65 lines
2.5 KiB
Markdown
65 lines
2.5 KiB
Markdown
# Dovecot Master User: Access user's mailbox without owner's password.
|
|
|
|
iRedMail-0.8.6 and later releases have Dovecot Master User enabled for all
|
|
backends (OpenLDAP, MySQL/MariaDB, PostgreSQL) by default, what you need to do
|
|
is adding new master user.
|
|
|
|
iRedMail configures Dovecot to query master user accounts from config file
|
|
`/etc/dovecot/dovecot-master-users-password` (or `dovecot-master-users`) by
|
|
default, you can modify this file to add or remove master user.
|
|
|
|
The format is simple:
|
|
```
|
|
username:password
|
|
```
|
|
|
|
You can generate a password supported by Dovecot first. for example, SSHA512.
|
|
Let's generate password hash for our password `my_master_password`:
|
|
```
|
|
# doveadm pw -s SSHA512
|
|
Enter new password: my_master_password
|
|
Retype new password: my_master_password
|
|
{SSHA512}B0VHomJaMk6aLXOPglgNgJtCUA8JRnOweAwJxRW6NPWSNZ25rG/L6T05DJXH+t8WCQkemBilgkcEi6mq4Kadssivtts=
|
|
```
|
|
|
|
You can now pick up any username you like, for example, `my_master_user@not-exist.com`.
|
|
Now add new master user in file
|
|
`/etc/dovecot/dovecot-master-users-passwords` like below:
|
|
|
|
```
|
|
my_master_user@not-exist.com:{SSHA512}B0VHomJaMk6aLXOPglgNgJtCU...
|
|
```
|
|
|
|
Now you can access `user@domain.ltd`'s mailbox (via either IMAP or POP3
|
|
protocol) as user `user@domain.ltd*my_master_user@not-exist.com` with password
|
|
`my_master_password` with Roundcube webmail (it should work with other MUAs).
|
|
|
|
WARNING:
|
|
|
|
* Make sure file `dovecot-master-users-password` is owned by Dovecot
|
|
daemon user and group, with file permission `0500`, so that others cannot view
|
|
the file content.
|
|
|
|
* on Linux/FreeBSD, Dovecot daemon user/group is `dovecot/dovecot`.
|
|
* on OpenBSD, Dovecot daemon user/group is `_dovecot/_dovecot`.
|
|
|
|
* If you don't append a (non-exist) mail domain name in Dovecot Master User
|
|
account, Dovecot will use the domain name of your login username. For example,
|
|
if your real user is `myuser@mydomain.com`, when you try to access this user's
|
|
mailbox as Dovecot Master User `myuser@mydomain.com*my_master_user`, it will
|
|
trigger Dovecot to verify user `my_master_user@mydomain.com` which doesn't
|
|
exist on your server, then this login attempt fails.
|
|
|
|
## Troubleshooting
|
|
|
|
If it doesn't work for you, please enable debug mode in Dovecot and check
|
|
its log file. If you don't understand what the log says, please create a new
|
|
topic in our forum and paste related log:
|
|
|
|
* [Debug Dovecot](./debug.dovecot.html)
|
|
* [iRedMail online support forum](http://www.iredmail.org/forum/)
|
|
|
|
## References
|
|
|
|
* Dovecot wiki: [Master users/passwords](http://wiki2.dovecot.org/Authentication/MasterUsers)
|