How to set a dovecot master password to log into all mail accounts
Posted: Mon Sep 30, 2019 5:44 am
I suggested this might be possible on another forum post about a different subject (viewtopic.php?p=79418), but just got around to looking at it.
So its actually not hard to do, and can be useful if you're administering a server with a lot of users. BUT. Consider the privacy implications before you do it. Setting this master password lets the owner in to EVERY mail account on the server. Not just per domain. Every account. So make sure all your users are OK with this before you go ahead and set it up.
First step is to change a couple of dovecot config files. These should be already present in your installation.
nano /etc/dovecot/conf.d/auth-master.conf.ext
Now, as the previous file suggests, we have to include that file from the main auth conf file
nano /etc/dovecot/conf.d/10-auth.conf
Next step is to create the password file referenced in args= above. We create (-c) the password file as SHA1 (-s)
And now we need to systemctl restart dovecot
To test, you can either try to login with telnet (telnet localhost 143), or through roundcube, using the separator you specified above (+)
username => [email protected]+masterusername
password => masterpassword
So its actually not hard to do, and can be useful if you're administering a server with a lot of users. BUT. Consider the privacy implications before you do it. Setting this master password lets the owner in to EVERY mail account on the server. Not just per domain. Every account. So make sure all your users are OK with this before you go ahead and set it up.
First step is to change a couple of dovecot config files. These should be already present in your installation.
nano /etc/dovecot/conf.d/auth-master.conf.ext
Code: Select all
# Authentication for master users. Included from 10-auth.conf.
# Need to tell dovecot the separator to use
auth_master_user_separator = +
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
# Original line, pass=yes didn't work. Use this instead
result_success = continue
}
nano /etc/dovecot/conf.d/10-auth.conf
Code: Select all
disable_plaintext_auth = no
auth_verbose = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext
# Add line to include master-password config
!include auth-master.conf.ext
Code: Select all
htpasswd -c -s /etc/dovecot/master-users masterusername
To test, you can either try to login with telnet (telnet localhost 143), or through roundcube, using the separator you specified above (+)
username => [email protected]+masterusername
password => masterpassword