

If you provide a webmail for each domain (and this workaround will work just on webmail) you will be able to sed the webmail to log with just the user, in the webmail config (i did see this option in roundcube you will set to use current domainname (ex. from webmail.example.com will take example.com) as part after the @ and will fill the user insert with @example.com

I did never user or tryed this, but im pretty sure this will work, the sad part is that you will need a webmail client per domain, database should remain the same.

This should probably be done aswell with the standard directadmin roundcube installation if you proxy webmail.example.com as i do.

Regards
 
@skruf:

Does the Squirrelmail patch address the issue of the same username across multiple domains? If so, how?

And for all reading the thread: While David makes an excellent point which is true for Squirrelmail, Roundcube, and all other webmail packages, that it doesn't help with local clients, it's perfectly reasonable to install Squirrelmail, Roundcube, or whatever, on a per-domain basis if this will facilitate what you need. The only resource it's going to use more of is disk space.

Jeff
 
for Roundcube

edit /var/www/html/roundcube/config/main.inc.php
and change from $rcmail_config['username_domain'] = ''; to $rcmail_config['username_domain'] = '%t';

Update:
vi /var/www/html/roundcube/config/defaults.inc.php
from $config['username_domain'] = ''; to $config['username_domain'] = '%t';
 
Last edited:
Workaround with Dovecot

I had a similar problem because my webmail interface (Horde/IMP) automatically strips the domain (@example.com) from the username entered before submitting it, which made it impossible to login from webmail to my IMAP Server.

It would have been wise to edit or patch the Horde/IMP php code as suggested for Squirrelmail (Horde lets you write "hooks" to do this) but I'm too lazy to read the IMP doc and I'm bad at php anyway so I edited Dovecot config files instead.

Dovecot IMAP Server can be configured to add the default domain to the log-in information submitted. There is probably some similar option for other imap servers.


Hope this helps someone, someday.

Here an extract from my "/etc/dovecot/conf.d/10-auth.conf" (included in Dovecot's dovecot.conf)
Code:
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
auth_realms = example.com
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
auth_default_realm = example.com
 
Hey,

@skruf:

Does the Squirrelmail patch address the issue of the same username across multiple domains? If so, how?

And for all reading the thread: While David makes an excellent point which is true for Squirrelmail, Roundcube, and all other webmail packages, that it doesn't help with local clients, it's perfectly reasonable to install Squirrelmail, Roundcube, or whatever, on a per-domain basis if this will facilitate what you need. The only resource it's going to use more of is disk space.

Jeff

Jeff: Sorry about missing this way back when it was posted...

The Squirrelmail plugin uses the URL from the browser address... If your clients go to "webmail.domain-two.com" then the plugin appends the "domain-two.com" to the login info.

There is a config file that needs to be updated with each domain you want to use it with.

We used it in an ISP environment a few years back and it worked well. Of course you have to have your clients go to a login page with their domain... ie: webmail.client-domain.com

Best, David
 
Of course you have to have your clients go to a login page with their domain... ie: webmail.client-domain.com
Doesn't work for us because we give our clients a Certificate-protected secure URL for webmail. But it could workf or a lot of admins.

Thanks.

Jeff
 
Back
Top