How to set a dovecot master password to log into all mail accounts

plutocrat · Post by **plutocrat** » Mon Sep 30, 2019 5:44 am

I suggested this might be possible on another forum post about a different subject (viewtopic.php?p=79418), but just got around to looking at it.

So its actually not hard to do, and can be useful if you're administering a server with a lot of users. BUT. Consider the privacy implications before you do it. Setting this master password lets the owner in to EVERY mail account on the server. Not just per domain. Every account. So make sure all your users are OK with this before you go ahead and set it up.

First step is to change a couple of dovecot config files. These should be already present in your installation.
nano /etc/dovecot/conf.d/auth-master.conf.ext

Code: Select all

# Authentication for master users. Included from 10-auth.conf.
# Need to tell dovecot the separator to use
auth_master_user_separator = +
passdb {
  driver = passwd-file
  master = yes
  args = /etc/dovecot/master-users
  # Original line, pass=yes didn't work. Use this instead
  result_success = continue
}

Now, as the previous file suggests, we have to include that file from the main auth conf file
nano /etc/dovecot/conf.d/10-auth.conf

Code: Select all

disable_plaintext_auth = no
auth_verbose = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext
# Add line to include master-password config
!include auth-master.conf.ext

Next step is to create the password file referenced in args= above. We create (-c) the password file as SHA1 (-s)

Code: Select all

htpasswd -c -s /etc/dovecot/master-users masterusername

And now we need to systemctl restart dovecot

To test, you can either try to login with telnet (telnet localhost 143), or through roundcube, using the separator you specified above (+)
username => existinguser@domain.com+masterusername
password => masterpassword

plutocrat · Post by **plutocrat** » Mon Sep 30, 2019 6:32 am

For roundcube to work properly you may need to install this plugin. Haven't really tested it yet, but it seems to be required so that roundcube displays the correct login name, and loads the right preferences.

https://plugins.roundcube.net/packages/ ... mpersonate

BARV · Post by **BARV** » Mon Jun 20, 2022 2:32 am

Hello there,
Configured Dovecot + RoundCube in the same way and everything works like charm, but failing when try to send email logged as super user under someone's mailbox.

/var/log/roundcube/errors

[20-Jun-2022 04:20:22 +0200]: <5gg7al7l> SMTP Error: Authentication failure: Invalid response code received from server (Code: 535) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /webmail/?task=mail&_unlock=loading1655691620302&_lang=undefined&_framed=1&_action=send)

/var/log/exim4
2022-06-20 04:20:22 dovecot_login authenticator failed for localhost (%domain%) [127.0.0.1]: 535 Incorrect authentication data (set_id=info@%maildomain%.ru)

Does anybody know if it can be fixed, so that master user could send mails under other user's box?

Thanks for support in advance!

Vesta Control Panel - Forum