elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/howto/dovecot.master.user.md

2.5 KiB
Raw Permalink Blame History

Dovecot Master User: Access user's mailbox without owner's password.

iRedMail-0.8.6 and later releases have Dovecot Master User enabled for all backends (OpenLDAP, MySQL/MariaDB, PostgreSQL) by default, what you need to do is adding new master user.

Dovecot is configured to query master user accounts from file /etc/dovecot/dovecot-master-users, you can update this file to add or remove master user.

The format is simple:

username:password

You can generate a password supported by Dovecot first. for example, SSHA512. Let's generate password hash for our password my_master_password:

# doveadm pw -s SSHA512
Enter new password: my_master_password
Retype new password: my_master_password
{SSHA512}B0VHomJaMk6aLXOPglgNgJtCUA8JRnOweAwJxRW6NPWSNZ25rG/L6T05DJXH+t8WCQkemBilgkcEi6mq4Kadssivtts=

You can now pick up any username you like, for example, my_master_user@not-exist.com. Now add new master user in file /etc/dovecot/dovecot-master-users like below:

my_master_user@not-exist.com:{SSHA512}B0VHomJaMk6aLXOPglgNgJtCU...

Now you can access user@domain.ltd's mailbox (via either IMAP or POP3 protocol) as user user@domain.ltd*my_master_user@not-exist.com with password my_master_password with Roundcube webmail (it should work with other MUAs).

WARNING:

  • Make sure file /etc/dovecot/dovecot-master-users is owned by Dovecot daemon user and group, with file permission 0500, so that others cannot view the file content.

    • on Linux/FreeBSD, Dovecot daemon user/group is dovecot/dovecot.
    • on OpenBSD, Dovecot daemon user/group is _dovecot/_dovecot.

  • If you don't append a (non-exist) mail domain name in Dovecot Master User account, Dovecot will use the domain name of your login username. For example, if your real user is myuser@mydomain.com, when you try to access this user's mailbox as Dovecot Master User myuser@mydomain.com*my_master_user, it will trigger Dovecot to verify user my_master_user@mydomain.com which doesn't exist on your server, then this login attempt fails.

Troubleshooting

If it doesn't work for you, please enable debug mode in Dovecot and check its log file. If you don't understand what the log says, please create a new topic in our forum and paste related log:

References