2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2014-12-18 07:41:54 -06:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
2015-07-26 00:08:56 -05:00
< title > Dovecot Master User: Access user's mailbox without owner's password.< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2014-12-18 07:41:54 -06:00
< / head >
< body >
< div id = "navigation" >
2016-04-19 12:48:51 -05:00
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "dovecot-master-user-access-users-mailbox-without-owners-password" > Dovecot Master User: Access user's mailbox without owner's password.< / h1 >
2014-12-18 07:41:54 -06:00
< p > iRedMail-0.8.6 and later releases have Dovecot Master User enabled for all
backends (OpenLDAP, MySQL/MariaDB, PostgreSQL) by default, what you need to do
is adding new master user.< / p >
< p > iRedMail configures Dovecot to query master user accounts from config file
< code > /etc/dovecot/dovecot-master-users-password< / code > (or < code > dovecot-master-users< / code > ) by
default, you can modify this file to add or remove master user.< / p >
< p > The format is simple:< / p >
< pre > < code > username:password
< / code > < / pre >
< p > You can generate a password supported by Dovecot first. for example, SSHA512.
Let's generate password hash for our password < code > my_master_password< / code > :< / p >
< pre > < code > # doveadm pw -s SSHA512
Enter new password: my_master_password
Retype new password: my_master_password
{SSHA512}B0VHomJaMk6aLXOPglgNgJtCUA8JRnOweAwJxRW6NPWSNZ25rG/L6T05DJXH+t8WCQkemBilgkcEi6mq4Kadssivtts=
< / code > < / pre >
2015-07-31 09:13:40 -05:00
< p > You can now pick up any username you like, for example, < code > my_master_user@not-exist.com< / code > .
2015-02-18 03:37:41 -06:00
Now add new master user in file
2014-12-18 07:41:54 -06:00
< code > /etc/dovecot/dovecot-master-users-passwords< / code > like below:< / p >
2015-07-31 09:13:40 -05:00
< pre > < code > my_master_user@not-exist.com:{SSHA512}B0VHomJaMk6aLXOPglgNgJtCU...
2014-12-18 07:41:54 -06:00
< / code > < / pre >
2015-07-31 09:13:40 -05:00
< p > Now you can access < code > user@domain.ltd< / code > 's mailbox (via either IMAP or POP3
protocol) as user < code > user@domain.ltd*my_master_user@not-exist.com< / code > with password
< code > my_master_password< / code > with Roundcube webmail (it should work with other MUAs).< / p >
< p > WARNING:< / p >
< ul >
< li >
< p > Make sure file < code > dovecot-master-users-password< / code > is owned by Dovecot
daemon user and group, with file permission < code > 0500< / code > , so that others cannot view
the file content.< / p >
2014-12-18 07:41:54 -06:00
< ul >
< li > on Linux/FreeBSD, Dovecot daemon user/group is < code > dovecot/dovecot< / code > .< / li >
< li > on OpenBSD, Dovecot daemon user/group is < code > _dovecot/_dovecot< / code > .< / li >
< / ul >
2015-07-31 09:13:40 -05:00
< / li >
< li >
2015-07-31 09:26:38 -05:00
< p > If you don't append a (non-exist) mail domain name in Dovecot Master User
account, Dovecot will use the domain name of your login username. For example,
if your real user is < code > myuser@mydomain.com< / code > , when you try to access this user's
mailbox as Dovecot Master User < code > myuser@mydomain.com*my_master_user< / code > , it will
2015-07-31 09:13:40 -05:00
trigger Dovecot to verify user < code > my_master_user@mydomain.com< / code > which doesn't
exist on your server, then this login attempt fails.< / p >
< / li >
< / ul >
2014-12-18 07:41:54 -06:00
< h2 id = "troubleshooting" > Troubleshooting< / h2 >
< p > If it doesn't work for you, please enable debug mode in Dovecot and check
its log file. If you don't understand what the log says, please create a new
topic in our forum and paste related log:< / p >
< ul >
< li > < a href = "./debug.dovecot.html" > Debug Dovecot< / a > < / li >
< li > < a href = "http://www.iredmail.org/forum/" > iRedMail online support forum< / a > < / li >
2015-07-31 09:02:32 -05:00
< / ul >
< h2 id = "references" > References< / h2 >
< ul >
< li > Dovecot wiki: < a href = "http://wiki2.dovecot.org/Authentication/MasterUsers" > Master users/passwords< / a > < / li >
2016-05-19 06:51:20 -05:00
< / ul > < div class = "footer" >
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
2015-02-05 07:02:53 -06:00
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
2014-12-18 07:41:54 -06:00
< / script >
< / body > < / html >