89 lines
4.6 KiB
HTML
89 lines
4.6 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Dovecot Master User: Access user's mailbox without owner's password.</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="/index.html" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="dovecot-master-user-access-users-mailbox-without-owners-password">Dovecot Master User: Access user's mailbox without owner's password.</h1>
|
|
<p>iRedMail-0.8.6 and later releases have Dovecot Master User enabled for all
|
|
backends (OpenLDAP, MySQL/MariaDB, PostgreSQL) by default, what you need to do
|
|
is adding new master user.</p>
|
|
<p>iRedMail configures Dovecot to query master user accounts from config file
|
|
<code>/etc/dovecot/dovecot-master-users-password</code> (or <code>dovecot-master-users</code>) by
|
|
default, you can modify this file to add or remove master user.</p>
|
|
<p>The format is simple:</p>
|
|
<pre><code>username:password
|
|
</code></pre>
|
|
|
|
<p>You can generate a password supported by Dovecot first. for example, SSHA512.
|
|
Let's generate password hash for our password <code>my_master_password</code>:</p>
|
|
<pre><code># doveadm pw -s SSHA512
|
|
Enter new password: my_master_password
|
|
Retype new password: my_master_password
|
|
{SSHA512}B0VHomJaMk6aLXOPglgNgJtCUA8JRnOweAwJxRW6NPWSNZ25rG/L6T05DJXH+t8WCQkemBilgkcEi6mq4Kadssivtts=
|
|
</code></pre>
|
|
|
|
<p>You can now pick up any username you like, for example, <code>my_master_user@not-exist.com</code>.
|
|
Now add new master user in file
|
|
<code>/etc/dovecot/dovecot-master-users-passwords</code> like below:</p>
|
|
<pre><code>my_master_user@not-exist.com:{SSHA512}B0VHomJaMk6aLXOPglgNgJtCU...
|
|
</code></pre>
|
|
|
|
<p>Now you can access <code>user@domain.ltd</code>'s mailbox (via either IMAP or POP3
|
|
protocol) as user <code>user@domain.ltd*my_master_user@not-exist.com</code> with password
|
|
<code>my_master_password</code> with Roundcube webmail (it should work with other MUAs).</p>
|
|
<p>WARNING:</p>
|
|
<ul>
|
|
<li>
|
|
<p>Make sure file <code>dovecot-master-users-password</code> is owned by Dovecot
|
|
daemon user and group, with file permission <code>0500</code>, so that others cannot view
|
|
the file content.</p>
|
|
<ul>
|
|
<li>on Linux/FreeBSD, Dovecot daemon user/group is <code>dovecot/dovecot</code>.</li>
|
|
<li>on OpenBSD, Dovecot daemon user/group is <code>_dovecot/_dovecot</code>.</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<p>If you don't append a (non-exist) mail domain name in Dovecot Master User
|
|
account, Dovecot will use the domain name of your login username. For example,
|
|
if your real user is <code>myuser@mydomain.com</code>, when you try to access this user's
|
|
mailbox as Dovecot Master User <code>myuser@mydomain.com*my_master_user</code>, it will
|
|
trigger Dovecot to verify user <code>my_master_user@mydomain.com</code> which doesn't
|
|
exist on your server, then this login attempt fails.</p>
|
|
</li>
|
|
</ul>
|
|
<h2 id="troubleshooting">Troubleshooting</h2>
|
|
<p>If it doesn't work for you, please enable debug mode in Dovecot and check
|
|
its log file. If you don't understand what the log says, please create a new
|
|
topic in our forum and paste related log:</p>
|
|
<ul>
|
|
<li><a href="./debug.dovecot.html">Debug Dovecot</a></li>
|
|
<li><a href="http://www.iredmail.org/forum/">iRedMail online support forum</a></li>
|
|
</ul>
|
|
<h2 id="references">References</h2>
|
|
<ul>
|
|
<li>Dovecot wiki: <a href="http://wiki2.dovecot.org/Authentication/MasterUsers">Master users/passwords</a></li>
|
|
</ul><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<script type="text/javascript">
|
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
|
|
|
ga('create', 'UA-3293801-21', 'auto');
|
|
ga('send', 'pageview');
|
|
</script>
|
|
</body></html> |