Hi,
I am trying to create an authenticated relay server using Postfix and Dovecot.
However I am having two problems :
(a) If I create a dovecot config entry as follows :
unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
}
Dovecot is unable to create the socket ? I thought surely if dovecot is
started as root it should create the socket before dropping privileges ?
(b) The alternative method of TCP SASL is not working either:
250 DSN
ehlo localhost
250-foobar.example.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN <none_of_your_business>
535 5.7.8 Error: authentication failed:
and in the logs...
2018-10-11T10:17:40.491483+01:00 X postfix-authrelay/smtpd[18312]: warning:
X[X]: SASL PLAIN authentication failed:
####
#### postconf
####
>postconf -a
cyrus
dovecot
> postconf -c /etc/postfix-authrelay | fgrep sasl
broken_sasl_auth_clients = no
cyrus_sasl_config_path =
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps
$smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions
$smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions
$smtpd_recipient_restrictions
$address_verify_sender_dependent_default_transport_maps
$address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps
$fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps
$lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps
$mailbox_command_maps $mailbox_transport_maps
$postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps
$sender_dependent_default_transport_maps $sender_dependent_relayhost_maps
$smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps
$smtp_sasl_password_maps $smtp_tls_policy_maps
$smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps
$virtual_uid_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
$address_verify_map $postscreen_cache_map
send_cyrus_sasl_authzid = no
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = inet:localhost:7425
smtpd_sasl_security_options = noanonymous
smtpd_sasl_service = smtp
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
####
#### DOVECONF
####
> doveconf -n
# 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.1 (d9bc6dfe)
# OS: Linux 4.12.14-lp150.12.19-default x86_64
# Hostname: test.example.com
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
service auth {
inet_listener {
address = 127.0.0.1
port = 7425
}
inet_listener {
address = ::1
port = 7425
}
# If I disable this, dovecot loads fine, but the tcp auth is unusable ?
# If I enable this, dovecot is unable to create the socket ?
# unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
# group = postfix
# mode = 0666
# user = postfix
# }
}
ssl = no
ssl_cipher_list =
ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
